Cyber Security Analyst

Cyber Security Analyst

Northampton (1 day per week in the office)

50k

This is a brand new role in the IT Department

Experience in setting up Cyber Security from scratch is required

The Cyber Security Analyst role sits in the Technology & Transformation team and will be accountable for providing both proactive and reactive cyber security capability into the wider business in order to effectively mitigate risk. The role will provide monitoring, analysis and remedial work across all company tools, applications, systems, and platforms to protect against the ever evolving threat landscape. In addition to this the role works closely with the business functions and Head of IT on initiatives and projects. They will drive continual improvement around cyber and information security, and approach the role with a broad and holistic mindset.

Key Responsibilities:

• Work with stakeholders to understand where threats exist internally and externally, then devise and execute plans to mitigate them
• Provide both proactive and reactive cyber security capability to the business through monitoring and remediations
• Ensure cyber and InfoSec incident preparedness, response coordination and remediation, as well as regularly reviewed and tested business continuity and disaster recovery plans
• Work closely with the Senior IT Operations Manager to progress strategic project work, and ensure the swift resolution of business problems
• Ensure appropriate levels of IAM around all existing and to be acquired systems, platforms, technologies etc to provide robust security governance and controls.
• Maintain a single pane of glass view of overarching cyber security position across all business departments and functions using a well procured tool, enabling rapid identification of potential threats across the business entire technology landscape
• Administer and update all relevant applications such as EDR/XDR, MDM, SIEM etc and manage penetration testing activities
• Responsibility for device security, and ensuring non-authorised devices, as well as those used outside of allowed geographical locations cannot access nor authenticate to company systems/services etc.
• Ensure the business is alerted to and protected from all CVEs, zero day, vulnerabilities etc which apply to our landscape through numerous channels
• Assist in the configuration, deployment and management of end user devices with a security best practice mindset
• Collaborate with engineering and technology departments ensuring governance around secure by design principles.
• Maintain all cyber and InfoSec documentation, as well as perform audits, reviews and assessments ensuring continual improvement and reporting in line with CE/CE+ and ISO27001 accreditations.
• Identifying new technologies to support the business achieving its strategic objectives.
• Liaise with 3rd party suppliers to improve security position and establish best practices.
• Providing input to the continuous review of our processes and procedures, ways of working and tooling to enhance the departments capability and offering into the wider business.
• Drive employee training and awareness initiatives.
• Supporting the identification of key IT risks and appropriate mitigations to keep them within appetite.
• Adhering to the Companys GDPR and security policies.