Job Description
Responsibility:
* Working with our third parties ensure that we are continually monitoring the organisations networks, systems and applications for security breaches, intrusions and other suspicious activity.
* Work with our third parties to ensure that all systems and applications are being managed from a vulnerability management perspective and that penetration testing is being undertaken on all systems and applications.
* Assist in the development, implementation, and enforcement of information security policies, standards, and guidelines, including ensuring compliance with relevant regulations and industry standards (e.g., ISO 27001, GDPR, NIST CSF, etc).
* Conduct risk assessments to evaluate the security posture of information systems and processes and help identify, assess, and document potential risks, and propose mitigation strategies.
The successful candidate will have:
* Familiarity with industry standards and frameworks such as NIST, ISO 27001, and CIS Controls
* Demonstrable working experience with a primary focus on Information Security
* Certifications in CISA, SSCP, CompTIA Sec+ or a similar
* Proven experience as a Security Analyst or similar role, with hands-on experience in monitoring, incident response, and vulnerability management
* Proficiency in using and configuring security tools such as SIEM, IDS/IPS, firewalls, antivirus software, and vulnerability scanners
* A good in depth knowledge of the Microsoft Azure stack, understanding the various security components that can be used within Microsoft environments
* Good understanding of ITIL processes and experience of working with IT teams to ensure that ITIL good practise is followed
* A good level of technical understanding and skills; able to walk through networks and systems to identify risks and able to understand the risk impact to the business. This should particularly be focussed on cloud environments and SaaS products
* Ability to work effectively with cross-functional teams, including IT, development, and operations