Information Security Analyst - Product Assurance
Join to apply for the Information Security Analyst - Product Assurance role at ACCA Careers
Overview
In a nutshell: As an Information Security Analyst in the Data Governance and Information Security Team, you will be working within the Product Assurance team responsible for ensuring our Engineering and Development communities are building and maintaining secure products through their entire lifecycle. You will continually review our security posture and set the direction on how best to make improvements in line with the evolving threat landscape and core business objectives.
Responsibilities
* Work in a flexible, agile manner within Engineering Families, whilst maintaining appropriate levels of challenge and governance.
* Ensure security is built in by design; products are delivered securely with client and employee data appropriately protected.
* Define Security Non-Functional Requirements for each project and ensure that they are fulfilled prior to going into service, applying the relevant technology standards to specific projects.
* Liaise with the Information Security Testing Team to ensure that Ethical Hacking, Code Reviews, Application Scanning, and Infrastructure Scanning are conducted.
* Provide end-to-end assurance of IT products across the Group, throughout their lifecycle, providing approvals where appropriate.
* Articulate risk in technical and non-technical terminology so that it can be interpreted by IT and Business individuals alike.
* Identify, assess, and manage strategic, operational and emerging risks affecting the Cloud and Data, and articulate, quantify and monitor risks according to risk appetite.
* Build and maintain strong senior stakeholder relationships within technology and the business to understand security risk and drive robust risk-based decision making.
* Effectively articulate technical issues to business units and engineering teams.
* Liaise with third-party strategic partners and providers who support the organisation.
What you need to know and show
* Proven experience demonstrating technical understanding of security to ensure systems are designed and built securely and to help continually improve our security posture.
* Appreciation of containerisation technologies such as Docker, Kubernetes, etc.
* Fundamental knowledge of logging, monitoring, load balancing/proxies and API gateways.
* Fundamental knowledge of GitHub, Jenkins & Jira.
* Basic knowledge of the OWASP Top 10, Mitre ATT&CK, NIST frameworks, PCI-DSS and Cyber Kill Chain.
* Fundamental understanding of PAM, EDR, AV, IPS, SIEM, WAF and DLP technologies.
* The ability to verify solutions and gain assurance that they are fit for purpose through demonstrable evidence of controls and testing.
* Strong understanding of the changing threat landscape and how this may affect our systems.
* The ability to challenge concerns and report through appropriate channels.
* Self-drive, motivation and the ability to work independently to deliver expected outcomes.
* In-depth understanding of data and security risks in a large enterprise.
* Risk & Vulnerability Management experience and understanding of Risk & Vulnerability Management Frameworks.
* Strong analytical and report writing skills.
* Experience with serverless cloud technologies such as AWS storage and Lambda functions.
Desirable Qualifications
* One or more of the following: CompTIA Security+, Network+, Linux+, Cloud+, Data+, DataSys+.
* CSA CCSK / CCAK
* AWS Certified Security
* Microsoft Azure Security Engineer Associate
* (ISC)² CISSP / CCSP / SSCP
* ISACA CISA / CISM / CRISC / CGEIT
* MSc. Information/Cyber Security
Benefits
* Colleague discount across multi-brands (Sainsbury’s, Argos, TU Clothing and Habitat)
* Holiday allowance
* Bonus scheme
* Pension plan
* Special offers on gym memberships, restaurants, holidays, retail vouchers and more
* Employee wellbeing programs and other benefits such as season ticket loans and health plans
Additional information
* Seniority level: Mid-Senior level
* Employment type: Full-time
* Job function: Information Technology
* Industries: Accounting
Note: This description is based on the information provided and reflects the responsibilities and qualifications for the Information Security Analyst - Product Assurance role at ACCA Careers.
#J-18808-Ljbffr