£300 - £325 per day
8 months ago
My client, a Liverpool Wealth Manager are looking for an Information Security Analyst for an initial six month contract to work on their company's information security management system (ISMS).
This will involve the monitoring of key applications and security toolsets, incident response and supporting the framework of assurance reviews which ensure key security controls and processes are in place and operating effectively.
- Support the maintenance of the Group's Information Security policy suite ensuring it remains relevant and fit-for-purpose, and is circulated to all users as and when required.
- Undertake regular audits, monitoring and assurance reviews of the procedures which underpin the Group's Information Security policies.
- Support the information security incident response and management process; triage, investigation, response and mitigation
- Support the vulnerability testing processes performed both internally and by independent third parties.
- Establish, via close working with vendors and relevant third parties, monitoring processes and alerting of key security systems and toolsets, including:
- Email security solutions
- Internet filter / web proxy solutions
- Anti-malware systems
- Vulnerability management / patch management tools
- Security incident & event management services
- User awareness tools
- Mobile Device Management systems
- Network activity monitoring solutions, including IPS
- Data loss prevention solutions
Skills and Qualifications:
- Demonstrable experience in an IT Security, technical, audit, compliance or advisory role
- Competence in Information Security related matters
- Awareness of legal, technical and assurance principles as they relate to Information Security
- The ability to effectively gather and analyse relevant data and metrics and be able to communicate these, both verbally and in writing, to internal and external stakeholders
- Excellent communication skills and the ability to explain complex Information Security issues in plain English
- Proactive approach and ability to work with colleagues to gain commitment to delivery of Information Security initiatives
- Working knowledge of security domains, auditing standards and frameworks, and risk analysis frameworks including ISO 27001, Cyber Essentials, etc
- Either possess, or be working towards, a recognised information or IT security qualification - e.g. CISSP, CISA, CISM or equivalent
- Experience of IT security technologies including:
- Intrustion Prevention Systems - eg: SourceFire
- Next generation firewalls - eg: Checkpoint, Cisco,
- SIEM solutions - eg: LogRhythm
- Security monitoring tools - eg: Darktrace
- Web and email proxies - eg: Forcepoint, Symantec.Cloud
- Anti-malware tools - eg: Trend Micro
- MDM solutions - eg: Blackberry UEM
- Vulnerability management - Kace, Tenable Security Center