Department:
Technology Salary (£): £, to £, Information Security Risk and Compliance Analyst
Here in Technology our mission is simple – deliver and maintain secure and stable IT services, maximising value to our business.
Dig a little deeper and you will find a living, breathing department, of highly talented individuals and teams, buzzing with energy, ideas, and enthusiasm. Our teams are always interested in learning new, innovative, and exciting ways for us to aid our business colleagues, and ultimately our customers experience.
Collectively, we provide a critical national infrastructure to millions of customers in our region, so the only question is why wouldn't you want to be part of that?
If you want to do more because you care, we’d love to talk to you. There really is something for everyone here.
EVERYTHING YOU NEED TO KNOW
We provide a critical national infrastructure to millions of customers in our region. This makes us a high-profile target for cyber-attacks on our IT systems, which if successful, could have disastrous consequences for our customers, colleagues, and the communities we serve.
Our Information Security team do a wonderful job in protecting the business, its people, and customers from these daily threats, and we have an opportunity for you to join us as an Cyber Security Supply Chain Analyst.
In this role, you’ll be key to identifying, analysing, and reporting on the cyber posture of our suppliers.
You’ll be actively involved in assessing and managing Information Security risk in relation to the procurement and ongoing assurance of our supply chain. You’ll conduct and manage security assessments through review and assessment of artefacts and questionnaire responses. You’ll also be building penetration test scopes for a variety of use case from web applications and API’s to end user compute device testing and working to remediate findings internally and with our suppliers. You’ll own these assessments throughout their lifecycle, providing technical knowledge and insights to aid the risk treatment. You’ll be required to have strong communication, stakeholder management and negotiation skills, being able to provide clear and concise updates to stakeholders and external suppliers.
Your key accountabilities will include:
1. Liaising with our supply chain to identify, analyse, and report on their cyber posture
2. Review policy and standard artefacts submitted for review by suppliers
3. Be able to clearly articulate the importance contract clauses with suppliers and confidently negotiate the best position for Severn Trent.
4. Using clear communication skills to report on various KPIs compliance obligations to appropriate Severn Trent governance groups
5. Identifying and managing Information Security risk, aligning with control frameworks such as NIST and CIS
6. Scoping and managing security testing to OWASP Top
7. Review, test, and monitor control effectiveness.
8. Build strong relationships within the business and have engaging conversations with our supply chain on Information Security initiatives & threats.
9. Promote Secure by Design and promote visibility of testing services available.
10. Collaborating and embedding yourself both across wider technology department and the core business to drive continuous improvement.
WHAT YOU’LL BRING TO THE ROLE
You’ll join the team with experience in Information Security and be passionate about the field, keeping up to date with emerging threats and technologies.
To be successful, you’ll need experience of managing control frameworks and working within a regulated environment, with knowledge of regulatory standards such as GDPR, NISR, PCI DSS. You should also have experience in managing Supply Chain Information Security risk and security testing, along with an in-depth knowledge of control frameworks and how they can be effectively applied to manage risk.
You’ll need to have excellent communication skills and be able to influence decision making with internal and external stakeholders. You’ll be able to clearly articulate identified risks and negotiate an improved position which will enhance the security of Severn Trent.
We welcome people from all walks of life and celebrate individuality as we know diverse minds, experiences and backgrounds help us to learn and better serve our communities. We want people who show up and get involved. Those who are ready to be part of something bigger and who want to make a difference because they care.
WHAT’S IN IT FOR YOU
Working here isn’t just a job. You can build a career at Severn Trent. We’ll reward you for it, too. We have a range of benefits that recognise great work, and award-winning training to help you reach your potential. And we’ll also help you play your part in looking after the environment and the communities where we live.
With that in mind, here are just some of our favourite's perks that you’ll get being part of the Seven Trent family:
11. days holiday + bank holidays (and the ability to buy/ sell up to days per year)
12. Annual bonus scheme (up to £, based on company performance and subject to eligibility)
13. Leading pension scheme – we will double your contribution (up to % when you contribute ;
14. Sharesave – the chance to buy Severn Trent Plc shares at a discounted rate
15. Dedicated training and development with our Academy
16. Electric vehicle scheme and retail offers
17. Family friendly policies
18. Two paid volunteering days per year