The Cyber Security Analyst will be a key part of the InfoSec and Risk functions working in conjunctions with the Business Information Security Officer and the Head of Technology in response to security events and establishing policies and best practices. Assist with the management and maintenance of ISMSs across regions (currently UK, Australia and Asia), including certification against ISO 27001 and region specific certifications where applicable.
Develop and maintain information security policies, processes and procedures to support ISMS implementation and improvement across the organisation
Coordinate and participate in risk and security assessments to identify information security risks, threats and vulnerabilities and provide recommendations for and implement where appropriate, remediating controls/processes.
Ensure that core ISMS documentation is accurate and updated in a timely manner including the Risk Register, Information Asset Register, Statement of Applicability and Incidents and Actions Register
Ensure all Security events are properly documented/ tracked to meet audit and risk requirements
Conduct compliance audits across a range of information security controls that support the certification requirements of ISO 27001 and other security certifications as required
Facilitate the implementation of security controls in a coordinated manner based on enterprise control mappings.
Compile information security measurements and metrics supporting enterprise reporting
Own and manage the investigation of security incidents as required in coordination with the Incident Response Team.
Oversee security calendar tasks and ensure they are performed on schedule
Advise and work with Risk and Control management regarding security policies and processes
Provide recommendations on vulnerability scanning or penetration test remediation and risk mitigations
Respond to customer RFPs and Due Diligences relating to security requirements as required
Qualifications and Experience:
- 5+ years of experience in information security, audit and risk management
- At least one of the following certifications: CISSP, CISM or CISA. PCI ISA and/or GIAC/GSEC certifications are also a plus
- Proven knowledge and understanding of risk management and audit methodologies, and tools that support audit and risk management processes. COBIT5 a plus
- Proven experience Support ISMS / ISO 27001
- Experience working in software development or SaaS will be highly regarded
- Ability to work effectively in a multi-location team environment and across all organizational levels, where flexibility, collaboration and adaptability are important
- Ability to function and perform independently with minimal supervision
- Passion for cybersecurity and an awareness of the current threat landscape
- Ability to communicate effectively, in both written and verbal format