Implementation Designer Our Banking client is offering an exciting opportunity for a Implementation Designer to join their Edinburgh based team on a 6 month...
Information Security Analyst
Information Security Analyst is an integral part of the security operations team with the objective of safeguarding the confidentiality, integrity and availability of business information and systems. The role is technical and must deliver continuous operational security improvements by coordinating penetration testing. The successful Information Security Analyst will have the following skills:
- Penetration testing governance, including the scoping and scheduling of external penetration testing suppliers, the coordination of remediation actions and hands-on internal application and system testing.
- Project security testing and work with security standards and design team to verify projects going though service transition meet operational security requirements.
- Deliver control improvements, act as security SME and coordinate control improvements identified by incident root cause, vulnerability management or the security issue register.
- Participate in change control processes, provide an SME guidance on operational changes to ensure BAU change does not reduce security posture.
- Support risk assessments, work alongside the technology risk team to assess both internal systems and 3rd party suppliers.
- Contribute to the security transformation programme and take ownership of security issues requiring immediate remediation. Work with technical teams to develop, plan and implement required fixes.
- Work within governance forums such as ITIL change control or cyber security governance committees.
- Extensive experience in security within an international asset management or similar large organisations.
- Experience managing enterprise penetration testing programs. Including hands on experience with application and system testing and the ability to perform internal tests.
- Experience with security tools, such as SIEM, IDS/IPS, vulnerability scanners, AV, web and email filtering, webapp firewalls and DDoS protections, host based protections and malware analysis.
- Familiarity with common enterprise technologies e.g. Microsoft, Linux, VMWare, Citrix, Bloomberg etc.
- Passion for security and self-development to keep up to date with the evolving threat and vulnerability landscape, new technologies and service improvements.
- Able to work in an international matrix organisation with complex and dynamic drivers and constraints.
- Comfortable with a fast paced multi-threaded working environment.
- Industry recognised certifications such as CEH, OSCP, CISSP or equivalent experience.
If interested please submit your CV and I will contact you to discuss further.
We are an equal opportunities employer and welcome applications from all suitably qualified persons regardless of their race, sex, disability, religion/belief, sexual orientation, gender reassignment, marriage and civil partnerships, pregnancy or maternity or age