The purpose of this role is to manage and maintain the IT systems security for the organisation. It is a strongly collaborative role, working with the Technical Manager, Head of Technology and the Service Manager to support the Museum in delivering existing technologies to users while ensuring cyber security safeguards are maintained. As such the Systems Security Analyst will ensure that information assets and associated technology, applications, systems, infrastructure, and processes are adequately protected. This role will be the source of the Information Security expertise and guidance at RMG. The postholder will play an integral part in developing and continually improving the capability to protect the confidentiality, integrity and availability of RMG data and services as well has help deliver new services and features, both within the InfoSec estate and more widely to the organisation in collaboration with the Head of Technology, Technical Manager and the DevOps Project Manager. Key responsibilities: Oversee RMG cyber security systems, processes and controls including the monitoring and assessment of and response to alerts together with escalation of cyber issues as appropriate. Work with third party providers where appropriate to ensure contracted services are monitored and delivered in accordance with agreed standards. Oversee security aspects of Active Directory and M365, ensuring data is kept accurate and up to date. Analyse and monitor RMG data security risks and work proactively with Colleagues to put in place appropriate responses to mitigate impacts. Provide relevant data and statistics to RMG colleagues to support a strong data security environment. Work with People & Culture, Governance and Internal Communications teams to devise and deliver appropriate training and support to all RMG staff to minimise data security risks. Work with the Head of Technology and Technical Manager to ensure that RMG has a plan to achieve and maintain Cyber Essentials and subsequently Cyber Essentials Plus certifications. Work with the Technical Manager to help deliver periodic cloud and network vulnerability testing; respond to security-related events and lead remediation work. Monitor and maintain the security of IT systems, including on-premise and cloud applications. Work with other members of the Technology team, vendors and Managed Service Providers to update, improve and implement services for the organisation to support current and new activities. Take an active role in technical projects, working as a technical lead or supporting the technical lead to facilitate successful implementation of new services. Other responsibilities: Undertake any other relevant activities that are part of the IT function and general scope of this position as directed by the Head of Technology. Sustainability ensure your ways of working meet the museums values around sustainability. Health and Safety observe all Health and Safety rules and procedures as laid down and attend all relevant training as required. Equality, Diversity, and Inclusion (EDI) contribute to building a departmental culture which values and promotes a positive attitude to Equality, Diversity, and Inclusion. Carry out appropriate other duties when required, as directed by the Head of Technology. Essential criteria: Experience with InfoSec technologies, threat management and remediation. Knowledge of Microsoft stack technologies, M365, Defender, AAD, including Enterprise Apps and conditional access. Minimum, three years experience identifying threats and developing appropriate protection measures. Good knowledge of relevant data security standards and protocols relating to the public sector. Demonstrable experience of working effectively with managed suppliers and vendors. Commitment to high level of customer service, and evidence of how this has been delivered. Demonstrable experience reviewing system changes for security implications and recommending improvements. Desirable criteria: Familiarity with Varonis and Cynet or similar. Knowledge of network and server infrastructure, OS and services Firewalls, switches, DNS, DHCP, DC, AD, AAD, ADConnect, RDS. Working knowledge of Finance and Ticketing Enterprise applications.