JOB DESCRIPTION Job title: IT Security Analyst Grade: Responsible to: Responsible for: Liaises with: Head of IS N/A IS teams, Hanover colleagues, third party suppliers Role Purpose: Location: The purpose of this role is to ensure that IT security is properly assessed and mitigated against, thereby contributing to the delivery of a world class IS service to all Hanover colleagues enabling the effective use of computing and communications systems. Chippenham Office Principal Duties and Responsibilities Overview 1. To take responsibility for the development of the IT security policies and procedures 2. To ensure that constant focus and a proactive approach is taken to IT security for the organisation 3. To provide expertise in all aspects of IT security and ensure that threats and risks are properly mitigated against 4. To ensure that IT security is considered in relation to current and future business requirements 5. To ensure that on-going management processes related to IT security are in line with industry best practice (ISO 27001) 6. To ensuring that the IS Department has robust security policies and procedures 7. To develop improved IT security incident management and reporting JD IT Security Analyst - 2016 1
Key Tasks 1. Reviewing the IT Security Policy, and ensuring that it is developed in line with changing business requirements 2. Developing the on-going management processes related to IT security in line with best practice (ISO 27001) 3. Reviewing cyber security threats/risks and providing advice and recommendations to mitigate against them 4. Developing and documenting the process for managing IT related security incidents 5. Providing guidance and support to the IS teams to ensure a co-ordinated approach across the department 6. Working closely with the data management team and Data Governance Manager to ensure that IT security is integrated into business policies and procedures 7. Ensuring proper Integration of the Disaster Recovery and IS Business Continuity plans, including testing 8. Reviewing proactive network penetration/intrusion testing & application vulnerability monitoring 9. Developing and maintaining the IS risk register with particular regard to IT security 10. Integrating IT security requirements into supplier contracts and activities of third parties JD IT Security Analyst - 2016 2
General 1. Establish, develop and maintain effective working relationships with all work colleagues to ensure an integrated contribution to the Hanover aims, values and mission. 2. Observe, comply and help develop the policies, procedures, legislation, continuous improvement and good working practices adopted by Hanover. 3. To be aware of and to assist with the control of risks such as confidentiality, mis-use, fraud, theft and licencing. 4. To be aware of and champion the need to control costs and give consideration to providing Value for Money (VFM) in all areas of work. 5. Participate in learning and development activities that develop personal effectiveness and assist in improving performance in the role. 6. Maintain high levels of professionalism at all times and ensure equality of opportunity and valuing of diversity. The post holder may be required to perform duties other than those given in the job description. The particular duties and responsibilities attached to posts may vary from time to time without changing the general character of the duties, or the level of responsibility entailed. Information Services Department Structure JD IT Security Analyst - 2016 3
Personal Specification JOB TITLE: IT Security Analyst LOCATION: Chippenham PERSON SPECIFICATION: ESSENTIAL PREFERRED Knowledge and Experience In depth knowledge of security protocols, tools and procedures Experience of performing information security risk assessments, ideally with knowledge of ISO 27001 (or similar) security frameworks Significant knowledge of cyber security threats/risks and experience of providing advice and recommendations to mitigate against them Experience of acting in an IT security advisory role Strong knowledge of IT infrastructure and server technologies Experience of working in an ITIL best practice environment and creating formal processes & procedures. Knowledge of housing associations or similar organisations Abilities and Skills: Self-motivated to provide excellent customer service and demonstrates commitment to continuous improvement. Ability to rapidly assimilate technical information to assess and document risks Excellent verbal and written communication skills with the ability to communicate maturely & effectively at all levels. Ability to discuss technical issues confidently with excellent listening, questioning and clarifying skills. Expert IS skills with the ability to adopt an analytical and practical approach to technical issues. Methodical, organised, and flexible approach, with the ability to prioritise tasks for self and work under pressure. Education, Qualifications, Specialist Training: Good Standard of general education or equivalent through relevant training / experience (NVQ). JD IT Security Analyst - 2016 4
ISEB IT Infrastructure Library (ITIL) Foundation/Practitioner qualification. Relevant information security qualification/certification (CISSP, CISA or CISM) Willingness to train further. Other Requirements: Full driving licence. Ability to travel with overnight stays when required. Ability to work outside normal office hours, if required. JD IT Security Analyst - 2016 5