Information Security Assurance Analyst

  • Job Reference: REQ1960
  • Date Posted: 27 April 2022
  • Employer: SGN
  • Location: Portsmouth, Hampshire
  • Salary: On Application
  • Sector: Operations
  • Job Type: Permanent
  • Work Hours: Full Time

Job Description

Information Security Assurance Analyst

 

Location: Walton Park

Salary: Personal Contract (dependent on experience)

Reference: REQ1960

 

THE ROLE

 

Here at SGN we are looking for an Information Security Assurance Analyst providing support the security assurance function in triaging, assessing, and providing security advisory services across all programmes, projects, and steady state services.

 

You will be responsible for providing assurance to the SGN leadership team regarding the design and operating effectiveness of the security controls within both SGN’s IT and OT environments.

 

You will work collaboratively with risk management, business analysts, projects managers, architects, and support teams to identify, evaluate, report, and mitigate risks.

 

In addition, you will be responsible for reviewing and identifying security control gaps in design documents, providing remediation and mitigation recommendations.

 

Key responsibilities will include;

 

  • Perform a threat modelling exercise of all projects and provide mitigating cyber security requirements to help ensure the secure delivery of compliant systems, applications and business processes
  • Review both high/low level architecture definition documents for compliance against security policies, standards and regulatory requirements, and attend Technical Design Authority (TDA) and Architecture Review Board (ARB) meeting to provide security signoffs
  • Manage a team of security assurance analyst / consultants providing thought leadership across a number of assurance functions, and helping to navigate through senior management approvals thereby allowing for seamless and smooth engagements with project delivery teams
  • Perform cyber security risk assessments, compliance checks, audits and reviews to ensure that appropriate security controls are in place and highlight any deficiencies and gaps for management consideration.
  • Provide cyber security assurance activities by ensuring implemented solutions are a replica of agreed and approved architecture definition documents, helping to facilitate penetration testing as per local Cyber policies, whilst providing security advice, in collaboration with Corporate Cyber Security, and support to management, BAU and projects to comply with both global and local requirements and obligations.
  • Maintain and communicate relevant local security procedures aligned with necessary Cyber Security rules, processes, procedures and standards.
  • Where required, propose solutions and coordinate delivery of mitigating actions to ensure risk levels are aligned with risk appetite.
  • Perform compliance checks to ensure Cyber Security controls are operating as designed.

 

CULTURE/BENEFITS

 

This role will offer plenty of genuine learning and development opportunities, as well as a competitive salary with company benefits including retail & leisure discounts, HolidayPlus & Cycle2work schemes, gym & mobile discounts, a pension scheme, and more.

 

Fostering a diverse and inclusive culture is something we pride ourselves on at SGN. We want our workplace to be an innovative and inclusive place to work, where every single person feels empowered to achieve professional success.

 

WHAT YOU’LL BRING

 

  • The individual should be educated to degree level in a relevant discipline.
  • Must be CISM/CISSP/CCSP/TOGAF/CRISC/AWS Solution Architect or equivalent certified or willing to undergo certification on the job.
  • Must have expertise in Cloud (IaaS, Paas, SaaS), in particular AWS and Azure
  • Must have proven expertise in three of the following security domain areas; Vulnerability Assessment and Management, Security Risk and Compliance, Cloud Security Architecture, Application Security, Security Operations Centre and Investigations, Incident Management and Security Engineering
  • Must have 1-2 years’ cyber security experience
  • Good understanding and practical experience of Cyber Security Frameworks and standards such as NCSC security principles, NIST Framework, ISO 27001, ISO27005, IEC62443 etc.
  • Good understanding of Cyber Assurance Framework and experience with working with Regulators and providing compliance updates for OT environment

 

Skills that will help you in the role:

 

  • Knowledge and experience on IT Auditing/Control testing, IT Information Security and IT generic computing controls
  • Knowledge of technology risk and controls including relevant tools and techniques
  • Knowledge of key areas in technology risk, including operations, change, security, resilience at both application and infrastructure layers
  • The suitable candidate must be a highly motivated individual with strong managerial capabilities. A proven track record as a cyber security subject matter expertise in this or other organisations is a prerequisite requirement.
  • The role will require a significant attention to detail and ability to work with both a strategic, Director level as well as working with subject matter experts on detailed design issues and application, integration and data modelling.
  • The successful candidate will be required to be an excellent communicator and not averse to dealing with conflict management and decision making on a regular basis.

 

Key skills and Behaviours:

 

  • Able to coach and motivate teams to deliver results under pressure or with conflicting demands
  • Good at challenging and support their teams on self -development and keeping up to date with technology
  • Attention to detail
  • Good interpersonal and communication skills.
  • Collaborative team player.
  • Ability to lead and take control when required to do so
  • Assertive and driven
  • Good at building rapport and influencing at all levels
  • High energy and a desire to succeed

 

Not a perfect skills match? Tell us what you’re interested in – you might have a skill we didn’t realise we needed!

 

WHO WE ARE

 

We’re on a journey to transform the future of gas and we think outside the box – futuristic technologies and robotics are leading our innovation. Keeping our customers safe and warm is what we do but beyond that, we want to make the world a better place, which is why we’re passionate about helping in our communities, reducing our carbon footprint and driving innovation in our industry.

 

At SGN, we strive to sustain our world through managing the network that distributes natural and green gas across the south of England and Scotland. We have an important responsibility to keep the gas flowing to 5.9 million homes and businesses. Your work directly impacts SGNs commitments to keeping our customers’ homes and businesses safe.

 

We’re quick to deliver and we may not always wait until the job advert expires before reviewing applications. We recommend you submit your application as soon as possible so we can continue the conversation…