---------------------------------------------------
SECURITYFOCUS JOBS - NEW OPPORTUNITY
---------------------------------------------------
JOB DESCRIPTION
---------------------------------------------------
Position: Sr. Security Analyst
Location: Peterborough, , United Kingdom
Type: Permanent F/T
Closing Date: 2006-05-01
Information Security Analyst
Reference No. 142
Company Leading Insurance Group
Location Peterborough
Salary £30,000
Start Date ASAP
No. Required 1
Reporting to Information Security Manager
The Role
To identify and evaluate the effectiveness of security controls over sensitive
and valued information and where required make practical, innovative and value
adding solutions to information security issues identified
Critical success Factors:
The critical success factors for the business unit / department, e.g.
Security of information and computer systems is checked against the Groups
security standards.
The security of the e-commerce systems is checked as appropriate through a
cycle of internal and external security testing.
The criticality of key systems and processes is assessed and understood.
Provision of Information Security advice during the IT and Business change
process.
Security breaches reported by staff or identified by security monitoring
systems are analysed and appropriate actions are taken.
The Password Safe is managed to ensure that only appropriate IT staff are able
to access correct details and that Emergency access processes are maintained.
The systematic testing of IT security can be managed in accordance with
external and internal requirements (MasterCard & Visa standards for e.g.)
Outstanding Audit and security test recommendations are tracked and managed to
remediation.
All IT security issues and policy non-compliance issues are identified logged
and actively managed.
Reduction on the dependence on external resource to perform periodic and ad-hoc
security reviews and audits.
Purpose of the role:
Working with IT and Business employees to Associate Director level to ensure
that the information used or held by the group is afforded the appropriate
level of security and is only made available to those who are authorised to
view or modify it.
Scope of the role
Perform security audits and compliance checks against applications and computer
systems.
Perform the analysis of security logs from key systems to identity patterns of
activity that represent breaches of security, raising these as appropriate,
making recommendations to resolve and tracking to remediation.
Investigate security incidents, producing harm charts to show impact of
incidents to the business
Represent Information Security at Change forums, project meetings and where
necessary at the Information Security Business Forum.
Ensure all key systems, processes and applications have up to date Business
Impact Assessments, facilitating the completion of these where necessary
Perform security focussed due diligence audits on suppliers and identify key
security risks to be addressed. Produce written reports and track
recommendations to remediation
Responsible for ensuring that security issues identified during Affinity and
other third party security reviews are communicated to technical teams and that
appropriate and up to date action plans exist to clear issues.
Identify areas where security should be improved, through compliance and risk
assessments in order to reduce risk to core business activity, acting as
primary technical security contact for the business and IT projects and changes.
Ensure the technical risks are added to the IT risk log and that this is kept
up to date.
Administration of a high level password vault. Ensuing use of system management
accounts is managed and audited.
To gather, interpret and present predefined Management Information relevant to
security
Ensure all staff are aware of their security responsibilities and that metrics
are in place to measure awareness/compliance.
Activities within the Key Result Areas
To liaise with colleagues, and both external business partners and suppliers to
co-ordinate meetings, and to communicate or request any information that is
relevant to the maintenance or development of IT security.
Work as part of the Information Security team to ensure that all team
communications are drafted and distributed to the appropriate audiences
Act as the communications conduit between the Information Security and the rest
of the IT across the group.
Provide the driving force behind various security tasks, communicating the
requirement clearly and encouraging staff to ensure they meet deadlines set in
accordance to corporate standards and guidelines
Maintain a schedule of regular testing and security reviews against technical
infrastructure
Organise meetings and ensure that all relevant documentation is available prior
to the meetings taking place
Organise regular IT security update / refresher forum with key IT management
staff to outline programme and discuss new or outstanding issues
Build up an excellent relationship across key points of contact for all IT
areas within the group.
Make the management team aware of any people issue relational to the management
and mitigation of Security risks.
Help plan the production and completion of security reviews and risk
assessments to assist IT and business units to identify their security issues
and requirements.
Understands and takes account of impact across Group IT & Business Units of
Information Security initiatives.
Recommends and implements modifications to working practices, processes and
procedures that will more closely align practice to the security requirements
of the group standards/regulatory & contractual obligations.
Provides motivation and encourage to technical teams on security matters to
ensure tasks are completed on time and consistently.
Keeps abreast of developments within the business, within IT and within the
Information Security arena in order to identify changing requirements and new
opportunities. Communicates ideas and proposals with the Information Security
Manager and takes ownership of these when ideas are presented to IT management.
Seeks to continuously improve the work of Information Security and security
controls operated by the team.
Working with the team on projects and accountable for assisting project
managers identify risk vs. benefit cost analysis within those projects.
Identifies potential solutions in line with security requirements, accurately
identifies risks/benefits & costs and prepares business case for justification
Qualifications
MSc Information Security or CISSP, CISM, CISA or similar level security
accreditation preferred.
Skills, Experience
Attainment of basic Information Security Training or a demonstrated willingness
to consider achieving a recognised qualification/certification such as CISSP,
CISM or CISA
Detailed understanding of technical security, with demonstrated involvement in
the security controls within e-commerce solutions.
Understanding of the work undertaken by business units within the Budget Group
or 1 year of experience within the General Insurance sector, preferably with
exposure call centre and broker or intermediary operations.
Broad knowledge of general and security technology and standards, including
BS7799, web server security, firewalls, networks, PKI and TCP/IP.
Strong analytical & communication skills to be able to comprehend and clearly
communicate in business terms information rating to security risks.
Good understanding of project management processes and procedures
JOB REQUIREMENTS
---------------------------------------------------
Candidates must be eligable to work in the UK when applying.
CONTACT
---------------------------------------------------
When applying quote ref sf-142
Information Security Solutions
Iain Sutherland
iain@InformationSecuritySolutions.com
---------------------------------------------------
SECURITYFOCUS JOBS
---------------------------------------------------
SecurityFocus now offers an online interface for
searching and managing job opportunities and resumes.
http://www.securityfocus.com/jobs
