Cyber Security Officer​/Analyst

The Role

The role is to work as part of the Security Team to provide operational support for Group IT systems. To utilise monitoring tools including EDR to respond to events and work with the business for the orderly resolution of issues. To play an active part in Vendor Risk Management process both with vendor selection and ongoing monitoring. To contribute to the development and facilitation of exercises and incident simulations.

In addition to carrying out vulnerabilities evaluations in-house, to evaluate those and Third-Party test results and make recommendations for security improvements. To stay abreast of and research new and emerging information technology security threats and solutions to proactively enhance the security planning for best standards and practices in the Company. The post is an integral part of the Incident Response planning, and an escalation point for the Security Operations Centre.

The goal is to ensure Group IT assets are secure and staff are trained in support of a positive security culture. Working closely with the Infrastructure and Development teams and providing support to the infrastructure team.

• Provides advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards.
• Contributes to development of information security policies, standards and guidelines.
• Obtains and acts on vulnerability information and conducts security risk assessments, business impact analysis and accreditation on complex information systems. Investigates major breaches of security and recommends appropriate control improvements.
• Develops new architectures that manage the risks posed by new technologies and business practices.

• Plans and implements complex and substantial risk management activities within a specific function, technical area, project or programme.
• Establishes consistent risk management processes and reporting mechanisms aligned with governance frameworks.
• Engages specialists and domain experts as necessary.
• Advises on the organisation's approach to risk management.

• Oversees security operations procedures, ensuring adherence and effectiveness, including cloud security practices and automated threat responses.
• Reviews actual or potential security breaches and vulnerabilities and ensures they are promptly and thoroughly investigated. Recommends actions and appropriate control improvements.
• Ensures the integrity and completeness of security records, ensuring timely support and adherence to established procedures.
• Contributes to the creation and maintenance of security policies, standards and procedures integrating new compliance requirements and technology advances.

• Selects appropriate testing approaches using in-depth technical analysis of risks and typical vulnerabilities.
• Produces test scripts, materials and test packs and tests new and existing networks, systems or applications. Provides advice on penetration testing to support others.
• Records and analyses outcomes and results and modifies tests if necessary.
• Provides reports on progress, anomalies, risks and issues associated with the overall project.

• Collates and analyses catalogues of information and technology assets for vulnerability assessment.
• Performs vulnerability assessments and business impact analysis for medium complexity information systems.
• Contributes to selection and deployment of vulnerability assessment tools and techniques.

• Plans and manages threat intelligence activities.
• Identifies the most impactful threat categories and types of information that can help defend against them. Reviews, ranks and categorises qualitative threat intelligence information.
• Provides expert advice on threat intelligence activities.
• Leads the production and editing of threat intelligence reports that enhance the intelligence production workflow. Distributes information and obtains feedback about the value, usefulness and impact of the data.

• Business Continuity Silver Team Member
• Cyber Security Response Group Member