Information Security Analyst

We are looking for an Information Security Analyst to strengthen the Information Security team at Cifas. The successful applicant will report directly to the Director of Information Security and will be responsible for supporting the day-to-day information security operations. This is a hands-on role that will work with internal and external stakeholders to secure our infrastructure (including cloud) and other operational matters relating to information security, governance and cyber risk, ensuring alignment with organisational objectives and industry standards.

Key Responsibilities

• Performing information security risk assessments of third parties, as part of the wider third-party risk management process and obtain assurance that they are protecting Cifas assets, as well providing assurance to members regarding information security.
• Assisting the Information Security Manager (ISM) with the approach to security architecture, secure controls and assurance for our cloud-native production environment, working closely with our MSP’s and technology team, ensuring alignment to and enabling business objectives and Information Security strategy.
• Supporting the implementation, maintenance and assurance of security controls across the corporate IT infrastructure aligning to business objectives and Information Security strategy.
• Assisting the development of security policies, standards, and frameworks across the organisation, working with teams to influence embedding them into the business.
• Supporting the business with InfoSec risk identification and treatment within the context of the latest threats, assist with regular risk assessments, threat modelling and identifying mitigation strategies.
• Supporting the technical response to a security incident, as well as assisting with the development and testing of response plans.
• Assisting with the delivery of relevant information security training & awareness material as part of a wider program designed to drive a culture of security awareness across the organisation.
• Obtaining assurance data (KPI/KRI) for security controls and create regular high-quality reports for all levels of the business.

Skills, Knowledge and Expertise

• An A Level education or equivalent qualification. Relevant experience acceptable.
• An understanding of risk management practices and experience working within a risk culture.
• Knowledge of key security frameworks (ISO 27001, NIST CSF, CIS Controls).
• Experience performing third party security risk assessments.
• Understanding of corporate security technologies (IAM, EDR, cloud security).
• Experience of working within an incident response team.
• An awareness of cloud security architecture principles and emerging threats.
• Excellent communication skills, particularly in translating technical concepts for non-technical business stakeholders.
• Proven problem solving and analysis abilities.
• CISM, CISA, CRISC or other relevant information security certifications, an advantage.
• A degree in a relevant subject e.g. Cyber Security would be advantageous.

Benefits

• Remote working with approximately 2 days a month in the London office, although there will be a requirement to attend conventions, forums and events.
• Generous annual leave, plus bank holidays.
• Private healthcare.
• Excellent pension package through salary sacrifice.
• Personal and professional growth.
• Employee wellbeing – Wellbeing breaks, wellbeing hub access including exercise programmes, meditation guides, sleep stories and yoga.

We have introduced agile ways of working, allowing teams to decide how best they work, while ensuring regular opportunities to collaborate and innovate. We create an environment to help you to unleash your potential and perform the most rewarding work of your career, whilst keeping your wellbeing at the foremost with initiatives in place to promote the wellness of our people. We are committed to building a diverse and inclusive culture and have dedicated inclusion champions across the business to celebrate and promote our uniqueness. We also have a dedicated team of volunteers looking for innovative ways to give back as part of our commitments under our Corporate Social Responsibility. And we’re delighted to be recognised in the 2021, 2022 & 2024 best companies to work for listings. We have also been awarded the Investors in People Gold accreditation.

If you are passionate about our purpose and would like an opportunity to make a valuable contribution to fraud prevention, we would like to hear from you.