You will be responsible for establishing and maintaining a vision, strategy, and program to ensure information assets, developed products and technologies are adequately protected.

The Information Security Analyst will work in identifying, developing, implementing, and maintaining processes across the business to reduce information and information technology risks. To be responsible and respond to incidents, establish appropriate standards and controls, manage security technologies, and direct the establishment and implementation of policies and procedures. The Information Security Analyst will also play a large part in ensuring information-related compliance where applicable such as GDPR. The Information Security Analyst influence reaches the entire business.

Main Duties and Responsibilities: Essential duties may include, but are not limited to, the following:

• Adopt and implement information security policies and processes

• Work with 3rd parties to ensure security policies are implemented and develop appropriate reporting and metrics

• Take a risk based approach to the continual measurement and enhancement of the security landscape

• Monitor Information Security controls and processes through actionable metrics

• Work with the wider IT team to raise the level of Novosco’s information security awareness and compliance to security policies with practical initiatives

• Assess, review and audit systems and controls in line with Policy & Standards

• Champion an Information Security culture and embed its principles throughout the landscape

• Install, configure and deploy Security related products and toolsets

• Respond to and deal with Information Security incidents

Please note that this job description is subject to ongoing review as new demands and best working practises are considered, agreed and implemented.

Experience and skills:

Experience (essential):

• Understanding of Information Security principles

• Excellent knowledge of security related legal and regulatory requirements

• Excellent written and verbal communication skills

• Web security experience

• Ability to build strong internal and external stakeholder relationships

• Able to explain information security concepts and risks in terms non-technical people will understand

Experience (desirable):

• Previous experience in a similar role

• Technical understanding of Networks and AD

• Pen testing experience

• Experience with a Security Incident and event management toolset

• Experience of public cloud security, particularly AWS and Azure

• Ability to install Security software and applications.

Interpersonal Skills:

• Articulate and a clear communicator

• Be a customer advocate

• Have the ability to converse technical terms and definitions to non technical personnel

• Meticulous with excellent attention to detail

• Able to multitask and handle large amounts of complex information

Additional Information

Training: Internal training on products and services will be provided. However, staff are expected to consistently keep abreast of new developments, which would impact on their areas of responsibility. Personal training in relation to this job description will be given as part of the company’s overall personnel development program.

Conditions of Employment Salary: The salary and benefits for this position will be determined according to the experience of the person appointed.

General Guidance: The nominal working week is 37.5 hours, although a degree of flexibility is both offered and expected. In specific circumstances there may be a requirement to work additional hours. Annual holidays are 24 days plus 7 statutory holidays. Novosco Ltd operates a Non Smoking Policy. Novosco Ltd is an Equal Opportunities Employer.