Contract Information Security Analyst - London

Contract Information Security Analyst required to bridge the gap between the business and the clients IT function within the context of information security and data protection. You will liaise closely with the IT service desk, infrastructure and applications teams, as well as the clients change management and compliance functions.

Systems:

• All Security Systems - including Firewalls, Web Filters, Anti-Virus, Encryption, Intrusion Detection Systems and Web Application Firewalls
• Authentication Systems
• Email system security - including Mimecast security and internal mail servers
• Desktop and Server security
• Microsoft Windows Domain security
• Securing Microsoft Windows Internet Information Services
• Microsoft Windows Certificate Services
• K1000 Systems Management Appliances

Responsibilities:

• Plan, implement and upgrade security measures and controls
• Protect information systems to ensure confidentiality, integrity and availability
• Analyse security incidents and data protection breaches to determine their root cause
• Collating and producing monthly highlight reports relating to security incidents and events
• Assume primary responsibility for all security issues escalated from the service desk, advising on or affecting suitable fixes, or escalating with 3rd line support providers as necessary, seeing issues through to resolution
• Ensure all critical infrastructure and operating system patches are applied consistently and sufficiently frequently to ensure known vulnerabilities are addressed in a timely fashion.
• Monitor and maintain the anti-virus systems across the network, ensuring timely updates are applied and correcting any instances of out-of-date virus definitions or non-compliant desktops, laptops or servers.
• Reviewing 3rd party security questionnaire responses, configurations and implementations with a view to whether they meet our IT security and data protection policy requirements
• Implementing secure configuration of Microsoft Windows Domain functionality
• Provide hardening of web-servers and ensuring they are in line with agreed base-line configuration and ensuring web-app TLS encryption is in line with industry best practices
• Liaising with security consultants to arrange scope-of-works for penetration tests/vulnerability assessments
• Ensure results of third-party penetration tests/vulnerability assessments are reported to management and that suggested actions are followed up on and implemented
• Assume a lead role for all security projects
• Liaising with the Data Protection Officer and compliance team to co-ordinate efforts to reduce privacy risks and to advise on areas where security can assist with their projects
• Co-ordinate efforts to carry out a Data Subject Access Request and report to the Data Protection Officer
• Conduct security awareness training for new joiners, as well as conduct cyber awareness and/or phishing simulation exercises.
• Auditing firewall policies and elements to ensure any policies that are no longer required are removed and also that existing verified policies are not too permissive
• Maintain the Stewarts Law Information Asset Register and Risk Assessments (including retention periods and analysing whether systems contain personal data)
• Co-ordinate annual information security assessment, accreditation and certification exercises
• Provide supplemental 2nd line support to the end users as required
• Provide emergency or planned 'out of hours' support as required
• Contributing to and content editing the business' IT and security policies
• Completing hardening of Windows servers following completion of builds by infrastructure team
• Working with compliance and IT training team to co-ordinate and contribute to ongoing security awareness training offered to staff members
• Provide supplemental 2nd line support for infrastructure systems, as required

Skills/experience required:

• At least 12 months previous experience within a similar Information Security role, or with significant InfoSec duties.
• Recent technical working knowledge of some or all of the following: Windows OS, Windows Server, Unix variants, Microsoft Office, Microsoft Exchange (inc. DAG), Sophos Endpoint and Safeguard Enterprise, Active Directory including Group Policy, Firewall and VPN technologies, 4G and WiFi, iOS/Android, Remote Desktop/Terminal Services/Citrix, VMware ESXi/vSphere
• Solid and demonstrable understanding of TCP/IP, UDP, DNS, DHCP, TLS, HTTP, SMB/CIFS, ARP, SMTP, FTP, OSI Model
• Solid and demonstrable understanding of GDPR and other data protection legislation
• Strong client-service "can do" approach, patient to understand the client's needs and willing to work with them in the most effective way to resolve queries, multitasking as necessary
• Effective communication skills at all levels
• Excellent written skills, compiling data analysis and report writing

If suitable please apply or contact Natasha on 02380 765 293 or natashascarth@spectrumit.co.uk