Information Security Analyst

London, South East England
10 Jul 2017
08 Aug 2017
Contract Type
Full Time
Information Security Analyst
£35,000 - £45,000 + perm benefits

A leading financial banking client is currently recruiting for a Information Security Analyst to join the banks information security team. This is a brand new role which the bank has decided to hire and the successful information security analyst will be required to identify cyber attacks, investigate complex networks, manage vulnerabilities and understand exploitation. You will be expected to identify, document, manage report, security policies, risk management, auditing, incident response, monitoring, vulnerability management and third party vendors alongside manage internal security projects and operations.

*Maintain the Bank ISO 27001 certification and assist during the surveillance audit.
*Understanding of information security principles, including regulatory, legislative and industry practices
*Review and maintain the Banks information security policies
*Daily monitoring/reporting security systems, and responding to security incident alerting
*Take the lead on projects involving penetration testing, vulnerability assessments other security audits
*Keep abreast of current threats and provide assessment of Bank's security against them
*Develop and maintain our IT security procedures
*Take part in the Info Sec committee meetings
*Evaluate new security tools to monitor and protect the Bank's network infrastructure
*Be a technical resource to the developers during the software lifecycle to ensure code and review architectural and design outline documents, Network Diagrams, Data Flow Diagrams and final project sign off from a security perspective
*Establish and maintain the access control matrix for the users
*Provide training and awareness to staff members
*The role is multi-skilled and it is expected that a level of competence and support for all other IS-owned systems will be garnered over time.
*Evaluate and test security products, applications and design

Knowledge & Experience
*Strong current knowledge of ISO 27001 and DPA
*Knowledge of SSDLC and OWASP application security testing
*Knowledge of security penetration testing and tools and methodologies
*Understanding of TCP/IP and knowledge of the OSI model with networking concepts
*Experience in Information Security areas like malware, threats profiling , APT , and vulnerability management
*Experience in assisting and handling Computer Security Incident Response
*Broad understanding of IT concepts and architectures including Cloud, BYOD, Mobile Device Management, Agile Working etc
*Subject matter expert (SME) in the following areas such as Windows, firewalls, intrusion detection, threat detection analysis, or computer incident handling and forensic, DDoS, managing 3rd party security
*Demonstrated ability to be reliable and flexible
*Excellent written and verbal communication and organisational skills

Desirable knowledge:
*3-4 year experience in Information Security Management System
*Computer Science / Information Security degree or equivalent experience in cyber / information security
*ISO 27001:2013 Lead Auditor certification
*Cybersecurity Nexus | CSX Practitioner Certification or CEH or equivalent

Spring Technology is acting as an Employment Business in relation to this vacancy.

Spring Technology is an Equal Opportunities employer; we welcome applicants from all backgrounds.