Salary Competitive
Security Assurance Analyst
Location - London – Manchester – Nottingham - Hybrid working model
Competitive Salary plus benefits
The Role
The Security Assurance Specialist is responsible for working with project teams, including architects, analysts, technical designers and business users to ensure that projects are delivered securely, protecting customer, company and employee data and ensuring compliance with the Information Security policies and standards.
* A strong assurance and technical background is required, coupled with an in-depth knowledge of security systems and relevant regulations and legislation to assist in maintaining the confidentiality, integrity and availability of products and systems.
* Provide end to end engagement on a wide range of business projects ensuring that security is built in and customer, company and employee data is protected;
* Attend project meetings and represent Information Security, providing advice and guidance as required;
* Review and consult on change documentation including Business Requirements, Design Documents, Detailed Designs, Network Diagrams, Data Flow Diagrams and others;
* Liaise with the Security Architects and wider team to provide technical requirements to ensure projects deliver secure solutions
* Ensure that relevant security policies and standards are applied to specific projects by adopting a hands-on approach – where necessary provide reference security designs for projects, to ensure alignment with the Enterprise Security Architecture
* Articulate risk in technical and non-technical terminology so that it can be interpreted by Information Technology and business individuals;
* Work with the Security Business Partners to scope, arrange and support penetration testing and vulnerability testing and track remediation to a close;
* Carry out Information Security impact assessments to meet Policies, Smart Energy Code (including licence obligations) and DPA/GDPR requirements on projects where appropriate;
* Strong End to End Information Security Project Assurance experience;
* Strong risk management knowledge and experience;
* Wide ranging knowledge of Information Security and IT Security frameworks, standards and application of best practice
* A good understanding of security tools including: vulnerability scanning, SIEM monitoring, physical security tools, DDoS Protection, remote access technologies, authentication and authorisation techniques, network sniffing, Data Loss Prevention
* Wide ranging knowledge on technology, its implementation in the corporate environment and best practice
* Knowledge of OWASP vulnerabilities, tools and methodologies;
* Varied IT experience including: ITIL, Hardware and Software architecture, SDLC, Operating systems and administration, Cloud, Networking technologies (routing, LANs, WANs, Firewalls, VPNs, IDS/IPS, SSL, IPSEC, http/s, and wireless), AV, Active Directory, Virtualisation, Shared storage, Cloud and mobile technologies;
* Have previous procurement experience including supplying contract clauses & contract review
* Ability to work as part of a team or individually;
* Self-motivated to research and maintain up to date industry knowledge and security awareness;
* Ability to work under pressure and maintain professionalism at all times;
* Ability to communicate effectively with all levels and areas of the business
What will you be doing?
Key Accountabilities
* Conducting impact assessments on change, projects and proofs of concepts to capture security impacts and risks
* Input to and review of project documentation to ensure that Security requirements are captured, delivered and tested
* Creating traceable requirements from technical controls through to technical delivery requirements
* Capturing requirements from the Security Architects and other Security specialists to the input to the delivery teams in a clean and concise manner
* Completion of security-specific artefacts including Supplier Security Assessments, Software Security Reviews, Data Protection Impact Assessments and Business Continuity Assessments for the Change Delivery Management process
* Contribute and to and review security elements in supplier contracts
What we are looking for?
Skills and Experiences - Essential
The Security Assurance Specialist must have experience of complex environments. This will preferably include experience of outsourced environments, Group/Market (hub and spoke) organisations, systems integrators. Any telecoms or energy background would be a bonus.
The Security Assurance Specialist will have experience with a wide range of security technologies. A solid understanding of Risk Management, DPA and EU GDPR, and ISO 27001 is also required, along with experience of securing projects and using security testing methodologies.
* Strong written and verbal communication skills – capable of writing reports and presenting to groups
* Can plan, prioritise and manage own workload
* Capable of converting policy statement into reference security designs
* Ability to engage openly with external stakeholders and increase the profile of the security team
Skills and Experiences - Desirable
* Recognised qualifications include CISSP, CISM, CISA or equivalent
* Familiarity with the NIST Cybersecurity Framework is beneficial.
* Formal qualification in Information Security domain or equivalent experience desirable
About the DCC
At the DCC, we believe in making Britain more connected, so we can all lead smarter, greener lives. That desire to make a difference is what drives us every day and it wouldn’t be possible without our people. Each person at the DCC brings a special kind of power to the business, and if you join us, we’ll give you the means to unleash yours. Here, we depend on each other and hold each other accountable. You have the power to challenge and make change, to take the initiative and enjoy real responsibility. Whether it’s doing purposeful work, helping us grow or building the career you want – we’ll give you the support to do it all. Our secure network for smart meters is transforming Britain’s energy system and helping the country’s fight against climate change: we want you to be part of our journey.
Company benefits
The DCC’s continued success depends on our people. It’s important to us that you enjoy coming to work, and feel healthy, happy, and rewarded. In this role, you’ll have access to a range of benefits which you can choose from to create a personalized plan unique to your lifestyle.
Your application will be carefully considered, and you’ll hear from us regarding its progress.
Join the DCC and discover the power of you.
What to do now
Choose ‘Apply now’ to fill out our short application, so that we can find out more about you.
#J-18808-Ljbffr