Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Conduct threat modelling and ensure secure delivery of systems and applications.
- Company: Leading energy delivery company with a focus on innovation and security.
- Benefits: Competitive salary, professional development, and opportunities for growth.
- Why this job: Join a dynamic team and make a real impact in cyber security.
- Qualifications: Degree in relevant field and certifications like CISM/CISSP required.
- Other info: Collaborative environment with strong focus on compliance and risk management.
The predicted salary is between 36000 - 60000 £ per year.
Our client are leading the way in energy delivery and are looking for an experienced Information Security Assurance Analyst to join their fantastic team.
Perform a threat modelling exercise of all projects and provide mitigating cyber security requirements to help ensure the secure delivery of compliant systems, applications and business processes.
Review both high/low level architecture definition documents for compliance against security policies, standards and regulatory requirements, defining Cyber non-functional requirements.
Attend Technical Design Authority (TDA) meetings to provide security signoffs.
Work within the Security Assurance team consisting of security assurance analysts/consultants providing thought leadership across several assurance functions, and helping smooth engagements with project delivery teams.
Perform cyber security risk assessments, compliance checks, audits and reviews to ensure that appropriate security controls are in place and highlight any deficiencies and gaps for management consideration.
Provide support in scoping and overseeing pen tests and re-tests. Review recommendations and collaborate with the relevant teams to support remediation efforts.
Provide cyber security assurance activities by ensuring implemented solutions are a replica of agreed and approved architecture definition documents, helping to facilitate penetration testing, whilst providing security advice and guidance.
Support to management, BAU and projects to comply with legal and regulatory requirements. Where required, propose solutions and coordinate delivery of mitigating actions to ensure risk levels are aligned with risk appetite.
Perform compliance checks to ensure Cyber Security controls are operating as designed. Ensure security assurance processes and procedures are followed and evidence retained for regulatory and audit purposes.
Provide relevant updates to monthly CNI and governance forums. Provide relevant input to security reports to execs, shareholders and the board. Support regulatory reporting and inspections, internal and external audits and remediation of findings.
Ensure identified issues and risks resulting from security assurance activities are appropriately managed, providing visibility to senior leaders of high-risk areas. Support the CISO and wider cyber management team.
Build and maintain relationships with key stakeholders, including the PMO and delivery teams, IT Operations and product groups, Architecture and third-party security providers.
WHAT YOU’LL BRING
The individual should be educated to degree level in a relevant discipline. Must be CISM/CISSP/CCSP/TOGAF/CRISC/AWS Solution Architect or equivalent certified or willing to undergo certification on the job. Must have Security Clearance or be eligible for security clearance. Must have experience in Cloud (IaaS, PaaS, SaaS). Must have proven expertise in three of the following security areas: identity and access management, network security, end user security, threat modelling, Security Risk and Compliance, penetration testing. Must have at least 3 years’ cyber security experience.
Good understanding and practical experience of Cyber Security Frameworks and standards such as NCSC CAF, NIST Framework, ISO 27001, ISO 27005, IEC 62443 etc. Good understanding of Cyber Assurance Framework and experience with working with Regulators and providing compliance updates.
Skills that will help you in the role:
- Knowledge and experience on IT Auditing/Control testing, IT Information Security and IT generic computing controls.
- Knowledge of technology risk and controls including relevant tools and techniques.
- Knowledge of key areas in technology risk, including operations, change, security, resilience at both application and infrastructure layers.
The suitable candidate must be a highly motivated individual. A proven track record as a cyber security subject matter expert in this or other organisations is a prerequisite requirement. The role will require significant attention to detail and ability to work with both a strategic, Director level as well as working with subject matter experts on detailed design issues and application, integration and data modelling.
The successful candidate will be required to be an excellent communicator and not averse to dealing with conflict management and decision making on a regular basis.
Desirable experience in Vulnerability Assessment and Management, Cloud Security Architecture, Application Security, Security Operations Centre and Investigations, Incident Management and Security Engineering.
Information Security Assurance Analyst in Portsmouth employer: TalentHawk
Contact Detail:
TalentHawk Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Information Security Assurance Analyst in Portsmouth
✨Tip Number 1
Network, network, network! Get out there and connect with people in the industry. Attend meetups, webinars, or even just grab a coffee with someone who works in cyber security. Building relationships can lead to job opportunities that aren’t even advertised!
✨Tip Number 2
Don’t underestimate the power of LinkedIn. Make sure your profile is up-to-date and showcases your skills in information security. Engage with posts, share relevant articles, and join groups related to cyber security to get noticed by potential employers.
✨Tip Number 3
Prepare for interviews by brushing up on your technical knowledge and soft skills. Be ready to discuss your experience with threat modelling, compliance checks, and risk assessments. Practise common interview questions and have examples ready to demonstrate your expertise.
✨Tip Number 4
Apply through our website! We’ve got loads of opportunities waiting for you. Tailor your application to highlight your relevant experience in cyber security and show how you can contribute to the team. Don’t be shy – we want to hear from you!
We think you need these skills to ace Information Security Assurance Analyst in Portsmouth
Some tips for your application 🫡
Tailor Your CV: Make sure your CV is tailored to the Information Security Assurance Analyst role. Highlight your relevant experience in cyber security, especially in areas like threat modelling and compliance checks. We want to see how your skills match what we're looking for!
Craft a Compelling Cover Letter: Your cover letter is your chance to shine! Use it to explain why you're passionate about cyber security and how your background makes you a great fit for our team. Don’t forget to mention any certifications you have or are willing to pursue.
Showcase Your Achievements: When detailing your experience, focus on specific achievements rather than just listing duties. For example, if you’ve successfully led a penetration test or improved compliance processes, let us know! Numbers and outcomes can really make your application stand out.
Apply Through Our Website: We encourage you to apply through our website for the best chance of getting noticed. It’s super easy and ensures your application goes directly to us. Plus, we love seeing candidates who take that extra step!
How to prepare for a job interview at TalentHawk
✨Know Your Cyber Security Frameworks
Make sure you brush up on key Cyber Security Frameworks like NCSC CAF, NIST, and ISO standards. Be ready to discuss how you've applied these frameworks in your previous roles, as this will show your practical experience and understanding of compliance.
✨Prepare for Threat Modelling Questions
Since threat modelling is a crucial part of the role, be prepared to explain your approach to conducting threat assessments. Think of specific examples where you've identified risks and proposed mitigating actions, as this will demonstrate your hands-on expertise.
✨Showcase Your Communication Skills
As the role involves liaising with various stakeholders, practice articulating complex security concepts in simple terms. Prepare examples of how you've effectively communicated security requirements to non-technical teams or managed conflicts in past projects.
✨Familiarise Yourself with Compliance Checks
Understand the compliance checks and audits relevant to the role. Be ready to discuss your experience with regulatory inspections and how you've ensured that security controls are operating as intended, highlighting any gaps you've identified and addressed.
