Information Security Analyst - Project Assurance - London
The Information Security Analyst is responsible for working with project teams, including architects, technical designers and product owners to ensure that business projects are delivered securely, protecting customer and employee data and ensuring compliance with the Information Security policies and standards.
A strong assurance and technical background coupled with an in-depth knowledge of security systems and relevant regulations and legislation to assist in maintaining the confidentiality, integrity and availability of products and systems.
The Information Security Analyst will have experience with a wide range of security technologies. A solid understanding of Risk Management, DPA and EU GDPR, PCI DSS and ISO 27001 is also required, along with experience of securing projects and using security testing methodologies.
- Provide end to end engagement on a wide range of business projects ensuring that security is built in and customer and employee data is protected;
- Attend project meetings and represent Information Security, providing advice and guidance as required;
- Review architectural and design documents including Design Documents, Detailed Designs, Network Diagrams, Data Flow Diagrams and others;
- Articulate risk in technical and non-technical terminology so that it can be interpreted by Information Technology and business individuals;
- Define Information Security requirements for each project and ensure that they are fulfilled prior to going into service;
- Scope, arrange and support penetration testing and vulnerability testing and track remediation to a close; on time and on budget;
- Ensure that relevant security standards are applied to specific projects;
- Carry out Information Security impact assessments to meet Policies, PCI DSS and DPA/GDPR requirements on projects where appropriate;
- Support delivery of and input to the Information Security Assurance plan;
- Provide guidance to the business and technical teams around Information Security policies and standards;
- Represent the Information Security Team and provide input to the Change Advisory Board
- Strong End to End Information Security Project Assurance experience;
- Strong risk management knowledge and experience;
- Experience of various data security and compliance standards, including ISO 27001, PCI DSS, DPA, EU 95/46 and EU GDPR and its implementation across European countries and Privacy Shield scheme;
- Wide ranging knowledge of Information Security and IT Security frameworks, standards and application of best practice;
- A good understanding of security tools including: vulnerability scanning, SIEM monitoring, physical security tools, DDoS Protection, remote access technologies, authentication and authorisation techniques, network sniffing, Data Loss Prevention;
- Wide ranging knowledge on technology, its implementation in the corporate environment and best practice;
- Knowledge of OWASP vulnerabilities, tools and methodologies;
- Varied IT experience including: ITIL, Hardware and Software architecture, SDLC, Operating systems and administration, Cloud, Networking technologies (routing, LANs, WANs, Firewalls, VPNs, IDS/IPS, SSL, IPSEC, http/s, and wireless), AV, Active Directory, Virtualisation, Shared storage, Cloud and mobile technologies;
- Ability to work as part of a team or individually;
- Self-motivated to research and maintain up to date industry knowledge and security awareness;
- Ability to work under pressure and maintain professionalism at all times;
- Ability to communicate effectively with all levels and areas of the business
- Degree or equivalent experience in Information Security or ICT domain
- Security certifications, like CEH, CISSP, CISM, SSCP, ISO 27001 Implementer or Lead Auditor
- Formal qualification in Information Security domain or equivalent experience desirable
Start 7th January - this is an initial 5-6 week assignment but there is a likelihood that it may continue for another 3 months.