Due to the continued growth and success of Ridge, the Information Security team is growing in capacity to meet demand & service across the company. We are looking for two talented Information Security Analysts to sit within the Ridge Technology team. One is designed to be an opportunity for someone who has recently finished University or has a deep passion for Security, the next is designed for someone who has a little more IT experience but are looking for their first role in Information Security.
Role And Responsibilities
These roles will play a crucial role within the Information Security and Technology teams, supporting the Head of Information Security to ensure our information systems and data are protected from threats. Responsibilities will cover both technical (with access to the latest security tools) and non-technical (Governance, Risk, and Compliance). No two days will be the same!
Responsibilities will include liaising and working with the 24/7/365 Managed Detection and Response (MDR) service, to identify, manage and resolve security alerts and incidents. You will also be performing internal vulnerability scans, understanding the data to identify real risk to the firm, and then working with system owners to remove that risk. In addition, the role will take on responsibility for implementing and maintaining information security standards and measures to protect our infrastructure, systems & information. As part of this, the role will be key in ensuring we renew our current (Cyber Essentials Plus & ISO27001) & future accreditations.
Finally, the role will work closely and in collaboration with the wider technology team at Ridge, business stakeholders and end users to support and promote information security at all levels. Excellent communication skills will be critical to successfully collaborate with all stakeholders and ensure success.
What you need to do to be effective in this role
- Organise yourself and your ongoing work, ensuring you complete your tasks to a high standard and on time
- Liaise with both internal and external stakeholders'
- Create and maintain security documents (policies, standards, baselines, guidelines, and procedures)
- Maintaining key process documentation for information security
- Remain informed on trends and issues in the security industry, including emerging threats
- Promote and drive a culture of security awareness & compliance across the organisation Work with the MDR provider to analyse security alerts & incidents to identify impact & rectify threats
- Perform vulnerability assessments to identify potential gaps and weaknesses
- Conduct or assist in security audits to assess compliance
- Input into & help manage the wider IT risk register holding other areas to account on mitigation plans
- Input into Change Approval Board (CAB) to ensure governance and security is applied to all change
- Identify and suggest improvements in Information Security to the Head of Information Security & the wider business
- Help understand and develop key Information Security value, measures (KPI and OKRs) and targets in our business & ability to show how the function contributes to our overall business objectives
- Input into the enterprise’s security architecture design to assess current & future requirements
- Maintain & improve the enterprise’s Business Continuity Plan and Disaster Recovery Plan
Experience And Skills Required
- Excellent written and verbal communication skills with an ability to communicate effectively with colleagues and non-technical stakeholders
- Ability to present ideas in business-friendly and user-friendly language
- Ability to effectively prioritise and execute tasks in a fast-paced environment
- Previous exposure to IT service governance, risk, and compliance methodologies would be beneficial
- Educated to Degree level within a STEM subject (preferably Computer Science, Information Security or equivalent) would be advantageous but not essential within this role
- Gained relevant experience within an IT / Technology role, ideally in Information Security
- Strong working knowledge & understanding of Cyber Essentials Plus & ISO27001:2022
- Relevant accreditation in security such as CompTIA Security+ is desirable, but not required
Don’t quite tick all the boxes here?Don’t worry, we still want to hear from you! As detailed above we also have an opportunity for a more Junior InfoSec Analyst, so please apply, we would love to receive your application.
