Cyber Security Analyst, Vulnerability Management

We’re looking for a Cyber Security Analyst – Vulnerability Management to play a vital role in protecting our organisation’s IT environments. Reporting to the Cyber Security Manager – Vulnerability Management, you’ll be responsible for identifying, assessing, and driving the remediation of security vulnerabilities across our technology estate. Your work will be essential in helping the organisation maintain a strong and resilient security posture.

This role is key to proactively managing cyber risk, ensuring alignment with regulatory requirements, and supporting overall business continuity. You’ll work across teams to help prioritise and reduce vulnerabilities, making a real contribution to enterprise-wide security.

UAR Accountabilities:

Understand and maintain the ISP-025 User Access Review procedure Create and maintain a plan, action logs, schedule regular review meetings and ensure actions are closed for user access reviews  Conduct and/ or facilitate regular User Access Reviews with key stakeholders and complete a quality check activity Repeat the review exercise as per the Control Calendar published by the Cyber assurance team at the minimum of every six months Create regular reporting of progress to the Company cyber assurance team in accordance with the Control Calendar and team KPIs Create and maintain effective user management of access controls to the team SharePoint including performing regular access reviews Complete user access related activities as required by the control calendars Maintenance of engagement and communication with company assurance team, system SMEs and, where necessary, third-party suppliers’ SMEs

CAR Accountabilities

Understand, analyse, and deliver business requirements in context of business intelligence related to the CAR Create regular reviews and progress of the CAR Understand the CAR data, analyse previous and current data and spot key performance indicators to support and meet CAR objectives Use the CAR to transform Heathrow’s business requirements into technical publication. Document all aspects of the CAR, from algorithms, parameters, models, all definitions, and configurations into well-defined documentation such as procedures and manuals Improve and enhance the CAR to meet Heathrow technical and strategic requirements and future changes Support the team with regulatory and compliance activities such as but not limited to Aviation regulations, UK legislation and compliance such as PCI-DSS  Support development and contribute to fit-for-purpose security policies and maintain baseline standards and patterns, frameworks and roadmaps with the team’ that deliver the strategic goals, business priorities and comply with technical and industry/regulatory standards Support and development of plans and roadmaps for the Cyber Security Team

Proficiency or familiarity with data science, business intelligence, and data analytics, aware of data integration and modelling, along with presentation tactics and concepts Experience of working with BI tools. Experience completed in working with BI systems, with ability to create and build rich dashboardsDemonstrates experience of building, maintaining, and influencing relationships with a range of internal and external stakeholdersGood facilitation and negotiation skills – ability to influence teams, stakeholders and individuals and motivate them Innovative thinking, self-starter and drive to be successful and complete is a key requirement for this position; needs to probe and follow throughAbility to extract and summarise information such as learnings from exercises and incidents for Senior Stakeholders and other colleagues Ability to attain Security Clearance at CTC or higher (., SC, DV) Experience of working with Operational Technology (OT) Security and understanding of the 
challenges and opportunities in linking with OT Security with a compliance regime

Ideally, you'll also have:

Experience of Cyber Security and/or Security within Critical National Infrastructure Experience of airport processes, systems, and information and/or experience of cyber security within Critical National Infrastructure Knowledge of Microsoft Technology stacks (including Active Directory, Sentinel/Defender, and SharePoint Experience of working with Operational Technology (OT) Security and understanding of the challenges and opportunities in an incident involving OT Knowledge or awareness of Microsoft BI stack like Power Pivot, SSRS, SSAS