Information Security Analyst
My client, a FTSE100 travel and tourism company based in Crawley are looking for an Information Security Analyst to join the team on a contract basis. The role will be paying up to £450.00 per day. This is a newly created role as my client looks to build a new security function in the group. In this role you will be working closely with the CSO (Chief Security Officer) as this role will play an important in the new look team.
As Information Security Analyst you will have the following skills and knowledge;
* Exposure to multi-tier, web based and cloud based IT architectures
* Knowledge of security technologies (eg AV, SIEM, IAM, IPS, F/W, SSO, DLP)
* Knowledge of security assessment frameworks (eg threat modelling, controls assessment, risk assessment)
* Experience in provide initial investigations of security incidents, escalating issues where necessary
* Experience with security information management tools
* Experience within security assessment tools particularly vulnerability scanning tools, SIEM, DLP and NAC.
* Minimum 2 years' experience in an active IT security role
* Working knowledge and experience of the ITIL framework
* Experience in developing, managing and improving operational risk and compliance processes
As information Security Analyst you will have the following roles and responsibilities;
* Developing and maintaining the in-house vulnerability management capability, implementing vulnerability scanning, reporting on risk exposure and provide risk prioritized remediation advisories and tracking progress.
* Assist in the development of the Information Security Management System (ISMS).
* Coordinate penetration tests with penetration testing partners, IT and Development teams, acting as key point of contact for all security activities and advisories in relation to remediation and mitigation.
* Implementing security controls in compliance with legislation and regulatory frameworks (eg DPA, PCI-DSS, HIPPA) and the Group Information Security Policies.
* Implementing security methodologies and industry standards (eg ISO27001, NIST, SANS)
* Identifying and prioritising IT and security compliance risks and recommend appropriate mitigating controls.
* Conduct risk assessments of changes, projects, programmes, services.
* Provide recommendations to manage information security risk which will include aligning projects to policies & standards.
* Assist with developing and reviewing corrective action plans to address the root cause and prevent reoccurrences of compliance issues.
* Undertake security gap analysis internally, of third parties and other partners
* Providing IT Security and compliance awareness.