Information Security Risk Analyst

Purpose

As an Information Security Risk Analyst, you will be responsible managing cyber security risks, supporting policies and procedures, and help maintain a security-by-design approach to new projects and business initiatives.

You will act as a bridge between the technical Information Security Analysts, and the company's ongoing drive to update its internal policies, procedures, and implement a risk platform which makes the ever-changing risk profile visible to the Senior Management Teams.

This is also an excellent opportunity for an individual experienced in Information Security risk management to gain exposure to and support security operations. You will also help support the security systems in place at the company, triage alerts, and investigate incidents supported by the existing Information Security Analyst and Head of Information Security.

There will be significant collaboration with other areas of IT and the wider business.

Key Accountabilities

• Work closely with project teams to ensure new initiatives align with our Information Security and Compliance requirements, making recommendations and providing solutions, as necessary.
• Assist in the continued development of our Risk Management, security assurance and ISO27001 processes.
• Manage and maintain our Information Security Systems
• Monitor and respond to security alerts and incidents

Profile

• Excellent communicator, comfortable with discussing cyber security principles, risks, and controls with senior stakeholders.
• Experienced in implementing, managing, and maintaining security controls throughout all areas of a large organisation. Preferably in-line with ISO27001, PCI, and NCSC guidance.
• Good understanding of security systems and principles.
• Ability to review new solutions, systems, software, and apply pragmatic security controls to reduce risks to an acceptable level. Where this is not possible, the individual should be able to articulate these risks to the business.
• A wide technical IT experience with a deep enough understanding of IT technologies to be able to work in areas not yet familiar with.
• Positive can-do attitude with the ability to self-research.

Role Competencies

• Working knowledge of risk management principles.
• Knowledge of security controls under ISO27001, PCI requirements, and general security best practice.
• Strong technical knowledge across a wide range of systems:
• Windows Server/10
• Networking principles
• SaaS based applications
• Working knowledge of Microsoft Azure, preferably AZ-500 certified.