IT Security Compliance Analyst
Job Title: IT Security Compliance Analyst Glenrothes Raytheon UK has an opportunity for a security professional to fill the role of IT Security Compliance Analyst within the Delivery Assurance and Risk Management team, a component of RSL’s IT function. The IT function is responsible for the delivery of core support services to all Raytheon UK based divisions to successfully enable operational business and operational delivery. Under the supervision of the Senior IA Manager, the analyst will assist in managing IT compliance to Cyber Essentials (Plus) and Sarbanes Oxley (SOX), primarily through the use of the National Institute of Standards and Technology (NIST) control set. In doing so, the analyst will support the IT Leadership Team in achieving and maintaining compliance requirements placed on the department whilst suggesting potential improvements to service and system owners. The analyst will manage a diverse workload within a fast-paced IT environment, provide assurance to a range of external and internal customers and interface with different levels of the leadership team (incl. C-level professionals). Main Duties: Ensure System Security Plans, produced by application and systems owners for “in-flight” projects adhere to the control requirements listed in the NIST control set. Plan and conduct SOX audits against existing infrastructure and applications, ensuring audit reports are provided to the IT Leadership and US compliance teams in a timely manner. Under the supervision of the Senior IA Manager, ensure the Risk Management and Accreditation Documents Sets (RMADS) are maintained in accordance with the customer requirements. Author IT security artefacts required to satisfy Information Assurance Standard (IAS) 1 and 2. Provide SME advice on Information Assurance (IA) matters pertaining to the Defence Cyber Protection Partnership (DCPP); ISO 27001 and Joint Service Publication (JSP) 440. Input security recommendations to technical design reviews ensuring that legal, regulatory and compliance requirements are engineered in from the outset. Assist the operational security team in ensuring vulnerability assessments are correctly scoped, scheduled and conducted with an agreed, time-bound and actionable remediation plan. Review and approve security change requests within the helpdesk system. Candidate Requirements: Bachelor’s degree in the field of Information Security (IS) or related discipline. Alternatively, 2-3 years demonstrable experience in the field of IS, compliance or risk management. Industry relevant qualification (i.e. CISSP, CISA, CISM or ISO 27001 Auditor). Demonstrable experience in auditing against NIST 800-53 and NIST 800-171 controls. In-depth understanding of SOX compliance and the potential consequence of non-compliance. In-depth understanding on how security risks can impact an organisation. Able to adapt quickly to shifting priorities, demands and timelines using strong analytical and problem solving skills. Strong ability for independent work as well as team coordination across multiple levels of staff. Experience writing and maintaining policies, procedures and compliance documentation. SC clearance or the ability to become SC cleared. Experience of working in MOD and/or other Government departments. Raytheon Career Development: Raytheon has a wealth of resources available to help you develop your career from the moment you join. Activities range from on-line learning modules, to external training and support for taking professional qualifications relevant to your role. Standard Benefits: · 25 days holiday + statutory public holidays · Contributory Pension Scheme (up to 10.5% company contribution) · 6 times salary ‘Life Assurance’ · Flexible Benefits scheme with extensive salary sacrifice scheme’s. · Enhanced sick pay scheme · Enhanced Family Friendly Policies, including enhanced Maternity & Shared Parental leave. · 37hr working week, with an early finish Friday (hours may vary depending on role, job requirement or site specifics arrangements). Flexible working arrangements may be considered depending on the role and subject to line manager approval. · Canteen facilities available at Harlow & Glenrothes sites with free snacks & drinks (hot & cold) available at others Diversity: Diversity is a core business imperative at Raytheon. We are an equal opportunity employer that promotes inclusiveness and always employs the best professionals for the job. Having a diverse workforce allows Raytheon to draw upon a range of different ideas and experiences which supports growing our business and creates an environment where everyone has an equal opportunity for success. Raytheon UK pro-actively encourages diversity of ideas, thoughts, and networking opportunities and has created Employee Resource Groups (ERGs) including Raytheon Women's Network, YesNet (Young Employees Success Network), D&I counsel, Reservist Network etc and all Raytheon employees are welcome to participate regardless of their background.