Senior IT Security Analyst - Cloud
West Sussex, UK
Employees can work remotely (fazed return to office)
As a part of the Global IT Technology team, the Senior IT Security Analyst - Cloud role requires a strong (cloud) Security and Information protection background. The incumbent will be responsible for (co) development of the Security Architecture of existing and new IaaS, Paas, SaaS, and BPaaS components. Support the development and maintenance of company policies related to the IT and Security environment. Communicate and inform all levels of the business about the security plans, requirements and policies. Auditing of the use of Security and other IT procedures to ensure that they meet the compliance, security and good practice requirements.
Ensures that third parties and clients IT functions are following clients targets for availability, integrity and confidentiality including the periodic review, monitoring and mitigation of supplier controls.
Evaluates all major system modifications and development/project requests to determine potential benefits and impact on information security operations.
Assists IT functions with their security system design and setup documentation to ensure compliance with the relevant standards.
Plans and performs audits of Information Security and other IT procedures.
Maintains professional growth and development through seminars, workshops and/or professional affiliations to keep abreast of latest trends in the assigned field.
Conduct IT risk assessments and develop the appropriate risk treatment plans. Monitor and ensure the mitigation of residual risks.
Act as the primary corporate control point during follow-up on significant information compliance or security incidents, overseeing incident management and the development of response plans and provide timely update reporting. Actively participate in iSMS process.
Collaborate with the IT security and governance team to ensure information security risks in both ongoing and planned operations are properly considered and implemented, so that all compliance matters are being adhered to as required.
Develop and maintain and report the key security related KPI's to support ISO27001 and the IT General Controls (ITGC) framework
BS or MS in Computer Science or equivalent experience.
Proven and recent experience for at least 3 years operating IT Security controls in M365 and Azure (Relevant Azure Certifications required)
Expertise in information security architecture technologies and concepts.
Expertise in the field of information systems security, including areas such as identity and access management, security program policies, processes, and procedures
Understanding of emerging technologies and their impact on security architectures: service orientated architecture, enterprise frameworks, message based information exchange, etc.