Job Description
Senior Information Security Analyst
Our Client is a leading global company specialising in pharma products.
They are looking to recruit a Senior Information Security Analyst with at least 5 to 7 years of expertise in Technology Security.
The Senior Information Security Analyst is responsible for maintaining information security policies, architecture, technical standards, controls, solutions, guidelines, procedures, and other elements necessary to maintain security posture.
Responsible for assessing information risk and facilitating remediation of vulnerabilities and risks across the organization. Accountable for coordinating security measures to protect our computer infrastructure and information systems, ensuring an acceptable risk posture.
The Senior Information Security Analyst is highly engaged in risk management, including evaluating vendor risk, examining vendor contracts, understanding third-party risk, and data privacy issues.
This individual serves as an expert on cybersecurity protection, detection, response, and recovery, coordinating penetration testing and managing cybersecurity analysts to detect, mitigate, and analyze threats. Works closely with other teams to develop controls such as firewalls, data leakage prevention, patching, encryption, vulnerability scanning, and configuration of security tools. Prior experience in an international enterprise environment is essential.
Responsibilities
- Collaborate with IT teams to design and implement the company's cybersecurity strategy.
- Identify and address security gaps through ongoing monitoring and enhancements.
- Manage access to privileged accounts and audit activities to meet regulatory requirements.
- Evaluate and implement cybersecurity solutions to maintain confidentiality, integrity, and availability.
- Participate in proofs-of-concept for new security technologies.
- Develop and test security incident response plans, acting as incident response leader.
- Develop security, risk, and compliance reports and alerts.
- Review policies and procedures annually for security compliance.
- Develop, test, and implement disaster recovery procedures.
- Manage cybersecurity projects to ensure timely delivery within budget.
- Perform or coordinate security assessments, penetration tests, and vulnerability scans.
- Ensure compliance with frameworks like COBIT, NIST, ISO, PCI, GDPR, HIPAA, etc.
- Provide internal support for security issues within SLAs.
- Evaluate and implement CIS controls as needed.
- Contribute to cybersecurity strategic planning and budgeting.
- Follow change management policies.
Qualifications
- Bachelor's degree required; advanced degree highly desirable.
- Minimum 5 years experience in Information Security.
- Proficiency in security frameworks like NIST, implementing and auditing security measures.
- Knowledge of Cisco networking, firewalls, VPN, DLP, IDS/IPS, SIEM, and related technologies.
- Experience with identity access management solutions such as SAML, OAuth.
- Relevant security certifications (e.g., CISSP, CISM, CEH) are highly desirable.
- Ability to analyze and recommend security improvements.
Desired Qualifications
- Certifications like CISSP, NIST CSF, CCSP, CEH.
- Knowledge of cloud security (AWS, GCP, Azure).
- Experience managing Cisco ELA products, Splunk, SolarWinds, Varonis, Darktrace.
- Experience in HIPAA/FDA regulated environments.
Competencies
Motivation, initiative, administrative skills, interpersonal skills, self-management, thinking skills, customer orientation, adaptability, problem-solving, and effective communication are essential for success in this role.
This UK-based role is located at the Central London offices of the client, with current remote working arrangements. The salary range is £70K - £85K. Please send your CV in Word format, along with your salary expectations and availability.