The Information Security Analyst will be vital to shaping the controls and governance needed to ensure a secure approach within Group Finance and running the controls in line with the Group’s Security Strategy.

The Information Security Analyst will be vital to shaping the controls and governance needed to ensure a secure approach within Group Finance and running the controls in line with the Group’s Security Strategy. This role will assist with Access Control reviews and permissions management, co-ordinate security testing and oversight of remediation of vulnerabilities, risk assess new technologies and projects and create uses cases for / review alerts from security monitoring tools.

Principal Accountabilities:

 – Initiating access control reviews through new tooling and requesting changes on Group Finance systems to keep access rights up to date.

 – Scoping and Scheduling of security testing (using third party suppliers) of Group Finance systems, reviewing and advising on fixes required and tracking remediation activities to get an overall view of security risks to Group Finance.

 – Supporting the documentation of a control environment and agreeing then performing the regular checks to ensure controls remain effective.

 – Offering security consultancy to individuals or projects led by Group Finance, reviewing designs and following risk assessment / management procedures as required. This ensures Security is considered in our day-to-day operations.

 – Includes creating application user cases, co-ordinating application changes to produce relevant logs, assisting in tuning events from output and investigating alerts, MI reporting to maintain our security event visibility.

Qualifications:

Appropriate security qualifications and memberships (e.g. CISSP, CISA, etc.) are desirable, but not essential. Alternatively an academic background in Security would be of benefit, i.e. BSc or MSc in Information Security.

Knowledge:

• Information Security broadly, knowledge of Access Control security, Vulnerability Management and Control assessments are desirable

• International recognised and formal standards for IT control and Security Management Systems, including ISO2700x, COBIT, COSO, ITIL and NIST Cyber Security Framework

• Understanding of trends in security threats, analysis of major publicised incidents and IT trends as they relate to security threats

• Structured approaches to incident and crisis management – experience of contributing to major security incident management is desirable

Experience:

• Operation of security controls (such as access control management, SIEM operation, DLP management)

• Information security compliance to regulatory and industry frameworks

• Building successful working relationships and team dynamics in a matrix environment

• Practical, common sense delivery of successful, collaborative security solutions

Whatever your role, we reward ability, performance and attitude with a package that looks after all the things that are important to you. Our employees have a wide range of benefits including a generous pension scheme, life assurance, 25 days’ holiday, private medical insurance, discretionary performance related bonuses, paid overtime, a variety of share schemes, discounts at both a huge range of high street stores and our own great products, your hard work will be rewarded when you join us.

For more information please contact Chloe McCauley, Resourcing Lead - chloe.mccauley@landg.com.