Overview
We are seeking a Security Services Analyst to contribute to the delivery of security services and ensure the confidentiality, integrity, and availability of information within our organization.
Key Responsibilities:
* Develop operational best practices and standards for all security service processes.
* Monitor and audit the effectiveness of security processes and identify improvements.
* Provide input to governance standards, security policies, and procedures.
* Conduct assessments and make recommendations on technical baselines and standards.
* Coordinate activities for client's Security Services, including vulnerability management, SIEM, penetration testing, security communications, emergency response, threat & risk management, business continuity, and disaster recovery.
* Provide input into security assessments for new technologies and third-party vendors.
* Review project designs and change requests to ensure security is a principle of design.
* Carry out risk assessments and audits.
* Document risk notifications and work with the Business to identify courses of action.
* Support the Security Services Lead and Technology & Security Services Manager in matters pertaining to information risk and security.
* Provide cover for other members of the Security Services Team.
Work Relationships:
* Member of the Technology & Security Services Team.
* Reporting to the Security Services Lead and Technology & Security Services Manager.
* Internal: IT Process & Quality Manager, Service Delivery, Business Application Team, Project Management Office.
* External: Managed Service Provider, SIEM/SOC Provider, Third-party Suppliers & Vendors.
Requirements:
* Strong understanding of IT security risks.
* Experience of security processes and services.
* Familiarity with the NIST framework.
* Ability to deliver service in high demand / pressure circumstances.
* Excellent communication skills.
* Good reporting and documentation skills.
* Good presentation skills.
* Ability to work on own initiative and in a team environment.
* Strong interpersonal skills.
* Ability to prioritize and report clearly on service demand.
Qualifications:
* Relevant Bachelor's Degree in IT, Computer Science, Engineering, Business, or related area.
* Information security certifications – CISSP, CISM, CISA, CRISC, CEH, etc.
* ITIL Certification.
* PRINCE2 Certification.