We are recruiting for a Security Analyst to implement and operate regular security assurance activities to allow effective governance and security oversight of key suppliers.

Operational Effectiveness

Implement and operate regular security assurance activities to allow effective governance and security oversight of key suppliers.

Apply good practice for process and reporting to deliver on the above activities.

Develop and enhance security oversight capabilities and services for use internally.

Reporting

Support IT operations team in the areas of:

Security audits, intrusion and penetration tests

Security control effectiveness

Security infrastructure testing and oversight

3rd party supplied security management information (MI)

Service Support

Support teams when they perform RFPs, undertake 3rd party agreements, and when they undertake security audits, intrusion and penetration tests.

Provide support and technical guidance on the adoption of new testing tools and assist team with meeting obligations around regular security testing.

Provide technical security advice and support with policy exceptions from different business divisions in relation to projects or systems already in place.

Security Governance

Support teams when they work on policy and standards including when they oversee compliance against them and provide guidance on their operational enforcement.

Partner with the due diligence team to measure adherence to third party security oversight principles and practice.

Qualifications

Appropriate security qualification for the role would include Security+, SSCP, GIAC Cyber Defence certifications, CEH or CISSP.  In order to demonstrate the knowledge required to perform the role it is anticipated that the role holder will be educated to degree level in a relevant technical area and/or hold relevant work experience

Knowledge

Knowledge is required of:

IT Security, including good understanding of associated technologies and architectures

IT security principles, guidance and technical standards

Fully abreast of trends and changing technologies as they relate to information security threats and control

Good knowledge of some of the following is desirable:

Cloud architecture

Database security

Application security

Identity and Access Management

Encryption at rest and in transit

DLP

Endpoint and servers security (Antivirus/Antimalware, APT)

Perimeter and network security (Firewall, IDS/IPS, WAF, Proxy, Antispam, etc...)

Security Operations

Patch and vulnerability management

Incident Management

Experience

The role requires experience in:

Security operations or similar technical/IT environment

Installing and using security software, ideally assessment and configuration tools (i.e. automated vulnerability scanners, security auditing tools, network vulnerability tools, firewall rule evaluation etc.)

Understanding, interpreting and explaining output from security tools

Coordinating and working with on shore and offshore staff

Creation of reports and presenting data in easily understandable formats

Desirable:

Working with outsourced providers and 3rd parties  

PCI DSS knowledge

Exposure to ISO27001 and implementing or contributing to the creation of an ISMS

Systems design and development from business requirements analysis

Development of security standards and policies

Security risk management and reporting

Personal Attributes

Customer orientation

Able to liaise across all teams within the company including Infrastructure, Business systems owners and with suppliers

Superior analytical, evaluative and problem-solving abilities

Ability to work in a challenging environment

Exceptional service orientation, customer focus

Strong communication skills and presentation abilities

Listens to others and talks honestly

Adaptable

Ability to present ideas in business friendly and user friendly language

Whatever your role, we reward ability, performance and attitude with a package that looks after all the things that are important to you. Our employees have a wide range of benefits including a generous pension scheme, life assurance, 22 days’ (with potential to rise to 26 days) holiday, discretionary performance related bonuses, paid overtime, a variety of share schemes, discounts at both a huge range of high street stores and our own great products, your hard work will be rewarded when you join us.

Our view is that this role is suitable for agile working. This means we would consider a more flexible working arrangement, where your hours and work location are managed according to business, customer and personal needs. For this role, you would be based in Hove, but you could work in other Legal & General offices or at home, as necessary, provided this meets business needs. Details of agile working will be discussed during the interview process.

For further information about the role, please contact Lynn Morriss, UK Resourcing Lead, at lynn.morriss@landg.com