Senior Information Security Analyst Job Description POSITION INFORMATION Department Global Security Reports To Head of Information Security UK Work Location Chorley - Hybrid Hours of Work 37.5 Position Type Full-Time Rate Type Salary Grade 5 SUMMARY We are an innovative and market-leading software & services company based in Chorley serving clients in the utility sector ranging from new entrants to large existing suppliers. We deliver sophisticated software solutions and managed services in a Private Cloud infrastructure, servicing both traditional and modern real-time, smart energy clients. We operate a Hybrid working policy so you will be able to flex between working in the office and your home location to carry out this role, but during your initial training period the need to be in office with other team members will be essential. While this position is full-time, we are open to discussing flexible working patterns that accommodate individual needs. If you require flexibility in your work schedule, please let us know during the application process, and we will do our best to accommodate your needs. The Senior Information Security Analyst role is to maintain the security of all data and systems in the ESG environment. The Senior Security Analyst must leverage an in-depth understanding of cyber security threats, technologies, be a technical security expert, and be able to champion security initiatives to resolve enterprise IT security issues. ESG operate globally, with offices located in the UK, US and Canada. POSITION RESPONSIBILITIES Essential Functions Monitor the external threat landscape and security trends to recommend improvements that enable the business to mitigate identified risks. Analyse security alerts to identify and respond to any security events or incidents. Lead investigation, reporting and remediation activities of security events and incidents. Act as an escalation point for Information Security Analysts. Conduct assessments on issues and vulnerabilities advising teams on appropriate courses of action. Assist in the development and ongoing maintenance of policies, procedures and documents required to maintain compliance. Provide additional support for the planning, development, testing and ongoing management the security program, including incident response exercise, risk assessments. Support vendor/supplier security reviews as required. Support vulnerability management and remediation. Facilitate Pen Testing and any remediation activities that need to occur. Monitor, configure and calibrate security monitoring tools. Will be included in the on-call support rotation (24 x 7 x 365). Ability to function in a fast-paced environment and effectively manage multiple tasks simultaneously. Supervisor Responsibility No line management responsibilities. May act as a mentor / trainer for colleagues. May provide input to performance reviews of other employees. Travel Requirements This job requires up to 5% travel to other ESG locations, client premises and 3rd party premises. ABOUT YOU We need diverse people from all abilities, gender identities, ethnicities, ages, sexual orientations, life experiences and backgrounds to join us You will be:- Able to demonstrate ESGs key values of Excellence : be accountable to deliver our best Passion : show how much we care each day Integrity : do the right thing when no one is looking Collaboration : work together to succeed together Experience 5 years of Information/Cyber Security. 5 years of experience of Security Incident response. 3 – 5 years experience of cloud security. 3 – 5 years experience of network security. 3 – 5 years of security controls frameworks (i.e. ISO27001, NIST). 3 – 5 years of risk management frameworks (i.e. ISO27005, IS1, NIST). Technical expertise in one or more of the following: IDS/IPS, web proxy, SEIM, forensics, automation technologies, vulnerability scanning, configuration monitoring, and/or endpoint detection response. Experience mentoring and developing junior team members. Working to tight deadlines. Analytical thinking and attention to detail. Good communication skills, both written and verbal. Must be able to work independently and as part of a team communicating with all levels of staff. Education Education in areas such as the following is beneficial ISO27001 Lead Auditor / Implementor CISSP CCSP CompTIA Security ISO AWARENESS • Follow IMS Policies • Reporting of Incidents • ISO Responsibilities • ISO Staff Awareness For more information on how we process your information please see our privacy notice which can be found on our website https://esgglobal.com/privacy-policy/