Sourcefit

Position Summary:

The Security Analyst Operations takes responsibility for delivering the client’s Cyber Security Operations capability, working with line management to set the Security Operations vision, roadmap and standards in line with the company’s policies and frameworks, and to deliver effective change activities supporting the company’s business strategy. Keeping up-to-date with security threats that have the potential to adversely affect businesses, ensuring adopted cyber security frameworks are fit for purpose and evolve to counter such threats. Ensuring appropriate Information, IT and OT capabilities and controls are in place to protect businesses from internal and external cyber-attacks. Taking responsibility for programmes and projects locally to enhance cyber and information security operational initiatives, mitigating existing and emerging security risks.

Job Details:

  • Work from Home
  • Monday to Friday | 4 PM to 1 AM Philippine Time
  • *Following UK Holidays

Responsibilities:

    • Contribute to defining and delivering a Cyber & Information Security Operations Strategy that supports the company’s plans. In addition, support the effective delivery of group-led Cyber & Information Security initiatives.
    • In collaboration with line management and UK&I CISO organisation, help define the security operations target state and identify incremental and strategic change initiatives (with estimated effort and cost) to migrate to the target state.
    • Support the client’s response in collaboration with Group Cyber Security Operation Centre (CSOC) to any cyber related events and or incidents that affect IT and OT environments. This may require working outside of normal office hours and at weekends if necessary.
    • Ensure security weaknesses identified through Vulnerability Scan Reports (Web and Infrastructure) including issued Security Bulletins and Patch requirements are prioritised and addressed in line with the Company’s Minimum Security Requirements.
    • Ensure incident identification, assessment, quantification, reporting, communication, mitigation and monitoring is effective. Where necessary, and in collaboration with line management, establish and document appropriate and relevant Incident Response Plans and processes common to the UK&I boundary.
    • With the team, develop and schedule a penetration test capability across the UK&I IT & OT Network, Infrastructure and Application environments in accordance to the based on the criticality and sensitivity of systems as defined by the UK&I businesses. Ensure appropriate plans are established and executed to remedy identified security gaps.
    • Collaborate with the Group Cyber Security Operations (CSOC) department to gain an understanding of current and forceable cyber & information security threats Saint-Gobain and more specifically the UK&I businesses are exposed to, and in collaboration with the UK&I CISO organisation, develop and implement appropriate detective and preventive measures to minimise such threats materialising in the UK&I.
    • Support regular security reviews of cyber security across the organization to maintain and where relevant, enhance the capability and maturity to ensure adequacy and evolution in view of evolving threats.
    • Keep up-to-date with the latest threat information, risks and technologies, and implement adequate detective, preventive and corrective security controls seeking internal (Group) and external advice where necessary.
    • Maintain a regular cadence for undertaking cyber security risk analysis of businesses aligned to the client’s Group Risk Management methodology and procedures.
    • With the Team, prepare defined and tracked metrics and KPIs that inform Business and Technology stakeholders, boards and committees on the performance of the security operations organisation and associated initiatives.
    • Build strong relationships with internal clients including Digital IT, Legal, Procurement, People Management, Finance, Marketing, Group, Internal Audit, External Audit, Businesses (Interior Solutions, Manufacturing, Glass for Buildings, Off Site Solutions (OSS), Constructions Specialities and High-Performance Solutions (HPS)), demonstrating a thorough understanding of their business, their challenges and the value cyber security operations can add.
    • Contribute to local Cyber Security Forums, and actively participate in Group led, Internal as well as external forums to proactively share knowledge, keep stakeholders informed on the company’s cyber resilience initiatives, and maintain oversight of the horizon and industry trends.
    • Ensure appropriate security monitoring capabilities are implemented for all Acquisitions and Divestments in line with Group directives and minimise the introduction of any new security risks to the company.

    Qualifications:

    • Degree in a technology-related field.
    • Industry recognised security certifications, such as CISSP/CISM or equivalent experience.
    • Experience in a combination of Security Operations (SIEM / SOC), Information Security and Digital IT jobs.
    • Knowledge of information security management frameworks, such as ISO/IEC 27001, and NIST, CBEST, MITRE ATTACK. Lockheed Martin Cyber Kill Chain, etc.
    • Understanding of the evolving threat landscape and ability to translate an emerging threat into the potential business impact.
    • Methodical approach to threat assessment, Treatment and Risk Management.
    • Ability to work under pressure and manage multiple priorities simultaneously.
    • Excellent written and verbal communication skills and a high level of personal integrity.
    • Self-motivated and ability to work on own initiative towards business improvement.
    • Proven track record of management of staff with variable skills essential.
    • Innovative thinking and leadership with an ability to lead and influence cross-functional, interdisciplinary teams.
    • Strong analytical skills and ability to assimilate information.
    • Demonstrable experience defining Cyber Security Strategy and associated policies.
    • Excellent relationship management and networking skills.
    • Comprehensive understanding of Risk Management and Risk-based decision-making.
    • Commercially aware and able to balance risk against progress.
    • Experience with third-party assurance and contract negotiations.
    • Experience with Project Management and Development methodologies, such as Agile.
    • Broad technical Digital IT and OT experience including Cloud computing, websites, ERP, payment channels, big data, ICS and SCADA systems.
    • Comprehensive experience with PCI DSS and the compliance process.
    • Exceptional standards in quality and integrity towards the delivery of information.
    • Driving licence (regular travel and overnight stays are required).

    %FOOTER_POWERED_BY%breezy