Senior Information Security Analyst

Excited to grow your career? Our purpose is to make it easy for people to save and invest for a better future. We are looking for great people to join us, so please come and invest in YOUR future at Hargreaves Lansdown.

We know that sometimes people can be put off applying for a job if they don\’t tick every box. If you\’re excited about working for us and have most of the skills or experience we\’re looking for, please go ahead and apply. We\’d love to hear from you!

About the role

As Hargreaves Lansdown (HL) continues its digital journey, we are enhancing our Cloud Assurance capabilities, within our Information Security Team. We are seeking a highly skilled Senior Security Analyst with a proven track record in delivering and maintaining Cloud assurance, preferably within a financially regulated enterprise environment or similar.

The Senior Security Analyst is a specialist lead SME role with the primary focus on AWS Cloud Security Assurance, as well as Governance, Risk and supporting Compliance. You will be supporting the Information Security function to ensure HL remains effective in protecting critical information assets within risk appetite. You will be working with a highly skilled and committed Security, Digital IT and Cloud teams. You will play a significant role in our Cloud journey, working with our AWS and Azure Cloud platforms and security toolsets. We offer a commitment to your career development through training, mentoring and internal opportunities.

What you\’ll be doing

• You will be the SME and lead for the technical aspects of Cloud security assurance risk and controls.
• You will oversee and conduct, as necessary, Cloud Compliance assessments for AWS and Azure risk assessments, enforce cloud security policies and standards. Leading the AWS SRC workstream.
• Assisting the Information Security Team in ensuring HL\’s Information Security Management System remains effective in protecting HL critical information assets within risk appetite.
• Lead assurance activities against Information Security Compliance frameworks, including but not limited to: PCI, NIST, SWIFT, GDPR
• Conducting analysis of cloud-based assets pertaining to information security incidents, audits, and testing while adhering to best practices.
• Lead engagement of Cloud Audits and remediation activities.
• Leading in the identification and reporting of remediation and mitigation activities related to cloud security findings across multiple cloud platforms (AWS and Azure).
• Identifying gaps in cloud security posture and prioritise remediation efforts.
• Building relationships across multiple business functions, locations, and technical stakeholders to accomplish goals. You will help deliver the strategy by emphasising the importance of AWS Well Architected Framework, Shared responsibility model and good cloud governance.
• Delivering a best-in-class service within a high performing Security team
• Leading by example to create a culture of continuous service improvements

About you

• Experience in a regulated environment, preferably Financial Services.
• Previous experience in Information/Cyber Security, with demonstrable experience of Cloud Security tooling, to reduce risks and maintain strong controls in a DevSecOps cloud context
• Highly organised with the ability to prioritise workload
• Excellent verbal and written communication skills
• A willingness to learn as well as to knowledge share.
• Effective interpersonal skills to engage and collaborate with multiple internal and external Stakeholders at all levels.
• Practical work-based experience across the areas of security policy, culture, audit, and risk management.

• Strong knowledge of common, cloud technologies, enterprise, and network architecture.

What you\’ll have

• Minimum or similar certifications in: AWS Certified Cloud Practitioner, Certified to advanced security standards, for example CCSK, CCSP, CISSP, CRISC

• Hands on demonstratable experience and knowledge of: Carrying out security reviews against recognised security control frameworks such as CSA Cloud Control Matrix, ISO27017/27001, NIST CSF, PCI-DSS, SWIFT, AWS CAF

• Atlassian, IAAC Terraform, Merge Requests, GIT Ops, Git Hub, Workflow, Wiz, Security Hub, Macie, Audit Manager, Microsoft Compliance Portal/Purview, Microsoft Information Protection (AIP), Azure Security Centre.
• Strong experience with DevOps practices, continuous integration/continuous deployment (CI/CD) pipelines, and related tools
• Ability to evaluate the adequacy of cloud security controls, and how they are applied in a business context.

Interview process

The interview process for this role will be in two stages. The first stage will incorporate competency-based questions including an assessment of your technical knowledge and transferable skills. For successful candidates, the second stage will be a presentation followed by questions, face-to-face in our Bristol office.

Working Schedule

This role is based in our Bristol head office, BS1 5HL. This is a permanent full-time role, 37.5 hours per week, Monday to Friday. We have returned to the office, however for this role we offer a hybrid flexible working pattern of working in the office and at home.

Why us?

Here at HL, we\’re the UK\’s number 1 investment platform for private investors, based in Bristol. For more than 40 years we\’ve helped investors save time, tax and money on their investments.

To achieve our mission, we believe we have a workplace like no other, with constant learning, dynamic teams, and a great ethos. We\’re steered by core values that promote service, quality, innovation, and opportunity in everything we do.

What\’s on offer?

• Discretionary annual bonus and annual pay review
• 25 days holiday plus bank holidays and 1-day additional Christmas closure
• Option to purchase an additional 5 days holiday
• Flexible working options available, including hybrid working
• Enhanced parental leave
• Pension scheme up to 11% employer contribution
• Income Protection and Life insurance (4 x salary core level of cover)
• Private medical insurance
• Health care cash plans – including optical, dental, and outpatient care
• Health screening programme
• Help@hand – confidential support including mental health counselling and remote GP
• Wellhub – unlimited access to fitness providers and wellness coach sessions
• Variety of travel to work schemes with bike storage and shower facilities
• Inhouse barista and deli serving subsidised coffee and sandwiches
• Two paid volunteering days per year

Hargreaves Lansdown is an inclusive employer that values diversity in its workforce. We encourage applications from all individuals without regard to race, religion, gender, sexual orientation, national origin, disability or age.

This role may also be available on a flexible working or part time basis – please ask the Recruitment & Onboarding team for more information.

Please note, we are unable to provide employment sponsorship to candidates.