About SLCStudent Loans Company is a non-profit making Government-owned organisation set up in 1989 to provide loans and grants to students in universities and colleges in the UK. We are responsible for student support delivery in the UK.Our PurposeOur Purpose is to enable our customers to invest in their futures by delivering secure, accurate and efficient assessment, payment and repayment services.Our VisionSLC will deliver outstanding digital products and services to its customers and stakeholders and will respond effectively, quickly and flexibly to the demands of ministers and policymakers at the Department for Education and the devolved administrations.Job DetailsOverview of department:The post holder will sit within the Technology Group (TG) Security team focussed on ensuring that SLC technical infrastructure at all levels and all stored data is fully safeguarded against threats and attack.Job Purpose:The security analyst will be responsible for monitoring security tools to detect security events. The role holder will have exceptional communication and inter-personal skills.Key responsibilities:
- Working within the Information Security Operations team you will take an active role in the configuration and maintenance of a diverse range of security tools; be an advocate for Information Security across multiple business units and ensure that systems are compliant with internal and government security standards.
- Monitor security tools to detect security events & incidents; Report and escalate any security breaches to the Information Technology Security Officer
- Operate vulnerability scanning and compliance tools to identify system weaknesses and liaise with other IT to co-ordinate remedial actions.
- Monitor the changing threat landscape to identify and report emerging threats and issues; Assess the impact of emerging vulnerabilities and manage teams to co-ordinate appropriate remedial actions.
- Enhance technical security process and procedures ensuring alignment to the corporate security policy.
- Represent IT Security matters at technical and business forums;
- Provide guidance and support to technical teams on security standards and industry best practice
- To be a security representative or point of contact for all technical deliveries, initiatives and project implementations.
- To develop technical processes, procedures and standards and promote compliance in line with Government security (i.e. HMG Security Policy Framework (SPF) and Infosec Standards), corporate policies and corporate or local procedures and legal and international security standards (i.e. ISO27001, COBIT),
- Assess technical security risks in terms of impact to systems and service confidentiality, integrity and availability, and report and escalate results of risk assessments.
- Report any real or potential security breaches / vulnerabilities to the Senior Security Analyst and provide technical support and leadership to technical teams during incident response
- Produce, review and constantly evaluate effectiveness and efficiency of technical security controls, standards and procedures in line with security requirements, business needs, delivering enhancements where applicable.
- Assist in the provision of designs and technical solutions in support of corporate security policies and external standards.
- Specification and design of automated security monitoring tools and, in conjunction with the technical teams, support the installation, configuration of such tools and assist in maintenance and monitoring activities.
- Active sponsor of continuous process improvement in relation to security matters.
- Provision of consultancy, advice and guidance to teams involved in the design, development and delivery of SLC products and services.
- Contribute to the creation and maintenance of Risk Management Accreditation Document Sets for appropriate systems and on occasion lead ICT input to these.
- Be a focus point for security advice and consultancy on a day to day basis.
- Actively monitor security tools deployed within the SLC (anti-virus, configuration control, vulnerability management, end point security), escalate issues, assist with remediation and maintain these systems.
- Provide guidance as to security requirements for technical proposals and technical specification documents, in relation to security controls.
- Assist the Senior Security Analyst in technical investigations as a result of a security incident.
This job was originally posted as www.totaljobs.com/job/81669350