A fantastic opportunity has arisen for a Senior Cloud IT Security Analyst on permanent basis for a Global Prestigious Organisation based close to Crawley.
Ensures that third parties and IT functions are following the company’s targets for availability, integrity and confidentiality including the periodic review, monitoring and mitigation of supplier controls.
Evaluates all major system modifications and development/project requests to determine potential benefits and impact on information security operations.
Assists IT functions with their security system design and setup documentation to ensure compliance with the relevant standards.
Plans and performs audits of Information Security and other IT procedures.
Maintains professional growth and development through seminars, workshops and/or professional affiliations to keep abreast of latest trends in the assigned field.
Conduct IT risk assessments and develop the appropriate risk treatment plans. Monitor and ensure the mitigation of residual risks.
Act as the primary corporate control point during follow-up on significant information compliance or security incidents, overseeing incident management and the development of response plans and provide timely update reporting. Actively participate in iSMS process.
Collaborate with the IT security and governance team to ensure information security risks in both ongoing and planned operations are properly considered and implemented, so that all compliance matters are being adhered to as required.
Develop and maintain and report the key security related KPI’s to support ISO27001 and the IT General Controls (ITGC) framework
Relevant Knowledge, skills and competencies:
BS or MS in Computer Science or equivalent experience.
Proven and recent experience for at least 3 years operating IT Security controls in M365 and Azure (Relevant Azure Certifications required)
Expertise in information security architecture technologies and concepts.
Expertise in the field of information systems security, including areas such as identity and access management, security program policies, processes, and procedures
Understanding of emerging technologies and their impact on security architectures: service orientated architecture, enterprise frameworks, message based information exchange, etc. Experience with Industry controls and frameworks for audit, risk, compliance, security, governance and/or enterprise risk (COBIT, COSO, ISO27001, SOC)
Significant experience with global regulatory-compliance frameworks including HIPAA, CALDICOTT, 21 CFR Part 11, EU Data directive and all other applicable laws.
Professional security management certification preferred, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials
ISO27001 lead auditor qualified preferred.
Experience with information system disaster recovery planning and testing, auditing, risk analysis, business system resumption planning, and contingency planning.
Familiarity or experience with cloud computing, online services, Web applications and enterprise applications including SaaS, PaaS, WaaS.
Ability to understand business process flows and to provide recommendations for compliance requirements
Ability to apply best practice in troubleshooting, testing techniques, and quality assurance activities
Strong knowledge of information security including LDAP, SAML, ADFS, Encryption Protocols, SSL, Certificates, Identity management, Modern Authentication and SIEM.
Knowledge of network communications protocols and Firewalls.
Exposure to vulnerability and penetration testing as well as Ethical hacking would be advantageous.
Proven ability to work effectively with others in a global dispersed and technically diverse organization.
An individual who is organized, detail orientated with good time management.