Group Security Analyst

05 Oct 2017
02 Nov 2017
Contract Type
Full Time
The Group Security Analyst reports to the Group Information Security Manager and delivers insight and analysis to enable continuous improvement in security. The role also ensures that all procedures and work practices are documented and maintained while providing support to peers on technical solutions and quality assurance, and contribute to the knowledge and skill set of the overall team. The Group Security Analyst is the administrative backbone of the Security team, managing the review and sign-off of new and updated security policies, overseeing and triaging new requests, managing the group security mailbox, documenting output from meetings and tracking actions to completion. Security & Risk Analysis Security Report Handling and Initial Analysis/Triage, including output from Vulnerability Management tools and assessments, assigning ownership for remediation and prioritising action on risks identified. Managing the regular technical testing engagements with third parties. Providing User Account validation, ensuring alignment with the Joiners, Movers and Leavers Process. Provide a focal point for new threat/risk information, performing initial investigation into new threats and disseminating information to the team for review. Work closely with Analysts within the Group IT Team, including validating data received from Group IT, confirming that the data is accurate, identifying possible SLA impact and report findings to the rest of the team. Operational Security Manage the update and review process for security policies and procedures, including managing the sign-off of documentation, policy exceptions and dealing with approved/prohibited/unsupported software. User Account Security, working closely with Group IT and their third parties to ensure that a regular review and clean-up of user accounts is performed, including identifying unused/dormant accounts and identifying exceptions. Issue user accounts and access tokens to internal users and approved third parties, ensuring that all necessary approvals are in place. Ensure that issued accounts remain valid. Manage the control of Removable Media and USB sticks, ensuring that the process for their issue and use is followed and identifying events which might indicate possible misuse. Security Information Management Own and manage the flow of information into and out of the security team. This includes management of the Group Security Task ID (shared mailbox), responding to and providing initial triage of requests, and dissemination to most appropriate team member for action. Manage and schedule Group Security meetings, create the agendas for the meetings, manage responses, record minutes and actions and manage the completion of actions with those responsible. Maintain and manage the Group Security Logs and Registers, including actions log, risks register and policy exceptions. Manage sign-off of risks and actions by the appropriate individual(s). Manage actions on the security team from other departments, teams and sites. Identify opportunities to create efficiencies in the operation of the Group Security team and propose these as improvements to current working practice. Governance, Risk & Compliance Own and manage the Security and Risk toolsets, including the Governance, Risk and Compliance tool. Assist in developing new frameworks to better manage information within the toolsets and assist in the management of risk assessment information. Manage and update Information Risk Dashboard, ensuring that it is prepared for management review. Ensure Risks & Incidents are reflected in the global risk and incident tools correctly and as appropriate. Work with the Internal Audit team to manage internal & external audit schedules, arrange audit sessions with other parties as necessary and disseminate actions as appropriate. Vocational Qualifications A higher education qualification in information systems with a security related discipline, or experience in an appropriate role. Security or Information Management Qualifications preferred. SC Cleared or can attain it
This job was originally posted as