Senior Cyber Security Analyst

About the team and the role: As part of the Technology Team, you will be responsible for Cyber Security across the organisation. Working with the business, system owners, suppliers, auditors and other third parties to ensure compliance and respond to audit requests in a highly regulated industry. This is a diverse role with responsibilities including all aspects of Cyber Security. Along with running and owning the processes and procedures of a Cyber Security Framework, you will also be expected to configure and monitor security tooling.

How you'll contribute: The role will initially be technology, BAU and audit administration focused, but will expand over time to encompass responsibility for the overall Cyber Security Framework. Immediate responsibilities include:

• Security configuration, alert actioning, vulnerability tracking, monitoring and other security related responsibilities for: Endpoint Devices, Microsoft 365, Microsoft Entra (Azure AD), Microsoft Azure, Salesforce Shield, SentinelOne, Z-scaler, Threatlocker and various other solutions across the estate.
• Remain up to date and advise on: Security Threats, Potential security issues, Technology capabilities.
• Own, manage and run the day-to-day security operations; examples include: Responding to alerts and events, Security backlog, observation tracking and progress of vulnerability resolution, Identity management and authorization processes, Internal audit and diary tracking, Track and authorise changes to Data Loss Protection Policies within the organisation, Running exercises for the BCP, DR and Incident Response Plans, creating playbooks and applying recommendations from the retrospectives, Policy exception tracking, auditing, authorization and reporting, Produce regular reporting to the CTO, COO and Executive Committee, Onboarding of new solutions into BAU, Coordinate annual Penetration Testing and Configuration Reviews, Tracking and management of gaps between our Risk Frameworks and solutions.
• Coordinate technology related audit and compliance requests, including: Liaise and coordinate the responses from other individuals/teams/functions/third parties, Respond to audit questions where possible, Track any remediation items and work with other teams to resolve, Auditing cloud assets and monitoring Shadow IT.

General responsibilities: Automation and outsourcing of standard processes, Supplier Management and Governance, Process development, Maintenance of the central solutions register and Enterprise Architecture assets, Small change/project management.

The role will grow to include: Example areas of responsibilities for the Cyber Security Framework include:

• Develop and Administer Cyber Security processes, for example Incident Response Plans.
• Continued development of our Cyber Security Framework and to continually improve our Cyber Security Posture.
• Administer standard artefacts, including Risk Appetite Statements, Cyber Strategy and the annual improvement program.
• Tracking and reporting on our NIST compliance.
• Support the continued development of company policies and staff handbook.
• Vulnerability Management, including tracking and reporting on vulnerabilities throughout the estate.
• Own the Cyber Security training programmes including the creation of manuals and advisory notices.
• Work with the CTO and other technology functions to improve technical security processes, for example, technical security frameworks in the software development lifecycle, threat modelling, solution security lifecycles.

Work with fellow IT functions to: Enhance existing Software Development Lifecycle processes to improve security, Perform Threat Modeling of new and existing solutions, Work with solution owners to apply the appropriate controls and put in place monitoring.

Skills: Develop and build relationships internally and externally with key business and technical stakeholders, Cyber Security Framework implementation, test and execution, Microsoft 365, Microsoft Entra and Microsoft Azure, Microsoft Office Suite, including Microsoft Excel, Powershell and Microsoft 365 automation technologies, Strong general working knowledge of technology and technology processes, Authoring of formal and regulated documentation (e.g. policies and procedures), Ability to influence key stakeholders, Implementation of automation, specifically with PowerShell or Microsoft 365 technologies.

Knowledge: Cyber Security Frameworks and other bodies, in particular NIST and NCSC/IASME/CE, IT Operation processes, e.g. ITIL, including Asset Management and Change Management, Understanding of the holistic approach to Cyber Security and how to apply that to model attack vectors and actors in relation to the requirements of the business, Understanding of the five functions of the NIST Cyber Security Framework, Security Operations and SIEM implementations, Understanding of the attack vectors, methods and actors in relation to Cyber security.

Experience: Working within Cyber Security Frameworks, specifically NIST, Worked for equivalent regulated organisations (FCA, PRA, etc), Owned and provided responses to auditor requests, Implementing/delivering the artefacts as outlined in the responsibilities.

Interview process: Teams call with the Talent Acquisition professional, Face to face interview at Volante with hiring manager, Face to face interview with HR.

What's in it for you? Competitive salary, Pension, Holiday, Private medical care.

About Us: Volante Global are an award winning, multi-class, international underwriting group, delivering niche, specialist (re)insurance products to a broad distribution network. Employing underwriters with a proven track record in Europe, the Middle East, Canada, and the USA, we have seen unprecedented growth since starting in 2018, growth that is set to continue over the next 3 – 5 years.

Diversity & Inclusion: Diversity and inclusion are part of the Volante DNA. As a global organisation we have diversity of ethnicity, religion, and gender throughout the organisation from the top down. We have a “Diversity from Adversity” program through which we offer employment opportunities to people coming from disadvantaged backgrounds, and we continue to explore how to further these initiatives.