Information Security Analyst

Information Security Analyst - London

We’re working with a leading UK law firm who are looking to add an experienced Information Security Analyst to their Security team.  The role is for an initial 3-6 month period and will be based in the City of London area.

As an experienced Information Security Analyst you’ll have a broad but strong technical capability across a range of areas including:

• Proven Information Security experience with a background in IT infrastructure.
• Experience across firewalls, anti-malware, email, web and application gateways, network security, virtual private networks, application security and control, device and system hardening, endpoint and mobile security, encryption, data loss prevention, event log management, vulnerability and patch management, identity and access controls, privileged account management and awareness training platforms.
• Experience in threat detection, analysis, containment, mitigation, recovery and post incident reporting, securing and hardening server, network and cloud infrastructure.
• Understanding of the cyber kill chain to help identify and stop attacks at each of the stages.
• Experience using risk-based approach to threat assessment including technical and executive reporting with recommended treatments, countermeasures etc.
• Experience in creating content and delivering awareness training.
• Experience of change management for Information Security and business impacting changes.
• Knowledge of cyber security frameworks such as CIS Top 20 controls and NIST 800 series.
• Experience in cyber incident response practices is beneficial.
• Security certifications such as Security+, SSCP, CCSP, CISM etc. are beneficial.

Alongside the technical elements of the role you’ll also need to have outstanding communication skills and the ability to engage with and educate users across the business in terms of threats and risks, do’s and don’ts and general wider security best practice. The users are varied so you’ll need to be professional and able to adapt your approach based on your audience.

Responsibilities will be varied but you’ll need to be comfortable both owning and supporting the Information Security Manager in the following areas:

• Assist with the procurement, planning, implementation, upgrade and management of the firm's technology security systems, including the reporting of security projects and provide advice on the firm’s other projects regarding any aspects of Information Security.
• Act as a point of contact for security incidents, investigations, issues or alerts while using existing (and future) security systems employed by the firm to regularly read, interpret, report and act on event logs produced by those systems.
• Document security policies, processes, workflows, playbooks and where necessary define, update, implement and maintain to protect the confidentiality, integrity and availability of data and systems.
• Perform regular vulnerability tests, risk analysis and assessments of the current security practices, including gap analysis across people, processes and technology to identify areas for improvement through report  findings and recommendations.
• Continually help drive improvements around cyber incident response planning and contribute to any investigations including report findings, lessons learned and recommended actions.
• Working closely with the Technology Infrastructure team, including, but not limited to ensuring systems are secure and hardened, operating system and application patching, vulnerability remediation and privileged account management.
• Working with external parties on user awareness initiatives, penetration testing, achieve or maintain security accreditations or certifications and when required, to triage, manage and remediate incidents.
• Help drive security best practices both in new ideas and in communications with other team members and across the firm, including creating awareness content and delivering training as part of a security awareness program.
• Track and keep up-to-date with the latest cyber security threats, the ever-shifting threat landscape,  vulnerabilities and innovations through threat intelligence, security news and forums including liaising with external parties and vendors.
• Assess, review and audit systems and controls in line with company and industry policies and standards.
• Managing the existing Cyber Essentials accreditation and Cyber Essentials Plus or ISO27001 accreditation process if the firm wishes to implement in the future.
• Whilst the position is based in the Technology department, the Information Security Analyst will also work with the Risk & Compliance team to review and manage the operational and cyber risk registers.
• Responsible, as part of a wider team, for the overall Information Security strategy of the firm and compliance with Data Protection Regulations including GDPR.
• Help form business partnerships both internally and externally that help drive our cyber security strategy forward to continually improve our security posture.
• Attend seminars/conferences for the latest threats and potential solutions to enhance our security estate. Liaising with peer groups to share threat intelligence, challenges, solutions, innovations and continue to establish the client as a key contributor to that community. 
• To undertake other duties as deemed appropriate by Information Security Manager

This is a really interesting role and a fantastic company.