The UK’s largest independent energy supplier is seeking an Information Security Analyst to join their expanding team. First Utility is committed to helping customers reduce their energy bills through the use of innovative technology, by offering cheaper tariffs and campaigning for industry change. This opening comes at an exciting stage and offers a fantastic opportunity for you to be part of a team hungry to make a difference.
The Information Security team is responsible for the ongoing protection of the confidentiality, integrity and availability of data, especially where such data is deemed sensitive. The team is tasked with implementing robust security controls, yet being flexible as to not hinder business operations: the balance between security and operational functionality must be maintained. The team is led by the Head of Information Security, who reports to the Chief Information Officer. There are a further two Information Security Analysts in the team.
The successful candidate will have
Detailed knowledge of information security frameworks including ISO 2700x, NIST and CESG advised best practice
Understanding of PCI DSS: experience of certification process is beneficial
Working knowledge of data protection legislation, specifically the Data Protection Act 1998 and General Data Protection Regulation
In-depth knowledge of information security audit techniques, including management and testing of IT controls frameworks
Knowledge of IT system and network security principles, and how these are applied in a real, dynamic environment
Experience in maintaining ISMS policies and process documents.
Understanding of technical IT operating processes and the most appropriate security controls
Experience in using third party security services/contractors and appreciation of due diligence processes before work is performed
CISA, CISM and/or CISSP certification is beneficial
ISO 27001 Lead Auditor beneficial
Background in Tier 1 (Big 4) or Tier 2 security/IT audit practices is beneficial.
Must be confident to work independently (e.g. performing a complete information security audit end-to-end).
Experience of dealing with senior management is beneficial (e.g. presenting audit findings or explaining the purpose of a specific risk control).