Role Summary:

To support the administration and management of Security Services across the Global IT function. Working within the Enterprise IT function, the role will serve to grow and maintain a disciplined IT security function which safeguards IT assets, business information and workers from security and compliance breaches.

Key Duties

Security Management:

• Manage and maintain the portfolio of IT Security tools in operation at CloudFactory, keeping track of security events and remediating security related issues where possible.
• Maintain compliance standards in support of security controls for endpoint devices across CF (e.g AV, Patch management etc).
• Review and test system, web and mail policies, always seeking to reduce risk through strong DLP, encryption, and security posturing (when possible).
• Baseline user security according to our published security policies ( Acceptable use, Password Policy etc). Provide feedback to relevant parties in regard to policy update requirements or policy compliance issues.
• Support and assist in the management of security-related issues via our internal tools (ITSM, Risk Register) whilst following the appropriate escalation channels.
• Stay informed of security-related news, industry trends and vendor updates to provide expertise around new security developments, reported breaches and emerging vulnerabilities across the industry.
• Help to maintain strong communication channels to the wider business to help ensure that staff are well informed of security vulnerabilities, online threats and growing security trends.
• Help to educate and raise user awareness in effective security practices, identify training platforms, and education opportunities to widen information security awareness and knowledge.
• Support business endeavours in achieving and adhering to industry-led security standards (ISO9001, ISO27001, SOC2 etc).
• Support the completion of client-originated security assessments, security questionnaires, and RFIs.

Process And Policy

• Assist in supporting the internal and external audits process, through info gathering and action tracking.
• Support the development of key security processes; business impact assessments, security response plans and end user security policies.
• Help to maintain the InfoSec document portal, working to ensure that document control standards are met
• Work with the IT Service Delivery function to ensure that risks are being recorded within the relevant Risk Register whilst making sure to log and track risks that emerge from scans, audits etc.
• Work to champion the presence of the risk register to ensure that internal staff are mindful of the need to report any form of operational or system risk which may impact the business.
• Maintain a good awareness of data privacy regulations such as GDPR, HIPAA etc whilst helping to ensure that the business adheres to good practise and defined processes.
• Produce, maintain and manage policy documentation. Addressing any policy gaps and advising the business over policy use.

Collaboration

A key aspect of this role is to be a good communicator at both a technical and business level. It is expected that the Security Operations Analyst will be in constant communication with a wide group of stakeholders, including (but not limited to):

• Sales & Delivery – defining and documenting IT security controls for existing and prospective clients.
• Operations – providing advice and support for new and existing security requirements and associated security solutions / tooling.
• Engineering – provide monitoring and escalation for service components that overlap between the Enterprise IT function and Engineering. Components would include, network, cloud and productivity services.

Development Path

A primary department objective is to maintain a development path for the Security Operations Analyst. Training and certifications will be defined as a core objective for this role. Seminars and opportunities for wide industry exposure will be actively encouraged. As such, the individual will need to show a strong desire and aptitude for development and learning with an ambition to become a subject matter expert in Information and Cyber security.

Requirements

• ITSM background with good exposure to the ITIL framework
• Broad IT knowledge with strong awareness of Network, Cloud and Infrastructure technologies and concepts.
• Have a good understanding of IT security concepts within each layer of a business environment. (From Endpoint to Edge)
• A strong aptitude towards learning and discovery
• Able to take technical ownership over a given task\project.
• Advanced analytical and structured problem solving abilities.
• Flexibility/Adaptability: fast to respond, thinks on feet, track record of adapting, thinking outside the box, open mind to new tools and changing processes
• Ideas generator and innovator: always asking Why? How?
• Self-starter requiring little supervision to complete tasks independently, curious, self-developer
• Can work across different business functions, communicating at all levels and can demonstrate strong collaboration skills to achieve set goals\objectives
• Good written and verbal communication skills with proven ability to write highly technical reports and documentation
• Being able to explain complex issues in simple terms.

Benefits

• Great Mission and Culture
• Meaningful Work
• Growth Opportunities
• Market Competitive Salary
• Health and Medical
• Group Life Insurance