Information Security Analyst - (ISO27001, ISO27002, PCI DSS)

£40000.00 - £50000.00 pa + benefits
Nov 09, 2017
Dec 02, 2017
Contract Type
Full Time
Information Security Analyst - (ISO27001, ISO27002, PCI DSS, Data Protection Act) Working in the Information Security department you will be part of a team that provides Group wide Information security leadership, governance and support. The team is also responsible for the governance and management of the ISMS (Information Security Management System). The Information Security Analyst is required to directly create, maintain, support, assess, plan and report on security systems and processes with the Global Support division and other divisions as required. Key Responsibilities: - Security and Risk assessments including vendors, systems, and processes - Creation and administration of Standards related to Policy - Business SME support - Security control assessment/ solution selection support - Security Office documentation support: update papers, presentations, minutes from forums, process definition, data asset custodianship - Awareness training service provision (e.g. plans, content management, scenario design, service execution, metrics and reporting) - Work actively with both technical and non-technical teams to ensure adoption & maintenance of Information security related activities - Identify, record and escalate when necessary risks using the Information Security Risk management framework - Regular reporting on status of initiatives, projects and tasks - Assist with procedural document creation - KPI & Metrics collation and administration - Creation, monitoring & reporting of relevant security BAU services/activities - Proactively scope, plan, communicate and co-ordinate delivery of key information security initiatives across business boundaries and act as a subject matter expert accordingly - Collate, report and present outputs from initiatives and subject related research - Ensure knowledge of existing and emerging security related threats and solutions is kept up to date - Make recommendations for improvements to the Information Security posture - Prepare informational documentation and reports as requested on security matters and opportunities Skills & Abilities: - Excellent communication skills with the ability to build good relationships with a wide range of stakeholders, internal departments and key suppliers - Proficient skills in PowerPoint, Excel, Word and Outlook are essential - Remain approachable under pressure - Knowledge and ability to use relevant internal systems - Act with integrity, tact and diplomacy - Work as part of a team - Ability to complete a variety of related tasks - Pro-actively solve problems - Good time management skills - Ability to be flexible within role - Good attention to detail - Confident and highly motivated - Strong reporting skills and with the ability to evaluate and summarize information provided - Ability to translate technical language to non-technical colleagues Knowledge & Qualifications: - Commercial experience in information security role - Good understanding of PCI DSS, Data Protection Act, ISO27001, ISO27002 - Proven experience in creation and provision of security awareness to others - Experience in an Enterprise working environment - Basic understanding of ITIL principles - BS in Computer Science, Information Security, or a related field preferred - Currently holding or working towards relevant security certifications would be an advantage Please send a CV detailing the above required experience for consideration