Dotdigital are looking for an Information Security Analyst to join our Information Security & Privacy function based in the UK. This is a hands-on position, and you will be responsible for implementing and managing security controls designed to prevent, detect, and respond to security threats and incidents. You will also be responsible for operational support including managing security related queries from colleagues, clients, and prospects.
Reporting to the Information Security & Privacy Director, this role would suit somebody already in an Information/Cyber Security role, with experience of working with an ISO 27001 certified management system. Critically, you must be a motivated self-starter with a passion for technology; the desire to understand how it works, and the ability to see what risks it poses.
- Manage security related queries from internal staff, clients, and prospects.
- To liaise with technology and business teams to define and champion effective security operational practices and processes.
- Monitoring of security tooling.
- Providing incident response (detection, containment, and recovery activities).
- Logging of security threats and vulnerabilities and ownership of resulting tickets until resolution.
- Maintaining the vulnerability management program.
- Maintaining relationships with 3rd party security vendors and service providers.
- Provide management reporting of security metrics.
- To develop and improve existing policies, procedures, and controls.
- To maintain a high level of awareness of the cyber security threat landscape, and how it impacts the business.
- To conduct regular audits to identify weakness and increase general security awareness within the company.
- Respond to compliance security questionnaires
Experience & skills
- Experience in a similar security analyst role. Alternatively, a Sys Admin, or DevOps role with security responsibilities in a Tech organisation.
- Be pragmatic and have the strong belief that the Security function should be an enabler, and whose role is to work with the business to achieve its goals.
- Broad experience of technologies including, but not limited to; Firewalls, IPS & IDS, DLP, WAF, Modern Operating systems, AD/AAD, Microsoft management tools , Cloud Service Providers, Vulnerability management, Anti-virus, email and Web filtering.
- An understanding of core application development principles.
- Experience in developing people-centric security controls with a focus on awareness, prevention, detection, and response.
- Great communication skills,
- Ability to multi-task, prioritise, and work well under pressure, either individually or as a team.
- An understanding of Data Protection principles
- Knowledge of best practice information security standards and frameworks, such as ISO 27001/2.
Security or general Information Technology related certifications would certainly be beneficial, but not essential.
As an equal opportunities employer we are committed to equality in all its practices with regard to race, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, or sexual orientation.
If you have any additional requirements or adjustments to assist an application then please don’t hesitate to contact us and advise us how we can best support you.