Information Security Assurance Analyst - Portsmouth, United Kingdom - SGN

SGN

Verified Company

Portsmouth, United Kingdom

1 week ago

Posted by:

Tom O´Connor

beBee Recruiter

Description

THE ROLE

Here at SGN we are looking for an Information Security Assurance Analyst providing support the security assurance function in triaging, assessing, and providing security advisory services across all programmes, projects, and steady state services.

You will be responsible for providing assurance to the SGN leadership team regarding the design and operating effectiveness of the security controls within both SGN's IT and OT environments.

You will work collaboratively with risk management, business analysts, projects managers, architects, and support teams to identify, evaluate, report, and mitigate risks.

In addition, you will be responsible for reviewing and identifying security control gaps in design documents, providing remediation and mitigation recommendations.

Key responsibilities will include;

Review both high/low level architecture definition documents for compliance against security policies, standards and regulatory requirements, and attend Technical Design Authority (TDA) and Architecture Review Board (ARB) meeting to provide security signoffs
Manage a team of security assurance analyst / consultants providing thought leadership across a number of assurance functions, and helping to navigate through senior management approvals thereby allowing for seamless and smooth engagements with projectdelivery teams
Perform cyber security risk assessments, compliance checks, audits and reviews to ensure that appropriate security controls are in place and highlight any deficiencies and gaps for management consideration.
Provide cyber security assurance activities by ensuring implemented solutions are a replica of agreed and approved architecture definition documents, helping to facilitate penetration testing as per local Cyber policies, whilst providing security advice,in collaboration with Corporate Cyber Security, and support to management, BAU and projects to comply with both global and local requirements and obligations.
Maintain and communicate relevant local security procedures aligned with necessary Cyber Security rules, processes, procedures and standards.
Where required, propose solutions and coordinate delivery of mitigating actions to ensure risk levels are aligned with risk appetite.
Perform compliance checks to ensure Cyber Security controls are operating as designed.

CULTURE/BENEFITS

This role will offer plenty of genuine learning and development opportunities, as well as a competitive salary with company benefits including retail & leisure discounts, HolidayPlus & Cycle2work schemes, gym & mobile discounts, a pension scheme, and more.

Fostering a diverse and inclusive culture is something we pride ourselves on at SGN.

We want our workplace to be an innovative and inclusive place to work, where every single person feels empowered to achieve professional success.

WHAT YOU'LL BRING

The individual should be educated to degree level in a relevant discipline.
Must be CISM/CISSP/CCSP/TOGAF/CRISC/AWS Solution Architect or equivalent certified or willing to undergo certification on the job.
Must have expertise in Cloud (IaaS, Paas, SaaS), in particular AWS and Azure
Must have proven expertise in three of the following security domain areas; Vulnerability Assessment and Management, Security Risk and Compliance, Cloud Security Architecture, Application Security, Security Operations Centre and Investigations, IncidentManagement and Security Engineering
Must have 12 years' cyber security experience
Good understanding and practical experience of Cyber Security Frameworks and standards such as NCSC security principles, NIST Framework, ISO 27001, ISO27005, IEC62443 etc.
Good understanding of Cyber Assurance Framework and experience with working with Regulators and providing compliance updates for OT environment

Skills that will help you in the role:

Knowledge and experience on IT Auditing/Control testing, IT Information Security and IT generic computing controls
Knowledge of technology risk and controls including relevant tools and techniques