Job Description
Role: Cyber Security Analyst
Location : Office location London. Hybrid working available.
Full Time role
Insurance/Finance experience is mandatory
Duties and accountabilities
* Working with our third parties ensure that we are continually monitoring the organisations networks, systems and applications for security breaches, intrusions and other suspicious activity.
* Work in close conjunction with our third party SOC to ensure that the right security logs are being monitored and that we have full visibility across our environments.
* Investigate security alerts and incidents that are raised by third parties and work in close cooperation with the IT team to contain and remediate these, along with supporting the Cyber Security Manager through to incident closure.
* Work with our third parties to ensure that all systems and applications are being managed from a vulnerability management perspective and that penetration testing is being undertaken on all systems and applications.
* Own the outputs from a vulnerability management and penetration testing to resolution in conjunction with system owners and escalating any areas of non compliance to the Cyber Security Manager.
* Working with third parties to ensure that secure coding requirements in line with the cyber security framework are being adhered to.
* Support the Cyber Security Manager as necessary regarding any cyber security incidents that may occur and ensure that lessons are learned and these are fed back into the security framework.
* Act as the first point of contact for the IT team and business in regards to cyber security incidents.
* Assist in the development, implementation, and enforcement of information security policies, standards, and guidelines, including ensuring compliance with relevant regulations and industry standards (e.g., ISO 27001, GDPR, NIST CSF, etc).
* Conduct risk assessments to evaluate the security posture of information systems and processes and help identify, assess, and document potential risks, and propose mitigation strategies.
* Work with third parties to ensure that the right security tools are in place, with oversight to ensure that the third parties are working in line with the cyber security framework.
* Produce and generate in conjunction with third parties, where appropriate security posture reports, vulnerability reports, and incident reports for the Cyber Security Manager to communicate to the relevant stakeholders.
* Assist in the preparation of audit reports and evidence for internal and external audits.
* Communicate security risks, issues and strategies to non-technical stakeholders in a clear and understandable manner.
* Work with third parties to ensure that Client is monitoring for the relevant cyber security threats and that Client is proactively protected against these threats and risks.
Skills, knowledge and experience
The successful candidate will have:
* Familiarity with industry standards and frameworks such as NIST, ISO 27001, and CIS Controls
* Demonstrable working experience with a primary focus on Information Security
* Certifications in CISA, SSCP, CompTIA Sec+ or a similar
* Proven experience as a Security Analyst or similar role, with hands-on experience in monitoring, incident response, and vulnerability management
* Proficiency in using and configuring security tools such as SIEM, IDS/IPS, firewalls, antivirus software, and vulnerability scanners
* A good in depth knowledge of the Microsoft Azure stack, understanding the various security components that can be used within Microsoft environments
* Good understanding of ITIL processes and experience of working with IT teams to ensure that ITIL good practise is followed
* A good level of technical understanding and skills; able to walk through networks and systems to identify risks and able to understand the risk impact to the business. This should particularly be focussed on cloud environments and SaaS products
* Ability to work effectively with cross-functional teams, including IT, development, and operations