We are looking for an enthusiastic and detail-oriented Lead Security Analyst to join our growing information security and data protection team. This is an ideal role for someone who has a strong foundation in information security and data protection and would like to take the next step in helping to lead and develop a small team.
The Lead Security Analyst is a mid-level position responsible for overseeing the day-to-day activities of other analysts working on information security and data protection activities. You will be responsible for managing the workload and tasks of security analysts, ensuring that security and data protection tasks like risk assessments, remediation efforts, and policy development are carried out effectively. The Lead Security Analyst will play a key role in delivering the information security and data protection strategy, managing related projects, and ensuring the team is aligned with organisational goals.
This is a full-time position with supervisory, training, and mentoring responsibilities. Occasional after-hours work may be required for incident response or urgent security tasks.
Successful candidates will be offered the opportunity to enrol on a fully funded Level 7 cyber security apprenticeship (MSc) and will be provided with mentoring support to help you grow and learn.
Responsibilities:
1. Supervise and manage a team of analysts, assigning tasks, and ensuring work is completed efficiently and to a high standard.
2. Provide mentorship, training, and career development support for junior and mid-level analysts.
3. Conduct regular performance reviews and provide feedback to team members.
4. Oversee the daily operations of the security team, ensuring that assessments, vulnerability remediation, and security policy development are executed on time.
5. Prioritise tasks and coordinate with cross-functional teams to meet deadlines.
Advanced Security Assessments & Reporting:
1. Lead high-level risk assessments, security audits, and vulnerability management efforts.
2. Ensure risk and control assessments and findings are documented clearly and communicated to management.
3. Provide expert guidance on mitigating information security and data protection risks improving the organisation’s security posture.
4. Ensure the completion of security and data protection assessments from clients in a timely manner.
Policy & Standards Development:
1. Lead the creation, implementation, and review of information security and data protection policies, procedures, standards, and guidance, ensuring they are aligned with industry best practices and compliance requirements.
2. Provide expert assistance to business stakeholders to help them implement privacy policies and ensure privacy by design and by default in company operations.
3. Ensure the mapping of data, and the completion of Data Protection Impact Assessments.
Configuration Reviews:
1. Lead detailed configuration reviews of systems, networks, and applications.
2. Work with cross-functional teams to ensure that security configurations meet established standards.
3. Support the incident management leads, helping to coordinate the response to security incidents, including data breaches, system compromises, or attacks.
4. Deputise for incident management leads when necessary.
Application Security:
1. Work with development teams to embed secure coding practices.
2. Conduct regular security assessments of the company’s software, including the proprietary products sold to clients.
Security Oversight:
1. Contribute to the development and execution of the organisation’s information security and data protection strategy.
2. Stay updated on the latest threats and trends and incorporate this knowledge into the organization's information security and data protection posture.
3. Provide security and data protection guidance to internal stakeholders, ensuring security and data protection considerations are incorporated into development and operational practices and best practices are followed across the organisation.
4. Mentor and support junior analysts, assisting in their professional development.
Requirements
1. Bachelor’s degree in Cybersecurity, Information Technology, or a related field, or equivalent experience.
2. 4+ years of experience in information security or a related field, with at least 2 years in a mentoring, supervisory, or leadership role.
3. CISSP, CISM, CEH, or similar certifications in security leadership are preferred, but not essential.
4. Strong experience with security frameworks, risk assessments, vulnerability management, and security incident response.
5. Strong technical expertise in security tools, technologies, and methodologies.
6. In-depth knowledge of security frameworks and best practices (e.g., NIST, ISO 27001).
7. Excellent leadership and team management skills, including proven ability to manage teams and lead security initiatives.
8. Exceptional problem-solving, investigative, decision-making, and analytical abilities.
9. The adaptability to do a range of work, sometimes complex and non-routine, in different environments.
10. The ability to work under direction, use discretion, and determine when to escalate issues.
11. Strong written and verbal communication skills, with the ability to interact effectively with both technical and non-technical stakeholders.
#J-18808-Ljbffr