Senior Info Sec Analyst

Develop, coordinate and maintain the delivery of an Information Security framework across the Capita Software Division, in line with Capita (Group & Division) Policies / Standards, industry best practice, client contractual requirements and the emergence of new regulations and technology. The role will enable the alignment and support of the Divisional strategy, to deliver an effective information security and governance framework, as part of a centralized team.
Primary Skills: Auditing, compliance, log reviews, exception process. security awareness, risk management, assessment, reporting, technical reporting, data analysis and management.
Working with established security and risk management governance structures, usually under supervision to support, review and undertake straightforward risk management. Helping with the analysis and derivation of business-supporting security needs, completing Cyber Security related risk assessments, basic threat assessments and other risk management activities.
• Internal audit qualifications and/or experience;
• Excellent relationship and stakeholder management;
• Commercial awareness;
• Experience in report writing, delivering presentations and developing dashboards / reports;
• Experience in preparing and delivering reports highlighting risks for senior management;
• Excellent analytical, decision making and problem-solving skills;
• Ability to analyze current business practices and identify areas of risk or improvement;
• Ability to achieve an enhanced level of security vetting and screening.
• Understanding of ISO27001 certifications and external audits;
• Appreciation of PCI DSS and Cyber Essentials;
• Appreciation of Public and Private Sector security requirements;
• Ability to communicate and influence at a senior level, including Director / Senior Management level;
• A desire to develop awareness, skills and qualifications, in the Security Domain;
• A desire to explore automation possibilities in the day-to-day job functions.
• Well versed with exception and incident management.
• Awareness of appropriate legislation and regulations, pertaining to industry;
• Data Privacy experience and / or qualification.
• Resolve & manage security issues that require an in-depth understanding of the IT environment.
• Knowledge of implementing and managing security monitoring tools.
• Knowledge of Capita Policies, Standards and Security / Data Privacy / Risk Framework;
• Awareness of industry best practices (such as OWASP and NIST Guidance

Job title:

Job Description:

Provide advice to address identified Cyber Security related risks by applying of a variety of security capabilities, which may include using published guidance, standards or experts as appropriate.

• Support the Divisional Information Security Strategy.
• Support a governance framework in line with Capita Policy, industry best practice, client / contractual requirements, (such as ISO standards / PCI DSS / Cyber Essentials) and relevant legal and regulatory obligations.
• Create business-focused, practical Information Security solutions for the benefit of the Division, which are compliant with Capita and industry best practices.
• Increase awareness of Information Security and Data Privacy across the Division, assisting the Division with achieving a compliance target of >95% with Group Mandatory Training.
• Provide support to the Division and its functions to ensure the effective maintenance of Information Security and Data Privacy.
• Develop and maintain industry awareness and best practices, relating to legislation & regulations, emerging threats, areas of operation and technology, surrounding Information Security and Data Privacy; and compete in knowledge transfer activities.
• Provide guidance and support to enable the Divisional functions to comply with contractual requirements, maintain required certifications (ISO27001 / PCI DSS / Cyber Essentials / HMG Security Policy Framework) and compliance with Capita Policies and Standards.
• Offer advice and guidance on Information Security and Data Privacy, to employees at all levels, to safeguard the confidentiality, integrity and availability of client and business information.
• Support the Division in managing Information Security and Data Privacy risk, in accordance with Capita Risk Framework and contractual requirements.
• Conduct internal audits against ISO27001 and other appropriate standards.
• Facilitate the coordination and management of scheduled external audits and Group Internal Audit activities.
• Provide support, guidance and management, of security related Incidents, as appropriate.
• Provide advice and guidance to the Division, to identify common trends, review lessons learnt, with a view to prevent the reoccurrence of security related incidents and data breaches.
• Develop and maintain relationship with Division and Group functions, to support Information Security & Data Privacy requirements.
• Ensure the completion of monthly reporting requirements, as directed by the Division / Group.
• Provide guidance and support, with regards to any future Divisional Acquisitions.
• Aid with the development, production and management of Critical Asset Registers, Threat Assessments, Business Continuity / Disaster Recovery documentation, throughout area of responsibility.
• Provide content and advice to the Divisional bid qualification review.
• Provide practical support and guidance surrounding the inclusion of risk management, security and privacy by design of Capita Software products and services.

Location:

,

Time Type:

Contract Type: