Information Security Analyst

Information Security Analyst

Job Description

 

POSITION INFORMATION
Department	Global Security	Reports To	Head of Information Security UK
Work Location	Chorley - Hybrid	Hours of Work	37.5
Position Type	Full-Time	Rate Type	Salary
Grade	3

 

SUMMARY

 

We are an innovative and market-leading software & services company based in Chorley serving clients in the utility sector ranging from new entrants to large existing suppliers.  We deliver sophisticated software solutions and managed services in a Private Cloud infrastructure, servicing both traditional and modern real-time, smart energy clients.

 

We operate a Hybrid working policy so you will be able to flex between working in the office and your home location to carry out this role, but during your initial training period the need to be in office with other team members will be essential.

 

While this position is full-time, we are open to discussing flexible working patterns that accommodate individual needs. If you require flexibility in your work schedule, please let us know during the application process, and we will do our best to accommodate your needs.

 

The role of the Information Security Analyst operates within the Global Security team and is focused on ensuring that Security Events and Incidents are handled efficiently to minimise any impact on ESG and our clients, that Security Controls remain effective and to support the objectives of the Global Security team across all geography’s ESG operate in and with all matters Cyber Security.

 

ESG operate globally, with offices located in the UK, US, Canada and Denmark.

 

POSITION RESPONSIBILITIES

 

Essential Functions

• Monitor ESGs security toolset, including the ESG SIEM for security alerts, events and incidents, supporting their triage and remediation.
• Monitor the external threat landscape to be aware of emerging threats and support awareness within the team
• Have a firm understanding of IT technologies, including virtualised environments, cloud computing, containerisation and networking.
• Have a good level of knowledge in a number of key IT Security technologies such as firewalls, email filters, AV, EDR, SIEM and IDS/IPS.
• Support technical risk assessments and supplier security reviews as required.
• Support vulnerability management and remediation.
• Support internal compliance testing.
• Support the management of security policies, procedures and guidelines in compliance with ISO9001, ISO27001, SOC2 requirements.
• Support information security risk assessments using recognised methodologies, such as ISO27005.
• Provide information security advice and guidance to the business.
• Monitor, configure and calibrate security monitoring tools.
• Experience of working within software development teams is beneficial.

 

 

Supervisor Responsibility

No line management responsibilities.

 

Travel Requirements

This job requires up to 5% travel to other ESG locations, client premises and 3^rd party premises. 

 

 

ABOUT YOU

 

We need diverse people from all abilities, gender identities, ethnicities, ages, sexual orientations, life experiences and backgrounds to join us.

 

You will be:-

• Able to demonstrate ESGs key values of

• Excellence: be accountable to deliver our best
• Passion: show how much we care each day
• Integrity: do the right thing when no one is looking
• Collaboration: work together to succeed together

Experience

• 3 – 5 years of Information/Cyber Security.
• 3 – 5 years of experience of Security Incident response.
• 3 – 5 years of experience of cloud security.
• 3 – 5 years of experience of network security.
• 3 – 5 years of security controls frameworks (i.e. ISO27001, SOC2, NIST).
• 3 – 5 years of risk management frameworks (i.e. ISO27005, IS1, NIST).
• 3 – 5 years of internal and external audit programmes.
• Working to tight deadlines.
• Analytical thinking and attention to detail.
• Good communication skills, both written and verbal.
• Must be able to work independently and as part of a team communicating with all levels of staff.

 

Education

Working towards or have obtained professional security certification is beneficial, such as:

• ISO27001 Lead Auditor / Implementor
• CISSP
• CCSP
• CompTIA Security+

 

ISO AWARENESS

•             Follow IMS Policies

•             Reporting of Incidents

•             ISO Responsibilities 

•             ISO Staff Awareness

 

 

 

 

 

*For more information on how we process your information please see our privacy notice which can be found on our website https://esgglobal.com/privacy-policy/  *