Senior Information Security Analyst

Our Client is a leading global company specialising in pharma products. They are looking to recruit a Senior Information Security Analyst with at least 5 to 7 years expertise in Technology Security.

The Senior Information Security Analyst is responsible for maintaining information security policies, architecture, technical standards, technical controls, security solutions, guidelines, procedures, and other elements necessary to maintain security posture. Responsible for assessing information risk and facilitating remediation of identified vulnerabilities & risks across the organization. Accountable for coordinating the execution of security measures to protect our computer infrastructure, information systems and to ensure the organization maintains an acceptable risk posture.

The Senior Information Security Analyst is highly engaged in risk management and mitigation, including evaluating vendor risk, examining vendor contracts for terms of service, understanding third-party risk, and data privacy issues. The analyst serves as an expert on cybersecurity protection, detection, response, and recovery. This individual is responsible for coordinating penetration testing and managing internal and external cybersecurity analysts to detect, mitigate, and analyze threats. Works closely with other teams to develop controls such as firewalls, business systems, data leakage protection systems, patching, encryption, vulnerability scanning, application code scanning, remediation as well as defining configuration for a variety of security tools. Prior experience in an international enterprise environment is essential.

Responsibilities

• Collaborate with IT teams for input and operational requirements to design and implement the company's overall cybersecurity strategy.
• Identify and address security gaps discovered through ongoing monitoring of all information security controls and implement enhancements to security controls.
• Manage access to elevated privileges accounts and audit activities to meet business and regulatory requirements.
• Evaluate and/or implement cybersecurity solutions and controls to maintain confidentiality, integrity, and availability.
• Actively participate in proofs-of-concept for new security technologies by developing selection criteria to identify appropriate security solutions to support strategic, operational needs, and security requirements.
• Participate in the development and testing of the security incident response plan, act as the incident response leader.
• Develop security, risk, and compliance reports and alerts.
• Participate in the yearly review of policies and procedures to support information security, risk, and security compliance activities.
• Participates in developing, testing, and implementation of disaster recovery procedures for the cybersecurity technology in place.
• Manages cybersecurity projects to ensure that the delivery is on-time, within budget, and adopted to meet the company's information protection requirements.
• Performs or coordinates internal security assessments, penetration tests, vulnerability scans, and assess organization cybersecurity maturity complying with frameworks and regulations such as COBIT, NIST (800-53, cybersecurity), ISO, ITIL, PCI, GLBA, GDPR, HIPAA, and other data privacy and security standards and regulations.
• Provides internal customer support via assigned tickets for security-related issues, while ensuring assignments are resolved within assigned SLAs.
• Evaluate and implement CIS critical security controls where necessary.
• Will provide input into cybersecurity strategic roadmap and annual budget.
• Adhere to applicable change management policy and procedure.

Qualifications

• Bachelor's degree required; advanced degree highly desirable.
• Candidates must possess significant analytical skills, which evolved from early academic training in Cybersecurity, Information Systems, Computer Science, or similar discipline.
• Provides a documented work history that includes a minimum of 5-years experience in Information Security.
• Proficiency in security framework models such as NIST, etc., implementing and auditing security measures, security response, and incident management.
• Possess a working knowledge of Cisco network switches, routers, firewalls and VPN, network security, administration of DLP, antivirus/antimalware, IDS/IPS, SIEM, SMTP, Email security, AD, Group Policy, DNS, DHCP, and VLANs.
• Experience with identity access management solutions, such as SAML/OATH.
• Experience with HIDS and NIDS.
• The ideal candidate possesses relevant information security or cybersecurity certifications.
• Requires the ability to analyze and recommend changes to the security landscape where necessary to meet the information security objectives of the organization.
• Participates in change management meetings and provides expert input to ensure security is maintained.
• Knowledgeable in security best practices such as encryption, hashing, vulnerability scans, event log monitoring, intrusion detection and prevention, eDiscovery, and content filtering.
• Ability to manage and continuously improve upon vulnerability management program.
• Ability to propose solutions for closing identified vulnerabilities in the infrastructure.

Desired Qualifications

• Certified Information System Security Professional (CISSP), NIST Cybersecurity Framework (NCSF), Certified Cloud Security Professional (CCSP) and/or Certified Ethical Hacker (CEH).
• Knowledge and experience with Microsoft Office and Visio.
• Knowledge of WAN technologies including MPLS, SD WAN.
• Knowledge of cloud providers security (AWS, GCP or Azure).
• Prior experience managing Cisco ELA products including DNA, Firepower, ISE Management console, Umbrella, Cisco AMP for endpoints, Stealth watch, as well as Splunk, SolarWinds, Varonis and Darktrace.
• Prior experience with Azure Rights management and Information protection highly desirable.
• Project management skills are highly desirable.
• Previous experience in a HIPAA/FDA regulated environment.

Competencies

• Motivation/Initiative: Motivated and curious, willing to ask questions, research issues, and take on challenging projects/assignments; creative, brings new ideas to the table, exhibits self-confidence. Position requires a strong achievement motivation and tenacity.
• Administrative Skills: Possesses the ability to organize and follow-through on multiple tasks recognizes and attends to important details with accuracy and efficiency. Works to complete goals, tasks, and plans, anticipate potential problems and analyze alternative solutions.
• Interpersonal Style: Develops/maintains effective working relationships; listens attentively to others; communicates ideas clearly (written & verbal); relates to people in an open/sincere manner; participates effectively in meetings; assists in finding solutions as well as identifying problems; communicates appropriately with supervisor, and co-workers. Able to influence other individuals and maintain calm and reliable demeanor in the face of challenges.
• Self-Management: Adapts readily to changes in routine; works effectively in stressful situations; needs limited guidance and direction; is comfortable working in a fast-paced environment; is reliable and dependable; is results-oriented; maintains productivity and composure under pressure; views problems as opportunities to create solutions.
• Thinking Skills: Diagnoses problems efficiently; gathers sufficient input before making decisions or plans; makes timely decisions, quickly determines sources of the problem, identifies information needed to solve a problem and analyzes alternative solutions, communicates issues and decisions effectively to the team.
• Customer Orientation: Sensitive & responsive to internal customer needs; demonstrates skills in customer services and satisfaction; maintains a positive attitude, willing to listen to customer problems and seeks solutions; stays in tune with changing needs of customers.

This is a UK based role at the Central London offices of the Client, although for the foreseeable future you will be based at home and work remotely. The salary for this role will be in the range £70K - £85K.