Information Security Analyst (London)
As an Information Security Analyst, you will be working within the Information Security Team on a range of information security, data protection and risk management related activities, including policy compliance, vulnerability management, identity and access management, event monitoring and reporting, risk assessments, and incident response.
Reporting to the Information Security Manager, this person will be responsible for the maintenance of the existing information security operational tasks and the continued development of new security processes. Key to this role is ensuring that policies, controls, and solutions are continually monitored and improved in response to new threats and business opportunities.
QuantumBlack considers the security of client information as a top business priority and the protection of client information is always at the forefront of everything we do. The company’s approach is to ensure we meet or exceed industry best practices, utilising risk management process and conforming to ISO27001 requirements for an Information Security Management System.
To support the information security activity at QuantumBlack the role of Information Security Analyst is required within our head office in London to support the Chief Information Security Officer in the delivery of the security strategy.
What you’ll do
- Implement and maintain information security solutions to support the ISO27001 Information Security Management System.
- Provide security, data protection and risk management related consulting services and technical assistance to all areas of the company, including supporting client engagements.
- Review and maintain security oversight on key suppliers including Cloud Services
- Identify vulnerabilities within QuantumBlack’s information assets, information processing systems and networks and ensure they are remediated
- Review IT system activities for user administration, system management and privileged access activity
- Provide status reports for security compliance, incidents and KPIs
- Maintain security related policies and processes and develop new documentation as required.
- Experience working in a similar information security role
- Good technical understanding of enterprise IT; web applications, databases, operating systems, server/desktop hardware, mobile devices and networking technologies. Experience of cloud, virtualisation and big data architectures beneficial.
- Good knowledge of information security controls, guidelines and standards, e.g. OWASP, CSA CCM, CIS, SOC2, ISO27001/2.
- Good understanding of the UK Data Protection Act and EU General Data Protection Regulation
- Experience with vulnerability management, e.g Qualys, firewall, network monitoring, IAM, SIEM, IDS/IPS tools beneficial.
- Good experience of supplier management and conducting information security audits and questionnaires
- Strong communicator with excellent written communication skills and the ability to communicate with all levels both internally and externally
- Strong analytical and organisational skills with the ability to work independently, as well and as part of a wider team, with minimal supervision
- Excellent problem solving, organisational skills and attention to detail
- Good interpersonal skills including persuasiveness and/or assertiveness skills
- CISSP, GIAC or other security certifications desirable.