Description
Security Analyst
Cardiff
6 months
£350 - £400 per day
Security Analyst required to support 3 major programmes:
To support the ongoing maturity of the Identity and Access Management (IAM) processes and controls for the DC Workplace and Retail Investment Business Units. Responsible for penetration testing and third party due diligence administration, and role based access control activities whilst supporting the wider team activities.
Accountabilities:
Management of penetration testing activities for in-scope applications, to include the organisation of penetration tests and organisation of penetration testing remediation activities to enable the remediation of vulnerabilities and reduce risk to the business. Management of 3rd party due diligence activities for in-scope applications, to include the organisation of due diligence activities and organisation of due diligence remediation activities, so as to identify any supplier risk and to reduce that risk to appropriate levels.
Analysis and implementation of Role Based Access Control across business units and applications, to enable employees to be given access that is appropriate to their position so as to reduce the opportunity for inappropriate action on the corporate network, including:
- Implementation and ongoing maintenance of Least Privilege & Segregation of Duties across the DC & Retail estate;
- Analysis of application user accounts with unique HR identities.
Execution and facilitation of Joiner, Mover and Leaver process for the DC & Retail Access Control Team, to facilitate appropriate assignment of access rights so as to maintain Least Privilege & Segregation of Duties principles, including:
- Document & understand access requirements;
- Maintaining Role Based Definitions of user access across ensuring the least privileged access and Segregation of Duties & Toxic combinations is maintained as per policy;
- Support the AMS processes.
Reporting of Metrics, Key Performance Indicators and Risk as a way of communicating to management the effectiveness of the Access Control Teams activities and the impact these have on the business, including:
- Monitor and ensure that DC & Retail ACT controls are documented, updated and completed within expectations or time and evidence.
Qualifications:
A security related qualification (eg CISMP, CISM, CISA, CISSP etc.) desirable
Knowledge:
Demonstrable experience of executing complex processes ideally relating to business application and data security.
Demonstrable experience of organising penetration testing activities.
Demonstrable experience of organising 3rd party due diligence reviews.
Demonstrable experience of working with security management framework, eg ISO .
Experience of working with role based access control.
Experience of managing and monitoring schedules and related activities (eg recertification and penetration testing schedules).
Experience of working with stakeholders including; senior managers, third parties etc.