Cyber Security Analyst/Lead

Overview Join Chambers and Partners as our next Cyber Security Analyst/Lead, a pivotal role at the heart of our commitment to safeguarding information and maintaining trust. You’ll lead the development and delivery of our information security programme, protecting our systems, data, and digital assets from evolving threats. This is an exciting opportunity to drive key security initiatives, oversee cutting-edge technologies, and ensure compliance with leading industry frameworks within a globally respected organisation. Main Duties and Responsibilities

1. Security Strategy & Governance: 

• Develop, implement, and maintain the organization's information security strategy, policies, standards, and procedures in alignment with business objectives and regulatory requirements. 

• Lead the development and implementation of an Information Security Management System (ISMS), based on ISO 27001 

• Conduct regular security risk assessments, identify vulnerabilities, and recommend appropriate mitigation strategies. 

• Stay up-to-date with the latest cybersecurity threats, trends, technologies, and best practices. 

• Provide expert advice and guidance on information security matters to various stakeholders across the organization. 

2. Security Operations & Incident Response: 

• Oversee the day-to-day operation of security systems and tools, including firewalls, intrusion detection/prevention systems (IDS/IPS), antivirus, anti-malware, SIEM (Security Information and Event Management), vulnerability scanners, and data encryption solutions. 

• Manage vulnerability management programs, including regular scanning, penetration testing, and remediation of identified weaknesses. 

• Lead and manage security incident response, including detection, analysis, containment, eradication, recovery, and post-incident review. 

• Develop and maintain robust disaster recovery and business continuity plans related to information security. 

• Monitor security alerts, logs, and reports for suspicious activity and potential threats. 

3. Compliance & Audit: 

• Ensure the organization's adherence to relevant information security regulations, laws, and industry standards (e.g. HIPAA, PCI DSS, NIST, CIS, ISO 27001, Cyber Essentials+). 

• Coordinate and participate in internal and external security audits, provide evidence, and ensure timely remediation of audit findings. 

• Develop and implement security awareness training programs for all employees to foster a security-conscious culture. 

• Manage third-party security risk assessments and ensure vendor compliance with security requirements. 

4. Infrastructure Security: 

• Collaborate with IT Operations and Infrastructure teams to ensure security is embedded in the design, implementation, and maintenance of all IT infrastructure, including cloud environments (e.g., Azure, AWS, GCP), networks, servers, and endpoints. 

• Manage access controls, identity management (e.g., Entra ID/Azure AD), and privileged access management (PAM) systems. 

• Manage access control processes to 3rd party applications, and 3rd party relations.  

• Oversee the patching and configuration management of all systems and applications to reduce the attack surface. 

5. Management & Leadership: 

• As this role develops, we expect the need for a dedicated team of security professionals. This position will then be responsible for the team’s service delivery, including leadership, mentoring, and general support of team tasks. 

• Manage relationships with third-party security vendors and service providers. 

• Prepare and manage the IT security budget, ensuring optimal allocation of resources. 

• Communicate security risks, incidents, and performance metrics to senior management and other stakeholders. 

• Drive continuous improvement initiatives within the information security function. 

Skills and Experience

• Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent practical experience). 

• Demonstrable experience in information security. 

• Experience creating Cyber Security roadmaps. 

• Strong understanding of information security principles, frameworks (e.g., ISO 27001, NIST, Cyber Essentials), and best practices. 

• Hands-on experience with security technologies such as firewalls, SIEM, IDS/IPS, vulnerability scanners, endpoint detection and response (EDR), and identity management solutions. 

• Experience with cloud security (e.g., Azure Security). 

• Proven experience in managing security incidents and conducting incident response. 

• Familiarity with data privacy regulations (e.g., GDPR). 

• Excellent analytical and problem-solving skills with a keen eye for detail. 

• Strong communication, interpersonal, and presentation skills, with the ability to convey complex technical information to non-technical audiences. 

• Ability to work independently and as part of a team in a fast-paced environment.  

• Experience building, developing and managing technology improvement programmes  

• Experience selecting and managing third party suppliers and solutions  

• Evidence of setting vision and direction, inspiring and engaging with others to deliver. 

• Technically astute, with in good knowledge of IT Operation and infrastructure.  

Desired Certifications (one or more is a plus): 

• CISSP (Certified Information Systems Security Professional) 

• CISM (Certified Information Security Manager) 

• CompTIA Security+ 

• CEH (Certified Ethical Hacker)