Given the nature of S-RM’s business, practising sound Information Security principles are fundamental to what we do.
The Information Security Analyst will take the lead on IT Security matters, delivering information security assurance throughout the organisation. They will oversee the IT Security layer by identifying and mitigating cyber threats; continuously hardening S-RM’s internal and client-facing platforms; educating staff on the latest cyber threats and ensuring that the business is aligned with industry-recognised security principles.
MAIN DUTIES AND RESPONSIBILITIES
- Incident prevention: oversee the management, continuous development and configuration of security systems, including (but not limited to): AV, firewalls, IDS/ IPS, switches, routers, LAN/ WAN, servers, MFA, end points and technical security controls (e.g. Identity and Access Management)
- Incident response: responsible for the detection, response, isolation and remediation of InfoSec incidents as well as identifying the root cause
- Vulnerability Management: perform regular vulnerability scans and take lead for subsequent patching/ bug fixes for global IT estate (on premise and cloud)
- Work with IT team to prioritise and remediate vulnerabilities discovered in annual penetration test
- Analyse (existing) and develop IT processes & policies to design and optimise Information Security solutions e.g. DLP, EDR, Password Management, Threat protection, Cloud security, Email security, SIEM.
- Manage data recovery systems
- Architectural design: provide subject matter expertise on technical security requirements for all tech-related projects
- Provide a security escalation path (and coaching) for IT support colleagues
- Produce regular security updates and reports covering all key internal and SaaS platforms
- Act as a key liaison point between the IT and Risk & Compliance teams, and the business- gaining business support for IT controls and security efforts
- Act as the primary point of contact for information security issues across all our global offices.
- Play a key part in ensuring the IT department’s continuous adherence to relevant legislation, including GDPR, as well as implementing/developing supporting policies including breach response and mitigation
- Produce reports with recommendations for internal security forums; maintain accurate records and logs of Security Incidents
- Manage all outgoing and incoming client vendor risk assessment requirements and coordinate responses accordingly
- Manage all incoming/ outgoing 3rd party supplier risk assessments
- Support, review and develop technical security standards, policies and designs
- Manage cyber awareness training and benchmarking
- Review and provide guidance on current cyber security controls with suggestions for improvements.
- Provide monthly updates to Head of Risk and Compliance in relation to information security for inclusion in the S-RM Risk Committee agenda.
The role will be based in our London office.
SKILLS, QUALIFICATIONS & EXPERIENCE
- Solid hands-on (3rd line) infrastructure experience and knowledge:
- VMWare/Windows OS (Windows 2008R2/2012 + Servers, MS Exchange 2010+; Hyper VSphere/ VCentre; ESXi 6.5+); Active Directory
- Cloud: Azure, Office 365/ Microsoft 365 (Office suite; Security and Compliance centre; Active Directory, Intune MDM; Exchange; Exchange Online Protection; Advanced Threat Protection); AWS; physical security (access controls); Encryption; Malware Analysis & Protection; Data Analysis Tools; Forensic Analysis, Boundary Security; Data Protection
- Experience of Security Incident Handling/Incident Response
- Good understanding of Information Security tools, covering areas such as firewalls, host and network intrusion detection/ prevention systems; AV (Security Suites), Web Filtering and monitoring, SIEM, DLP, data classification, IAM (Single Sign On (SSO) or federated access management approach); MFA; advanced email and networking
- Has an automation first approach and continuously looking at improving services and functionality
- CISSP/ CISM qualified
- ITIL qualified
- Knowledge of ISO27001/ NIST concepts
- Minimum 5 years’ experience
The individual will need to have the following key personal skills and attributes to perform successfully in this role:
- Strong analytical and technical skills relevant to information security including data encryption, secure data transmission, secure data consumption and risk analysis
- Desktop and server operating systems security
- Must be willing to remain hands-on and work within ITIL-aligned IT team
- Highly results and quality driven
- Demonstrable ability of documentation
- Previous experience of working alongside governance, risk and compliance teams is desirable
The successful candidate must have permission to work in the United Kingdom by the start of their employment.