Information Security Analyst

Water Utility Company based in Yorkshire region of England.

Information Security Analyst

Salary:  £30,97 to £38,721, dependent on experience + pension + 25 days holiday per annum

Location: Midway, Bradford (hybrid working)

Who are looking for?

We are currently recruiting for an Information Security Analyst to play a key role in Yorkshire Water’s response to cyber and information security threats. As our Information Security Analyst, you will be working with colleagues across to organisation to identify and remediate threats and vulnerabilities, working with the Security Operations Centre to respond to incidents and identify risks in our supply chain.  You will also work on tuning our security tooling and developing new playbooks.

Working as a small team of Information Security Analysts you will administer, assure and maintain the technical information security controls within Yorkshire Water, helping to maintain our compliance with regulation. You will also work with stakeholders across the organisation to securely enable the operation of the business through engagement on projects and take every opportunity to champion the cyber security message.

What will you be doing in the role?

As our Information Security Analyst, you will utilise relevant security tools to provide a proactive vulnerability and assessment service, escalating where necessary to the Information Security Manager. Assessing and providing solutions, you will take the lead role in the investigation of security incidents from a technical perspective, ensuring all work is accurately recorded and tracked to enable KPI reporting on security incidents within the business. You will also:

Provide proportionate and relevant technical security advice and guidance to non-security professionals across the business to ensure security requirements and considerations are taken into account across multiple workstreams e.g.
Penetration testing and vulnerability scanning as part of the project lifecycle;
Security due diligence of suppliers and ongoing assessments;
Embedding vulnerability scanning within the IT department, i.e. within software development or server deployment;
Any technical queries around the DPIA process
Provide proportionate and technical security advice and guidance to the members of the team specialising in governance to aid with:
The administration and maintenance of the ISMS
Technical input on process documentation with the ability to create process documentation where required
The completion and maintenance of governance documentation and records (DPIA, Security Review Form, audit spreadsheets)
Own or assist with sections of the internal and external audit cycles, providing regulatory and legislative assurances as part of the ISMS
Provide technical risk assessment information to the Information Security Manager to support the information security risk register
Raise awareness of information security by participating in the creation of our Information Security Awareness programme, delivering security presentations across the business and to third parties
Play a leading role in the creation of information security at home advice.
Knowledge and Skills Required

Essential:

Our Information Security Analyst will ideally have previous experience with common IS management frameworks, such as International Standards Organization (ISO) 27001 and PCI DSS. With a broad understanding of current IS technologies, vulnerabilities, exploits, exposures and malicious behaviours, you will be able to demonstrable understanding of information security at a practical level. You will also:

Have a broad experience of cyber security tools, supported by an in-depth knowledge of Information Security best practices
Possess strong knowledge of IT systems and technologies, with the ability to interface smoothly across all levels of the business, interpreting requirements and delivering appropriate solutions
Be able to assess the impact and effect of new systems, applications, external connections and new suppliers on Kelda Groups Information Security posture and maturity
Demonstrate excellent written and verbal communication skills, with strong presentation skills and the ability to motivate and influence people
Have highly effective and creative problem-solving skills, with the ability to negotiate and influence across all stakeholder groups
Be able to prioritise workloads and to know when to seek guidance, escalating if required.
Desirable:

Practical experience of carrying out information security compliance reviews/ audits
Negotiating and third-party management experience
Practical experience of risk management methodology and toolsets
Practical experience of data classification methodologies and management.
 

If you feel this opportunity is suitable and you match the skills required, then please apply online and complete the application process.