Job Title: Security Analyst
Total Page:16
File Type:pdf, Size:1020Kb
Job Description
Job Title: Security Analyst Grade: Technology Adviser
Details
About SLC Student Loans Company is a non-profit making Government-owned organisation set up in 1989 to provide loans and grants to students in universities and colleges in the UK. We are responsible, in partnership with Local Authorities in England and Wales, the Student Awards Agency for Scotland, the Education and Library boards in Northern Ireland, the Higher Education Institutions and HM Revenue & Customs, for student support delivery in the UK. Job Purpose
Take an active role in security processes, including, managing and reporting to key stakeholders, running incident meetings and tracking and progressing activities to resolution. Co-ordinate required remedial activities and responses with individuals such as 3rd parties, law enforcement agencies and regulatory bodies. Perform analysis of suspicious systems, files or communications Gather evidence / logs using forensic processes and techniques to preserve integrity. To monitor and maintain the security of Student Loans Company information systems. Development, maintenance and promotion of technical ICT security procedures in response to defined risk, threats and technological requirements. Contribute to security management processes across ICT departments. To monitor and assess the impact of vulnerabilities and work with ICT to coordinate appropriate remedial actions. Working within the Information Security Operations team you will take an active role in overseeing compliance with corporate Identity Management policy Ensure that Joiners, Movers and Leavers processes are operated effectively Operate and maintain the companies Identity Management Platform
Key Accountabilities
Producing reports on security activities including daily and monthly health checks on security tools. To enforce and interpret technical policies and standards and promote compliance in line with Government security (i.e. HMG Security Policy Framework (SPF) and Infosec Standards), corporate policies and corporate or local procedures and legal and international security standards (i.e. ISO27001, COBIT), Maintain and monitor security tools in conjunction with the security and infrastructure teams for real or potential security breaches. Provide information to internal teams ensuring that appropriate remedial steps are taken. Assess technical security risks in terms of impact to systems and service confidentiality, integrity and availability, and report and escalate results of risk assessments. Produce, review and constantly evaluate effectiveness and efficiency of technical security controls, standards and procedures in line with security requirements, business needs, delivering enhancements where applicable. Active sponsor of continuous process improvement in relation to security matters
Essential Skills / Experience / Qualifications
Ability to clearly communicate with key security and business stakeholders Practical experience of security monitoring tools (such as SEIM) A good IT background in systems infrastructure (UNIX, NT, Windows, LAN/WAN/VLAN, firewalls, web servers, IDS etc) and/or systems and application development (Oracle, Java, UNIX, Notes, web services etc). Knowledge of legal, regulatory and best practice security standards Experience in developing and reviewing technical security standards
Desirable Formal Security Qualification (such as Certified Information Systems Security Professional, CISSP). Formal Forensic / Ethical Hacking qualification. Knowledge of ITIL processes