Information Security & Risk Analyst

via resource
16 Feb 2017
16 Mar 2017
Contract Type
Full Time

Our client, a leading utilities organisation, are looking for a Security & Risk Analyst to maintain the control status of our security dashboard providing assessments of emerging threats, you will be responsible for ensuring the organisation has a robust, secure perimeter whilst ensuring their defence in depth remains active. Alongside the technical security aspects of the role, the Security & Risk Analyst will be supported in areas of Governance, Risk & Compliance further developing their career and broadening their security knowledge.

This role would suit someone from a SOC background looking to move into a broader Information Security position.

Key Responsibilities for the Security & Risk Analyst

  • Monitoring and maintaining the operational security dashboard within the organisation
  • Maintaining the security tools used in the proactive defence of the organisations systems
  • Undertake proactive monitoring of security tools, highlighting and remediating any incidents
  • Investigating incidents and remediating as required in line with the organisations incident response plan
  • Able to work well with all levels of the business, to effectively, quickly and concisely convey complex security messages
  • Assist the ISMS & Risk Manager to create, implement and maintain security controls and processes aligned to ISO27001 and the organisation’s ISMS
  • Maintain and write clear standards and technical security processes
  • Assist managers in the ongoing security of their global organisation
  • Assisting seniors with training and awareness activities
  • Undertake risk assessments for internal projects as required
  • The role will be a 70/30 split between operational security & GRC

Key Skills and Experience for the Security & Risk Analyst

  • An understanding of a wide range of security tools including Sophos, DLP tools, Websense etc
  • A broad understanding of Operational Security
  • Familiarity with Incident Response/Management
  • An understanding of IT technologies including Unix, Windows, Active Directory etc
  • An understanding of cloud technologies such as AWS or Azure would be useful
  • Forensics experience useful
  • Certifications such as CISSP or CEH are highly desirable and candidates should be able to exhibit an interest in developing themselves and their careers