Snr IT Security Analyst is required by international organisation based close to Gatwick Airport. This role will see you joining the Global IT Technology team. You will have a strong (cloud) Security and Information protection background and be responsible for (co) development of the Security Architecture of existing and new IaaS, Paas, SaaS, and BPaaS components. Support the development and maintenance of policies related to the IT and Security environment. Communicate and inform all levels about the security plans, requirements and policies. Auditing of the use of Security and other IT procedures to ensure that they meet the compliance, security and good practice requirements.
Key Responsibilities -
- Ensures that third parties and IT functions are following targets for availability, integrity and confidentiality including the periodic review, monitoring and mitigation of supplier controls.
- Evaluates all major system modifications and development/project requests to determine potential benefits and impact on information security operations.
- Assists IT functions with their security system design and setup documentation to ensure compliance with the relevant standards.
- Plans and performs audits of Information Security and other IT procedures.
- Conduct IT risk assessments and develop the appropriate risk treatment plans. Monitor and ensure the mitigation of residual risks.
- Act as the primary corporate control point during follow-up on significant information compliance or security incidents, overseeing incident management and the development of response plans and provide timely update reporting. Actively participate in iSMS process.
- Collaborate with the IT security and governance team to ensure information security risks in both ongoing and planned operations are properly considered and implemented, so that all compliance matters are being adhered to as required.
- Develop and maintain and report the key security related KPI’s to support ISO27001 and the IT General Controls (ITGC) framework
Key Requirements -
- Proven and recent experience for at least 3 years operating IT Security controls in M365 and Azure (Relevant Azure Certifications required)
- Expertise in information security architecture technologies and concepts.
- Expertise in the field of information systems security, including areas such as identity and access management, security program policies, processes, and procedures
- Understanding of emerging technologies and their impact on security architectures
- Significant experience with global regulatory-compliance frameworks including HIPAA, CALDICOTT, 21 CFR Part 11, EU Data directive and all other applicable laws.
- Certification in either CISSP, CISM, CISA or other similar
- ISO27001 lead auditor qualified preferred.
- Experience with information system disaster recovery planning and testing, auditing, risk analysis, business system resumption planning, and contingency planning.
- Familiarity or experience with cloud computing, online services, Web applications and enterprise applications including SaaS, PaaS, WaaS.