Information Security Analyst

Aberdeen, Scotland — activTechnology

PRIMARY FUNCTION

To support the Information Security Officer in the design, implementation, testing and monitoring of activpayroll’s Information Security Program to ensure compliance with policy, processes and procedures throughout the organisation.

The role will specifically focus on assisting in the analysis and implementation of the policies and procedures required for ISAE SOC and ISO 270001 Compliance, in addition to Third Party Vendor Assurance Information, Security Risk Management and Reporting and Customer Due Diligence.

ROLES & RESPONSIBILITIES

Principal Duties

  • Assist the Information Security Officer with the design and implementation of the Information Security, Business Continuity, Disaster Recovery and Incident Management policies and procedures
  • Assist the Information Security Officer with the design and implementation of policies and procedures to achieve ISO 27001 and ISAE18 SOC certification
  • Assist the Information Security Officer with the investigation of information security incidents
  • Assist the Information Security Officer with enforcing suitable and relevant information security policies, investigating operational procedures to reduce risk and mitigate against security incidents
  • Assist the Information Security Officer with the documenting of results of internal Information Assurance Testing, Information Security Control Testing and lead on the delivery of remediation (including Risk Reporting)
  • Assist the Information Security Officer by managing the Third Party Vendor Assurance Program including issuing and reviewing due diligence questionnaires, risk reporting, and user management
  • Assist the Information Security Officer with the Business Continuity & Disaster Recovery Plan testing and process development (including reporting of key metrics and remediation of any risks and issues)
  • Assist the Information Security Officer in the training and coaching of new and existing staff to promote and embed information security awareness
  • Assist the Information Security Office with customer and vendor security questionnaires; review the security clauses within customer security requirements and contracts to ensure compliance
  • Assist the Information Security Officer with the preparation of the SSAE18 annual audit from an IT perspective and ensure processes and procedures carried out follow the auditing standard

Service Excellence

  • Ensure that any serious issues / problems are raised with the Information Security Officer
  • Communicates effectively with internal and external customers

Team Focus

  • Prioritise workload on a day to day basis
  • Working effectively with teams within the business
  • Must be able to work in a team to achieve department goals

Commercial Awareness

  • Keeping up to date with new technology and practices which may benefit activpayroll
  • Be innovative and identify areas of improvement

Professional & Personal Development

  • Updating skills on a regular basis
  • Ensure that actions from appraisal are reviewed regularly with Information Security Officer

Competencies

  • Current or working towards a degree or equivalent in Information Technology, Computer Science, Engineering or a related field
  • Current or working towards a recognised Information Security or IT Security Certification – CISM, CISSP etc.
  • Basic knowledge of auditing standards
  • Basic knowledge of Information Security principles and best practices
  • Basic knowledge of security best practices with relation to applications, network and customer setups
  • Practical knowledge and experience in writing and implementing policies and procedures
  • Basic knowledge of computer and network technologies, with a focus on Microsoft products
  • Highly organized with ability to prioritise workload to incorporate changing priorities
  • Excellent interpersonal skills and the ability to communicate clearly at all levels through reports, presentations and forming effective relationships
Your application