Associate Information Security Analyst (AISA)
App developers, stores and payment providers cross the threshold into the Bango ecosystem to converge, grow and thrive.
By bringing businesses together and powering e-commerce with unique data-driven insights, Bango delivers new business opportunities and new dimensions of growth for customers around the world. Being inside the Bango circle means global merchants including Amazon, Google and Microsoft can work together with payment partners from Africa to the Americas, accelerating the performance of everyone on the inside.
Bango. Think inside the circle.
The Role L2: Associate
At Bango, the Associate Information Security Analyst (AISA) reports to the Director of Infosec and assists with managing the Information Security policies, ensuring that Bango complies with ISO27001.You will help to design, deploy, and manage security controls that support the information security strategy and will assist in evaluating and implementing security solutions and tools.
If an incident occurs, you will help with problem-solving, communications, and root cause analysis, including finding and logging evidence to assist with the creation of formal reports.
As AISA, you will work closely with other Bango functions and participate in our Security Ambassadors program, helping keep all functions updated on changes in policy and process. you will also work with external suppliers to help define and deliver third-party services.
You will be someone interested in Security and will proactively maintain awareness and knowledge of the latest threats, trends, and best practices, using this knowledge to inform Bango on developments in the industry.
Responsibilities
* Conducting Risk Assessments: Assist in identifying and evaluating potential security risks and vulnerabilities within the Bango information systems and processes. This includes reviewing existing controls, analyzing threats, and recommending risk mitigation measures.
* ISO 27001 Compliance: Support implementing and maintaining ISO 27001 standards within the organization. This involves assisting with developing security policies, procedures, and controls, conducting internal audits, and ensuring compliance with ISO 27001 requirements.
* Security Incident Response: Collaborate with the incident response team to investigate and respond to security incidents, including analyzing security logs, conducting forensic investigations, and implementing remedial actions to prevent similar incidents.
* Security Monitoring and Analysis: Monitor security systems, such as intrusion detection systems (IDS) and security information and event management (SIEM) tools, to identify and respond to potential security breaches or anomalies. Assist in analyzing security logs, conducting vulnerability assessments, and recommending improvements to enhance the organization's security posture.
* Security Awareness and Training: Contribute to developing and delivering security awareness programs and training materials for employees. Help educate staff on information security best practices, policies, and procedures, promoting a security-conscious culture within the organization.
* Security Documentation: Assist in the creation and maintenance of security-related documentation, including policies, procedures, guidelines, and technical specifications. Ensure that documentation is up-to-date, accurate, and accessible to relevant stakeholders.
* Security Audits and Assessments: Support internal and external security audits and assessments. This involves participating in audit activities, gathering evidence of compliance, addressing audit findings, and implementing corrective actions.
* Vulnerability Management: Assist in identifying and remediating security vulnerabilities through vulnerability scanning and management processes. Help track and prioritize vulnerabilities based on their severity and potential impact and collaborate with relevant teams to ensure timely remediation.
* Security Controls Implementation: Collaborate with IT teams to implement security controls based on industry standards and best practices. This may involve assisting with configuring and managing firewalls, intrusion prevention systems (IPS), access controls, encryption mechanisms, and other security technologies.
* Security Metrics and Reporting: Contribute to the collection, analysis, and reporting of security metrics to measure the effectiveness of security controls and identify areas for improvement. Prepare regular reports on security incidents, compliance status, and overall security posture for management and stakeholders.
Essential Experience
* Awareness of core information security concepts and principles.
* Understanding of industry standards and regulations and their importance.
* Knowledge of relevant legislation, data compliance frameworks, corporate governance, quality assurance, and risk
* Experience with vulnerability scanning tools/vulnerability management.
* First-class written and verbal communication skills
* Ability to learn and a demonstrable enthusiasm and passion for cyber security.
* Proven track record of learning new technologies, including business-specific software.
* Level head, calm and clear thinking, open-minded and flexible
Desirables
* Some knowledge of security and control frameworks, such as ISO 27001, PCI DSS, CobiT, and ITIL
* Some basic knowledge of regulatory frameworks, such as GDPR, UK Data Protection Act
* Cloud computing concepts and service models (e.g., IaaS, SaaS)
* Knowledge of Windows and Linux operating systems and Windows server DNS, AD, AAD
* An understanding of foundational networking principles (e.g., IPV4, IPv6, TCIP/IP, DNS etc.)
* Experience in performing maintenance, monitoring, and optimization.
* Formal report writing experience.
Location
* Cambridge, UK
Benefits
* A friendly, informal working environment
* Your own Bango buddy - to help you settle in
* Bendi-time (flexible working hours)
* Bango social events
* Choose your own headphones, keyboard & mouse
* Generous share option scheme
* Private Medical Insurance
* Health Cash Plan
* 25 days holiday a year increasing to 28 days with 4 years' service
* Cycle to work, gym discount
* Weekly onsite Pilates and Yoga classes
* Financial support for employee activity groups and charitable activities
* Free fruit, drinks and snacks, limitless tea, coffee and good quality espressos
* Company branded hoodie… to keep you happy and comfortable
* Group personal pension scheme
* Life assurance
* Employee Assistance Program
* 1Password
* Income Protection
* Bango branded Chilly’s bottle and coffee cup
Please read our Privacy Policy below before proceeding to Application
Privacy Policy.pdf
Associate Information Security Analyst (AISA)
#J-18808-Ljbffr