Cyber Security Analyst (Abingdon)

We are currently recruiting a Cyber Security Analyst based in Abingdon. Temp to Perm position.

The Security Departed is to provide an all aspects of protective security advice and assurance to the CNC, this holistic approach to protective security requires ever closer collaboration between departments, the Cyber Security role is a advice and assurance role to ensure the appropriate tools and audits are used to determine the actual state and maturity of Cyber Security in the CNC, so that remediation actions can be prioritised, and that a true reflection of the maturity can be provided to the Executive.

The Cyber Security Analyst is a critical role which will support the CNC to enable a greater understanding of how it can better protect itself against the increasing risk of cyber-attacks. This role will provide the appropriate support to the organisation to enable effective risk management and mitigation, guidance and assurances for the Senior Risk Information Officer (SIRO). This role is required to assess the Cyber Security risks that are faced by CNC, helping design and build secure solutions to protect against cyber-attack. Cyber Security is increasingly part of the work undertaken right across the business. The role will also be required to investigate and analyse all aspects of Cyber Security and threats against the businesses. Managing the CNC identified Cyber Security framework to ensure the maturity of Cyber Security within the CNC.

Role & Responsibilities:
• No direct staff responsibilities.
• No budget responsibilities but needs to be aware of the budgetary process and work within the parameters of relevant budget areas.
• The role impacts on both police officers and staff, across the entire organisation, providing accurate and timely responses to queries and considered advice and guidance on Cyber Security issues.
• To develop strategies and plans law regulatory requirements and expectations to enforce security requirements and address identified risks.
• Lead, manage and be accountable for the overarching Cyber Security function across the CNC, working with staff at all levels.
• To report concerns about residual risk, vulnerabilities, evaluate and implement all-source intelligence information flows regarding new threats, risks and vulnerabilities and other security exposures, including misuse of information assets and non-compliance and recommending updates to security protection measures as appropriate.
• Providing accurate, researched advice and guidance, across the organisation, to enable critical decision making regarding Cyber Security in both an operational and Information Systems environment. Keep current with emerging trends, responsible for identifying risk reduction strategies and the costs associated with them
• Design and develop continual Cyber Security improvements and provide monitoring to ensure that policies, procedures and controls are effective. Write and amend any policy, procedures and technical standards where required
• Support the monitoring of compliance of information security controls which maintain the confidentiality, integrity, availability of the information systems and data, provide advice on protective monitoring, forensic vulnerability scanning and malware analysis, capturing information and developing/implementing toolsets to produce metrics, reports, dashboards and alerting
• Manage the framework identified to demonstrate assurance of CNC Cyber Security compliance.
• Support the Security Manager and the Head of IT, in terms of planning, managing and invoking critical security policies, working practices and cultural changes across the organisation.
• Support the IT department with the management of the required regular security audits (Infrastructure) including Pen Testing, Network Analysis, Vulnerability Analysis, Exploitation Analysis, perform risk assessments and analyse the result of audits (performed by other groups) to produce recommendations of acceptable risk and risk mitigation strategies.
• Providing advice and guidance on the application and operation of elementary physical, procedural and technical security controls.
• Provide advice and support the management of Cyber Security risks regarding Infrastructure and software implementations.
• Manage and liaise with partners and 3rd party suppliers, evaluating information security levels of products and services in accordance with Policy, Standards, Procedures and guidelines required by N list and PASF.
• Manage and ensure our 3rd parties as distinct business areas are audited in line with our agreed policies. Maintaining the relationship with Security vendors of third parties.
• Support the development of Cyber Security risk register, ensuring that all security risks are identified and appropriately managed in line with agreed tolerance levels in accordance with CNC guidelines.
• Assist the Security Manager with the resolution of Information Security incidents and work to define and implement corrective actions where non–conformities have been identified.
• Provide support and advise on accreditation documents and accreditation plans, security architecture, risk discovery and assessment documentation, security architecture analysis, security design, risk management documentation, security plans and security cases as required.
• Providing support and advice to ensure that the CNC maintains compliance with the required standards, such the Public Services Network PSN and/or similar Code of Connections
• Systems owner for the PSD, Security Departments and organisations were applicable security applications.
• Provide Cyber Security education and briefings.
• Support the Security Manager in developing and maintaining a security culture
• Be the CNC Crypto Custodian ensuring compliance with applicable cryptographic requirements

Requirements:
• Demonstrable previous experience within protective security including investigative, and security education i.e. a proven security background before specialising within the Cyber security field
• Network Analysis; Host Forensics Analysis; Malware Analysis
• User investigations; Incident Response experience
• Knowledge of different threat actor groups and their characteristics
• Experience of utilising threat intelligence sources
• Experience of developing in-depth technical investigations
• Experience with Network sensors
• Has a working understanding of common Intrusion Analysis models and can apply them to enhance their analysis or reporting?
• In depth knowledge of the –
o HMG Security Policy Frame work
o Critical Security Controls
o NCSC
• Preferred: Accredited or Certified in any or all of the following –
o Certified Information Security Manager (CISM)
o Certificate in Information Security Management Principles (CISMP)
o CISSP (Certified Information Systems Security Professional)
o ISO 27001 Internal Auditor
• Significant knowledge of Microsoft networking products
• Significant knowledge of Ethernet networks and IP protocols
• Technical Ability to rapidly learn and put that learning into practice is critical
• Ability to write reports and management presentations
• Ability to work under pressure
• Works autonomously under general direction
• Communicates cyber security analysis results to technical and non-technical management/governance stakeholders
• Facilitating collaboration and decision making where necessary
• Skills in both verbal and written communications
• Ability to communicate with confidence at all levels in an organisation
• Ability to communicate extremely technical information such that non-technical individuals can understand it at a high level

Apply online or contact Lloyd at Peel Solutions for more information.