Information Security Analyst - GRC
On site
Kent, United Kingdom
£ 50,000 / year
Full Time
05-03-2025
Job Specifications
Information Security Analyst - GRC
Kent - Mainly Remote site visits once per month
£45,000 - £50,000 + benefits
Fantastic new permanent opportunity for an experienced GRC focused Information Security Analyst with this market leading financial services business based in Kent.
As an Information Security Analyst, you will join an established team to provide Governance, Risk and Compliance oversight and services to deliver Information Security Strategy and help manage internal and third-party information security risk. You will also support other initiatives, such as the management of the Logical Access Management (LAM) of key technology systems, to meet full compliance requirements and always protecting customers and colleagues.
Main responsibilities:
Support the execution of the Cyber Strategic Plan while continuously seeking innovative methods to enhance the cyber security function, reduce risk across the organisation, and improve customer and colleague experiences.
Oversee and manage cyber security governance controls in line with the Cyber Assurance Framework, including tracking performance through KPIs and SLAs, supporting vulnerability, management activities and providing relevant management information as needed.
Assist with compliance activities such as policy and process assessments/improvements, ISO27001 and PCI-DSS re-certifications and audits.
Implement and ensure the efficiency of internal and third-party cyber risk mitigation controls to align with risk appetites. Utilising internal reviews and third-party risk management systems and processes to ensure third parties meet security standards.
Stay updated on the external cyber threat landscape through participation in internal/external events and obtaining certifications and share best practices with colleagues.
Manage the technology access review process, coordinating with technology teams, broader business functions, and audit teams to ensure proper system access management and review.
Assist and support the incident management processes, including handling incidents, performing root cause analysis, documenting lessons learned, creating and ongoing reviews of playbooks.
Offer cyber consultancy services to support business initiatives, ensuring compliance and risk appetite requirements are met.
Adhere to our Governance and Business Code of Conduct, consistently acting with integrity and due diligence.
Skills Required:
You will have proven experience of working within a similar GRC focused Information Security Analyst position.
Have a good understanding of risk management approaches and the application of Cyber risk management controls.
A broad understanding of the Cyber Security domain and associated compliance requirements such as FCA, GDPR, and PCI/DSS.
Experience with 3rd Party Risk Assessments.
Broad knowledge and understanding of cyber-attack techniques and vulnerability testing approaches.
Experience in undertaking Risk assessments, control testing and reporting in a regulated environment.
Proven stakeholder management experience and be able to demonstrate good written and verbal communications skills.
Can demonstrate previous experience in the planning, leading and delivering of audits and compliance activities.
For any further queries regarding the role, please contact Danny Palmer at (see below)
About the Company
The idea of partnership is behind everything we do at Sanderson. It's our values and purpose wrapped up in one word. Our partnership approach challenges the perceptions of our industry, and the people who work within it. We help our clients to hire the best talent through our four divisions; Recruitment, Solutions (RPO & MSP), Projects, and Executive Search. We have global ambition and are growing both organically and through acquisition. We have office across Ireland, UK, Hong Kong, Singapore, and Australia. Our passion ... Know more
Related Jobs
- Company Name
- Rapiscan Systems
- Job Title
- Cyber Security Manager
- Job Description
- Join Our Team as a Cyber Security Manager About Us: Rapiscan Systems is a global leader in detection technology, providing advanced cargo and vehicle inspection systems and services for high-security environments such as ports, borders, military facilities, and checkpoints. Our innovative solutions help combat terrorism, drug smuggling, illegal immigration, and trade fraud. We pride ourselves on our commitment to excellence, delivering best-in-class imaging performance, reliability, and operator satisfaction. Role Overview: As a Cyber Security Manager, you will lead the operations of our cyber security testing lab and generate critical product security documentation. You will collaborate with the Cargo Engineering Software Team to manage cybersecurity risks in our Cargo X-ray software suite. This role is integral to our larger corporate cybersecurity team at OSI Systems. Key Responsibilities: Security Design & Documentation: Define cybersecurity design requirements and develop product security documentation for border protection and transportation security products within a standardized security framework. Risk Management: Analyze, report, and manage security-related risks, proposing further security improvements. Education & Training: Educate product design staff and stakeholders on cybersecurity impacts on product design and support efforts. Innovative Solutions: Develop innovative solutions to secure and support networked products used in diverse settings over long periods. Vulnerability Assessment: Lead the development of product test protocols to assess vulnerabilities and recommend remediation techniques. Threat Assessment: Assess product vulnerabilities to new and emerging threats, identify root causes, and develop remediation strategies. Standardization: Prepare and document standard operating procedures to ensure product security throughout their lifecycle. Company Benefits Excellent salary Excellent career development. Holidays 25 days holidays plus bank holidays increases up to 29 days after 10 years’ service. Life insurance entitlement from first working day which is four times your basic salary. Charity work 2 days paid leave if you wish to volunteer and work for your nominated charity. One day paid leave to take your Birthday off Pension Company Car Lease Scheme Cycle to work scheme. Enhanced Maternity and Paternity pay. Healthcare Cash plan Eden Red discounts Qualifications: Experience: 7+ years in IT with a focus on security, including supporting product design and leading cybersecurity efforts based on industry standards. Knowledge: Familiarity with security standards and frameworks (e.g., NIST 800-53, NIST CSF, ISO 27001). Technical Skills: Detailed knowledge of operating system and network security in physical, virtual, and cloud-based environments (AWS). Hands-On Experience: Proficiency in security systems, including endpoint security, vulnerability management, firewalls, IDS/IPS, wireless security, authentication systems, log management, and encryption. Communication: Strong verbal and written communication skills, with the ability to convey complex security concepts and risks. Leadership: Proven ability to lead projects from start to finish and work effectively as part of a team. Education: Bachelor's degree in Computer Science, Information Security, Engineering, or related field. Cybersecurity certifications (e.g., Security+, CISSP, CCNA Security) are desirable. Global Perspective: Experience working in a global environment across multiple time zones, with the ability to travel internationally as needed. Why Join Us? At Rapiscan Systems, you will be part of a dynamic team dedicated to making the world a safer place. We offer a collaborative work environment, opportunities for professional growth, and the chance to work on cutting-edge technology that has a real-world impact.
- Company Name
- ION
- Job Title
- Senior Security Architect
- Job Description
- About Us We’re visionary innovators who provide trading and workflow automation solutions, high-value analytics, and strategic consulting to corporations, financial institutions, central banks, and governments. More than 40% of the world’s largest companies use our solutions. We’ve achieved tremendous growth by bringing together some of the best and most successful financial technology companies in the world. At ION, we offer careers that provide many opportunities: To invent. To design. To collaborate. To build. To transform businesses and empower people around the world to do more, faster and better than before. Imagine what you can do and experience. This is where you can do your best work. Learn more at iongroup.com. Your role Your duties and responsibilities Establish policies and procedures that promote secure development/cloud principles. Enable security automation through tools to reduce vulnerabilities and flaws due to human errors. Automate audit evidence collection throughout the SDLC to facilitate compliance reporting. Monitor security metrics to continuously improve and stay one step ahead of the red team. Maintain strong and continuous engagement with teams to ensure the ION Cloud architecture and operating model is up to the top security standards. Create a state-of-the-art secure cloud architecture and strategy, supported by a robust and flexible infrastructure with reliable and efficient operating model. Run post-mortem incidents analysis. Review the security principles compliancy of deployment, maintenance, monitoring, and management processes. Cooperate with the software architect to ensure that security aspects are considered in the software architecture. Regularly evaluate the best cloud applications, hardware, and practices available in the security domain. Provide training and guidance to the rest of the organization, helping with the development of a security culture throughout the company. Help the product owner in refining security requirements so that they fit in the customer’s strategy and becomes selling point. Other duties We might ask you to perform other tasks and duties as your role expands. Skills Your skills, experience, and qualifications Threat Modeling. Authentication/authorization standards and implementations Application of encryption at rest and in transit Certificates/secrets standards and implementations Managing security in public clouds ( AWS, Azure, GCP), with at least 3 years specific experience in either AWS or Azure. Secure microservices architectures in a cloud-native environment. Strong understanding of networking. Knowledge of different deployment models (Container, Serverless, Cloud, PaaS, IaaS …). Ability to work with diverse, remote, and distributed teams across multiple regions and time zones. Ability to do research autonomously to always be ahead of any security threat. SSDLC practices in DevOps, CI/CD environment. OWASP Top 10, SANS CWE, OpenSAMM, BSIMM, etc. Penetration testing, vulnerability scanning Design security monitoring tools. Designing pipelines that make use of SCA, SAST, DAST, IAST and RASP solutions. Qualifications SANS/SEC-540: Cloud Security and DevSecOps Automation Systems Security Certified Practitioner (SSCP) Certified Information Systems Security Professional (CISSP) Certified Authorization Professional (CAP) Certified Secure Software Lifecycle Professional (CSSLP) HealthCare Information Security and Privacy Practitioner (HCISPP) Experience Multi-year experience in Threat Modeling. A proven track record as architect and consultant, capable of working directly with teams, embedded in the delivery model. Experience with Kubernetes, Openshift, Service Mesh. Experience with clouds (AWS, Azure, GCP) Experience with getting or maintaining certified standards (i.e. ISO 27001, PCI DSS, MIL-SPEC) Contract Type Full-time, permanent contract. Important notes (Italy) According to the Italian Law (L.68/99) Please note that candidates from the disability list will be given priority. Due to the high volume of applications, only those candidates that meet the required criteria for selection will be contacted. If you’re from a non-EU country, you must have a valid EU visa or work permit.
- Company Name
- Everest Group
- Job Title
- Senior Security Engineer
- Job Description
- Job Overview We are seeking a dynamic and experienced Senior Security Engineer to join our team in India. In this pivotal role, you will be responsible for leading the development and implementation of robust security systems to protect our organization's data and network infrastructure. You will work closely with cross-functional teams to identify vulnerabilities, develop mitigation strategies, and ensure compliance with the latest security standards and regulations. As a Senior Security Engineer, your primary responsibilities will include conducting sophisticated security assessments, overseeing the deployment of security solutions, and responding effectively to any security incidents. You will also play a key role in shaping our security policies and procedures, providing expert guidance to both technical and non-technical stakeholders, and staying abreast of emerging security threats and technologies. Key Responsibilities Design and implement security architectures and strategies within the Azure cloud environment, ensuring secure and efficient cloud operations Conduct security assessments and penetration testing using Burpsuite and Nessus to identify vulnerabilities and implement effective remediation strategies Manage and fine-tune ZScaler configurations and policies for robust network and data security Utilize Sophos XDR for advanced threat detection, investigation, and response, ensuring comprehensive monitoring and protection against complex cyber threats Lead efforts to achieve and maintain SOC2 compliance, developing and enforcing policies and procedures in line with SOC2 standards Monitor network traffic and analyze protocols using tools like Wireshark to identify and mitigate security threats in TCP/IP networks Respond promptly and effectively to security incidents and ensure resolution with minimal impact Collaborate with various teams to integrate security best practices into development and operational processes Stay informed about emerging security trends, threats, and mitigation techniques, and educate others on cybersecurity best practices Develop and maintain detailed documentation of security configurations, policies, and procedures Evaluate and implement new security technologies and solutions as needed Provide expert guidance and leadership for security-related decision-making and project planning Required Skills / Aptitude Advanced knowledge of cybersecurity principles, practices, and risk management Strong proficiency in cloud security, particularly in Azure environments Expertise in network security, including protocol analysis and intrusion detection Familiarity with security tools such as Burpsuite, Nessus, ZScaler, Sophos XDR, and Wireshark Deep understanding of SOC2 compliance frameworks and requirements Excellent analytical and problem-solving skills, with a strong attention to detail Proven ability to identify, assess, and mitigate security vulnerabilities and threats Effective communication skills, capable of explaining complex security concepts to diverse audiences Strong documentation and reporting skills, with an emphasis on clarity and accuracy A proactive mindset towards staying abreast of the latest cybersecurity trends and technologies Ability to work collaboratively in a team environment and lead security initiatives Leadership qualities, including the ability to mentor junior staff and influence decision-making Capacity for critical thinking and making well-informed decisions under pressure Education and Experience Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field. A Master’s degree is preferred Minimum of 5-7 years of experience in cybersecurity, with a focus on areas such as network security, cloud security, and compliance Prior experience in a professional services B2B firm, understanding the specific security needs and challenges in such settings Relevant cybersecurity certifications (e.g., CEH, OSCP, CISSP, CISM etc.) are highly desirable About Everest Group Everest Group is a leading research firm helping business leaders make confident decisions. We guide clients through today’s market challenges and strengthen their strategies by applying contextualized problem-solving to their unique situations. This drives maximized operational and financial performance and transformative experiences. Our deep expertise and tenacious research focused on technology, business processes, and engineering through the lenses of talent, sustainability, and sourcing delivers precise and action-oriented guidance. Find further details and in-depth content at www.everestgrp.com. Everest Group is with you on the journey. We are committed to empowering team members to develop their potential, share their authentic selves, and inclusively engage. This means we continually celebrate the diverse journeys different individuals cultivate. We hire great people from a wide variety of backgrounds, not just because it’s the right thing to do, but because it makes our company stronger. If you share our values and enthusiasm for solving challenges, you will find a home at Everest Group.
- Company Name
- Photon
- Job Title
- GCP Security Lead
- Job Description
- We are looking for an experienced GCP Security Lead to join our growing team. This role requires a hands-on individual with deep knowledge in securing Google Cloud Platform (GCP) environments, as well as expertise in threat modeling, hardening GCP services, and cloud security posture management. The ideal candidate will have a passion for designing secure cloud environments, a solid understanding of cloud-native application security, and experience in implementing security controls across cloud infrastructures. Key Responsibilities: Lead the security architecture, design, and implementation of secure GCP environments. Drive design decisions by applying Threat Modeling techniques (e.g., STRIDE, MITRE ATT&CK) to identify and mitigate risks to cloud infrastructure and applications. Conduct security assessments and audits of GCP services to ensure compliance with internal policies and industry standards. Harden GCP services and ensure they are configured according to security best practices. Leverage CNAPP (Cloud-Native Application Protection Platform) and CSPM (Cloud Security Posture Management) tools to monitor and enforce security policies across the GCP environment. Collaborate with DevOps, Infrastructure, and Development teams to implement security controls and best practices in the cloud. Create formal documentation of cloud security controls, including Threat Model Reports, Policy Summary Pages, and Security Incident Response Plans. Provide guidance and mentorship on secure cloud architecture and threat modeling for cross-functional teams. Continuously research and implement the latest cloud security trends and technologies, ensuring GCP is secure and resilient against emerging threats. Required Qualifications: Proven experience with Google Cloud Platform (GCP) security, including practical experience with hardening GCP services. Strong working knowledge and hands-on experience with CNAPP/CSPM tools. Deep understanding of Threat Modeling frameworks such as STRIDE and MITRE ATT&CK, and experience in applying them to real-world environments. Experience documenting cloud security controls, including Threat Model Reports and Policy Summary Pages. Strong understanding of cloud security architecture, vulnerability management, identity and access management (IAM), encryption, and secure software development lifecycle (SDLC) practices. Experience with security automation and security monitoring in cloud environments. Knowledge of cloud compliance frameworks such as NIST, CIS, SOC 2, and GDPR. Strong problem-solving and analytical skills, with the ability to communicate complex technical concepts to both technical and non-technical stakeholders. Preferred Qualifications: Certifications in cloud security (e.g., Google Cloud Certified - Professional Cloud Security Engineer, AWS Certified Security Specialty, or equivalent). Familiarity with cloud automation tools (Terraform, CloudFormation, etc.) and infrastructure as code (IaC) security practices. Experience working in Agile/Scrum environments. Knowledge of network security principles and architecture in cloud environments. Soft Skills: Excellent written and verbal communication skills. Strong leadership and collaboration skills. Ability to prioritize tasks and manage multiple security projects in parallel. A proactive and solution-oriented mindset.