We are recruiting for a Security Process Analyst to assist the IT Security Services Support Manager in ensuring that all risks associated with the protection of information are identified, quantified and documented with appropriate and proportionate responses implemented or risk acceptance signed off through the risk processes.

 To assist the IT Security Services Support Manager in ensuring that all risks associated with the protection of information are identified, quantified and documented with appropriate and proportionate responses implemented or risk acceptance signed off through the risk processes.

 To have a good understanding of the Data Protection Act, associated legislation and current best practices, which include keeping up to date with emerging issues and regulatory changes in order to provide accurate and timely advice to businesses on data protection and information security matters.

 Assist with business projects, third party bids from a data protection and information security perspective, by undertaking detailed analysis of proposals and providing support on relevant data protection and information security issues and requirements.

 Carry out Security Due Diligence assessments in order to ensure that the risks associated with the sharing of information with third parties is known, understood and documented and, where appropriate, action is taken to rectify issues and improve security.

 Key attributes

The successful candidate requires the following personable attributes.

Able to deal amicably with people, manage uncertainty and resistance both with internal and external customers and suppliers.

Able to understand and interpret basic requirements to come up with completed work packages with minimal supervision.

Willing to take responsibility to come to appropriate outcomes, based on business need.

Excellent written and verbal communication skills - able to communicate effectively with Business, IT and Information Security stakeholders at various levels.

Attention to detail is imperative.

Appreciation of business processes and procedures within a large complex environment or demonstrable ability to learn new business practices quickly.

Experience of working within an outsourced environment and with cloud suppliers.

Technical knowledge

The successful candidate would be able to demonstrate knowledge and understanding in the following areas:   

Demonstrable experience dealing with Security questionnaires (either /or as person asking or answering the questions).

In depth understanding of security processes and procedures such as experience of implementing / managing or auditing an ISMS.

Good understanding of industry best practice risk management frameworks.

Good knowledge of the Data Protection Act/GDPR, associated legislation and current best practices.             

High-level of interpreting the findings of Penetration Testing to ensure remedial actions are understood and being taken. 

Good knowledge and understanding of the implementation of IT Security principles across multiple platforms including wide understanding of security principles, including networking, Web application vulnerabilities, TCP/IP, VPN, Network Security systems, End-user Security software, application development.

Able to understand the organisation’s Information, Application and Technical architectures and how IT Security can influence this.

Any business analysis or project management qualifications also desirable but not mandatory.

Good working knowledge of the Microsoft Office suite, including MS Visio. 

Experience of working within an outsourced environment and with cloud suppliers.

Desirable Qualifications

ISO27001:2013 Lead Implementer / Auditor ITIL foundation,

CISSP, CISA,CISM,

ISEB foundation or equivalent(s)

Whatever your role, we reward ability, performance and attitude with a package that looks after all the things that are important to you. Our employees have a wide range of benefits including a generous pension scheme, life assurance, 25 days' holiday (plus one day after two years), private medical insurance, performance related bonuses, a variety of share schemes, discounts at both a huge range of high street stores and our own great products, your hard work will be rewarded when you join us.

Our view is that this role is suitable for agile working. This means we would consider a more flexible working arrangement, where your hours and work location are managed according to business, customer and personal needs. For this role, you would be based in Hove, but you could work in other Legal & General offices or at home, as necessary, provided this meets business needs. Details of agile working will be discussed during the interview process

For further information about the role, please contact Lynn Morriss, UK Resourcing Lead, at lynn.morriss@landg.com