Information Security Analyst - Project Assurance - London
Working with our consultancy client as an Information Security Analyst you'll be responsible for working with project teams, including architects, technical designers and product owners to ensure that business projects are delivered securely, protecting customer and employee data and ensuring compliance with the Information Security policies and standards.
You should possess a strong assurance and technical background coupled with an in-depth knowledge of security systems and relevant regulations and legislation to assist in maintaining the confidentiality, integrity and availability of products and systems.
The Information Security Analyst will have experience with a wide range of security technologies. A solid understanding of Risk Management, DPA and EU GDPR, PCI DSS and ISO 2700x is also required, along with experience of securing projects and using security testing methodologies.
- Provide end to end engagement on a wide range of business projects ensuring that security is built in and customer and employee data is protected;
- Attend project meetings and represent Information Security, providing advice and guidance as required;
- Review architectural and design documents including Design Documents, Detailed Designs, Network Diagrams, Data Flow Diagrams and others;
- Articulate risk in technical and non-technical terminology so that it can be interpreted by Information Technology and business individuals;
- Define Information Security requirements for each project and ensure that they are fulfilled prior to going into service;
- Scope, arrange and support penetration testing and vulnerability testing and track remediation to a close; on time and on budget;
- Ensure that relevant security standards are applied to specific projects;
- Carry out Information Security impact assessments to meet Policies, PCI DSS and DPA/GDPR requirements on projects where appropriate;
- Support delivery of and input to the Information Security Assurance plan;
- Provide guidance to the business and technical teams around Information Security policies and standards;
- Represent the Information Security Team and provide input to the Change Advisory Board
- Strong End to End Information Security Project Assurance experience;
- Strong risk management knowledge and experience;
- Experience of various data security and compliance standards, including ISO 27001, PCI DSS, DPA, EU 95/46 and EU GDPR and its implementation across European countries and Privacy Shield scheme;
- Wide ranging knowledge of Information Security and IT Security frameworks, standards and application of best practice;
- A good understanding of security tools including: vulnerability scanning, SIEM monitoring, physical security tools, DDoS Protection, remote access technologies, authentication and authorisation techniques, network sniffing, Data Loss Prevention;
- Wide ranging knowledge on technology, its implementation in the corporate environment and best practice;
- Knowledge of OWASP vulnerabilities, tools and methodologies;
- Varied IT experience including: ITIL, Hardware and Software architecture, SDLC, Operating systems and administration, Cloud, Networking technologies (routing, LANs, WANs, Firewalls, VPNs, IDS/IPS, SSL, IPSEC, http/s, and wireless), AV, Active Directory, Virtualisation, Shared storage, Cloud and mobile technologies;
- Security certifications are useful: CEH, CISSP, CISM, SSCP, ISO 27001 Implementer or Lead Auditor
Initial 3-6 month contract with a view to extending further. You may need to undergo background checks including criminal and credit history.