Job title: Junior Information Security Analyst
Location: London
Salary: Competitive
Job Type: Full Time, Permanent
Closing Date: 31st December 2019
Since 1988 the group of companies have successfully helped people and organisations build, shape and protect their financial futures
An opportunity has arisen for a Junior Information Security Analyst to join the central IT Operations team in London. This is a chance for someone with a real passion and enthusiasm for Cyber Security and IT in general to join them and develop your career.
As Junior Information Security Analyst you will assist with the day to day security operations and will receive on-going training towards industry certification.
Job Purpose:
To assist with the protection, confidentiality and integrity of client and employee data and support services that provide compliance with Group IT and Information Security policies and standards.
Key Activities:
- Support the Senior Infrastructure Engineer with the monitoring of IT security issues related to Group systems and processes and ensure the internal security controls are appropriate and operating as intended
- Manage the third-party vendor risk platform (3GRC) and report on risk levels to the CTO
- Liaise with the Group Risk function for Information Security reporting
- Provide input to internal and external Group and individual business unit audit activities as required
- Engage directly with the Projects team to support the Senior Infrastructure Engineer and CTO review new projects and initiatives, ensuring security requirements are captured and managed through to implementation
- In conjunction with the CTO provide Security Metric monitoring, control effectiveness and reporting to IT and relevant business units.
- Create and maintain relevant documentation as required and publishing it to PSG staff as relevant
- Due to the changing nature of the business, the job holder may from time to time be required to undertake other activities of a similar nature that fall within their capabilities
Competencies:
An understanding of the following is essential:
- Microsoft technical architecture, Office 365 & Azure, firewalls and a general appreciation of security concepts
- Security monitoring tools-(e.g. Microsoft E5 Cloud App Security, SIEM, IDS/IPS and Vulnerability Scanning)
- Information security standards (e.g., Cyber Essential Plus, ISO 27001, 27002), rules and regulations related to data confidentiality and information security (DPA, FCA, GDPR)
- Practicable experience with build hardening, vulnerability assessment and countermeasures
Key Requirements:
- Educated to at least A level
- The ability to demonstrate passion for a given facet or set of facets within Information Security is essential
- A foundation certificate in IT or an MCP (or greater) is desirable
- Non-vendor specific IT Security certification such as Comp TIA Security+, Ethical Hacking and penetration testing is desirable
- Experience of working in a customer focused IT environment ideally within Professional or Financial services
- Experience of liaising with third party security companies
- Knowledge of Microsoft applications, networks and database technology deployed in a client server environment ideally on a Virtual platform like Microsoft Hyper-V
- Experience of working within an Information Security role or IT Operational security function
- Effective written and verbal communication skills
- Demonstrates the ability to deal with competing operational and project deadlines
- Ability to work on your own initiative
- Demonstrates problem-solving strategies and practical knowledge
- Ability to explain technical issues in a non-technical manner
- A personal interest in Information Security
If you are good at building strong relationships and are looking for a challenging but rewarding new role please do apply!
Please click the APPLY button to send your CV and Cover Letter for this role and to receive further information.
Candidates with the experience or relevant job titles of; Information Security Analyst, IT Security Analyst, SOC Analyst, CISSP, CISM, CEH, Lead Implementer, Lead Assessor, Secure Software Designer, Financial Services Information Security Analyst, Web Application Security Analyst, Data Classification and Handling, 3rd Part Security Analyst, Security Incident Response, Security Risk Management may also be considered for this role.
