Job Description We are currently recruiting for an IT Security Analyst, working across all Culina Group business units. As part of a growing team responsible for securing Culina Group’s IT estate and information. The successful candidate will play a key role in improving our security policies, procedures and technologies, working closely with stakeholders and partners to protect against security threats. If you don’t currently have all the experience to cover each of the responsibilities listed below then don’t be put off, we are interested in candidates who already have some IT security or IT audit/risk experience, who is keen to develop their skills and grow with our rapidly changing and diverse business. Main Responsibilities Manage our user security education awareness and testing platform. Develop and issue security advisory guidance to raise end user security awareness. Develop and maintain a wide range of security policies, procedures and standards. Maintain IT risk registers for each of our businesses, including tracking remediation activities. Produce monthly security dashboards to be shared with senior management and drive continuous improvement. Perform security audits of processes and technologies to ensure compliance with standards and risks are managed. Develop effective working relationships with key stakeholders including the Security team, our SecOps (Security Operations) team, our outsourced SOC/SIEM provider and other colleagues across IT and operational teams. Represent the Security team on projects and other new developments to ensure security is ‘designed in’ at the earliest stages. Monitor and respond to requests for help or incident reports, addressing queries/requests and escalating to other team members where appropriate. Investigate alerts issued by the SOC and escalate where appropriate. Review and address tickets assigned by the IT Service Desk to the Security team, escalating where appropriate. Coordinate the work of third party service providers to ensure they deliver requirements on time and to an acceptable standard. Provide incident response support / investigation, including mitigating actions to contain activity and facilitating forensics analysis when necessary. Assist with ensuring compliance across the business with the General Data Protection Regulation, Data Protection Act and Computer Misuse Act.