Overall Job Purpose:
The security of information is critical to the ongoing success and reputation of the SCC business. The role of Cyber Assurance Analyst will offer the successful candidate an exciting opportunity to work closely with the business in a range of testing activities to ensure that solutions and systems are used in a secure and appropriate manner.
The Cyber Assurance Analyst will report directly to the Cyber Assurance Manager to enhance SCC internal GRC (Governance, Risk and Compliance) functions abilities to provide technical assurance to the SCC Group.
The duties of the position shall include ensuring new and existing systems and solution are identified and have security controls prior to going into production, conducting ongoing validation of security controls and functions to coverage and effectiveness.
This is a fantastic opportunity for the right candidate to work in a challenging and fast paced environment, working on a subject matter that is key to the ongoing success of the SCC Group of companies.
Below are key responsibilities:
• Provide project security assurance, including architecture reviews, hardening standards, vulnerability remediation, configuration advise.
• Regular analysis of statistics and reports from IT and SOC/SIEM functions.
• Create Security Dashboards for CISO and Board.
• Risk Management support, reviewing Security Risk and Controls.
• Collaboration with wider GRC Team, including Data Protection, Business Improvement and Internal Audit.
• Assist in with external audits and certification (ISO27001, Cyber Essentials, PCI DSS)
• Work with development teams to ensure a Secure Software Development Life Cycle.
• Support IT and Business in remediation activities.
• Support the business in implementing new controls.
• Review and maintenance of policies, standards, procedures and processes.
• The role is based in Birmingham but may require travel to other SCC Group locations, which may include international travel.
Skills, Knowledge and Experience:
• Demonstrate passion for cyber security and technology.
• Must have a strong willingness to learn and develop their security and technical knowledge and skills.
• Data Analytics & Presentation (Microsoft Excel or PowerBI).
• Ability to think methodically and logically.
• Ability to Communicate to technical and business stakeholders.
• To have SC security clearance or be able to undergo the process of SC clearance.
Analyst Level Requirements –
o B.S. degree in Cyber Security, Computer Science, MIS or equivalent.
o Information Security Certification, such as CISSP, Security+ or CISA.
• Experience with or exposure to security audits and due diligence requests.
• 3 years’ experience in Information Security industry.
Graduate Level Requirements –
• B.S. degree in Cyber Security, Computer Science, MIS or equivalent.
• IT Technology certification from Microsoft, Cisco, CompTIA.
• Knowledge of ISO27001, CIS Critical Controls, NIST, NCSC, OWASP, and other cybersecurity standards/ best practices.
• Good working knowledge and experience Firewalls, Routing, Intruder Detection Systems, Operating Systems, Databases and Common Application Architecture.
• Experience in scripting (PowerShell, Python, Perl, Java, etc).