Information Security Analyst (VA474)

We are seeking for an Information Security Analyst to join our Compliance team, and this position can be based in Guernsey, Jersey or Southampton offices.

Role purpose

• Working as a technical specialist within the Carey Olsen Information Security & Data Protection team.
• To monitor and analyse threats and vulnerabilities that could impact Carey Olen systems or data.
• To carry out security related tasks as directed by the Information Security & Business Resilience Manager or Group CISO.

Principal duties

• Support the Chief Information Security Officer in performing key activities related to the Group information security program.
• Perform horizon scanning and reporting in respect of security trends and developments that could be applicable to the Carey Olsen Group.
• Maintain technical knowledge of security tools and best practices concerning attacker tactics and techniques, response processes, and incident containment and remediation.
• Monitor key security systems for potential incidents and security issues using various tools, such as endpoint analysis, SIEM products, and data loss prevention systems.
• Interface with the firm's 24/7 managed cybersecurity services provider and incorporate relevant threat intelligence into awareness and operational practices.
• Assist with implementing improvements in the security team's functions and capabilities, including enhancing processes such as incident handling, tooling, and general skills and knowledge.
• Support the delivery of projects and ongoing tasks aligned with your role, such as rolling out new security tools.
• Assist with conducting technical information security reviews to ensure a "security first" approach is followed across the organization, identifying areas for improvement and making recommendations to address identified issues.
• Plan and perform security related testing of key systems to ensure agreed security requirements are successfully delivered.
• Support the firm's response to security incidents from initial triage through to closure.
• Work with Major Incident teams and the CISO to support investigations into security incidents.
• Document incidents clearly and report upwards as required.
• Support and manage the scoping of supplier work, such as penetration tests, build or network security reviews, and oversee the delivery of this work.
• Provide support in the timely completion of client and supplier-related assurance activities.

Experience

• At least 3 years' experience in a relevant technical Information Security role
• Functional understanding of IT systems, including security and data privacy concepts and practices
• A strong interest in cyber security and a desire to learn is essential.
• Qualifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH) are desirable but not essential.

To submit an application, click on "Apply for this job"​