Information Security Analyst

Purpose of Role

HH Global is seeking an Information Security Analyst to ensure the continuous improvement and maintenance of its information security policies, procedures, standards, and threat defenses, aligned with ISO27001:2022 and SOC 2 Type II standards. The role involves supporting threat discovery and analysis, ensuring compliance, and enhancing overall information security across the organization. Responsibilities include developing and enforcing security standards, providing expert advice on security technologies, managing IT security governance, risk, compliance, and assurance, and working with IT engineers and the Security Operations Center to improve infrastructure and security practices. The ideal candidate will have a strong IT technical background to effectively support and improve the organization’s security posture.

Key Responsibilities

• Review and risk assess information security reports and dashboards to identify threats, vulnerabilities and opportunities for improvement regarding information security threat defenses.
• Assess, investigate and support security incidents and vulnerabilities.
• Support and collaborate with our Security Operations Center to respond to incidents and requests, and to improve our organizational security posture.
• Review, manage and implement security controls to cloud technologies.
• Support, control and evaluate IT Security operations.
• Organization and management of penetration tests and vulnerability management reports.
• Implement controls, policies and recommendations of security findings to improve the organization security posture.
• Assist in the development of plans to safeguard information security assets against accidental or unauthorised modification, destruction, or disclosure and to meet emergency data processing needs.
• Assisting in the development, recommendation and implementation of Information Security framework for HH Global, in line with IS027000 series principals and good practice disciplines, including overarching policies, procedures, guidelines, awareness and training plans, security monitoring processes, privacy regulations and overall security infrastructure recommendations.
• To work collaboratively or independently as part of the Information Security and Risk team to ensure the design, delivery, implementation and operational testing of agreed security strategies meet the business needs.
• Assist with assessments of Information Security controls to ensure they meet the legislative and regulatory compliance and propose remedial actions surrounding identified deficiencies.
• Monitoring security compliance through ongoing security control reviews and risk assessments, change management reviews and working closely with the ISR team to advise on Information Security issues that require support and closure.
• Assisting with the development of policies based on audit findings;
• Assisting with risk assessments;
• Assisting with the review, approval and implementation of IT changes with security conscious principles applied.
• Assisting with the support and ongoing maintenance of the ISO27001:2022 ISMS
• Contribution to Information Security strategy, overseen by the Global Head of Information Security and Risk.

Knowledge, Skills + Experience

• Excellent attention to detail, analytical skills and an ability to analyse complex technical information to identify patterns and trends.
• An ability to work under pressure, particularly when dealing with security threats and at times of high demand.
• Knowledge of ISO 27001:2013 / 2022 frameworks, associated legislation and good practice standards together with good core knowledge of web and network security plus excellent general information security knowledge.
• Knowledge of SIEM platforms such as Splunk and Microsoft Sentinel to derive the best value out of the tools for identifying security risks, malicious activity, and system misconfigurations within the information assets.
• Experience of Microsoft 365 security tools such as Microsoft Defender for Endpoint, Microsoft Intune and Microsoft Defender for Cloud Apps.
• Knowledge of Endpoint Detection and Response (EDR) configuration to monitor, detect and block cyber security threats.
• Managing and reporting from vulnerability management platforms, such as Qualys VMDR.
• Respond to security incidents and events, including triage, containment, and remediation activities.
• Working knowledge of hardware and software security products.
• Security hardening knowledge of IT systems, including but not limited to endpoints, servers and networks.
• Knowledge of Internet Security and Web Content Filtering Controls Knowledge of Data Loss Prevention (DLP) controls.
• Experience with evaluating Threat Intelligence response and ways to manage them.
• Investigate security alerts and provide incident response.
• Monitor identity and access management, including monitoring for abuse of permissions by authorised system users.
• Test and evaluate security products.
• Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues.
• Give advice and guidance to staff on issues such as spam and unwanted or malicious emails.
• You will be expected to work independently or as part of a team and will be able to quickly research and assimilate new information, keeping abreast of rapidly changing situations and work themes.
• You will have a diplomatic manner and strong interpersonal and communication skills that enable you to work with a wide range of people to deliver high profile pieces of work within pressured time frames.
• Excellent IT skills, including knowledge of computer networks, operating systems, software, hardware and security.
• An understanding of the cyber security risks associated with various technologies and ways to manage them.
• A good working knowledge of various security technologies such as network and application firewalls, host intrusion prevention and anti-virus.
• Written communication skills, for example to write technical reports.
• Time-management and organisational skills to manage a variety of tasks, prioritise workload and meet deadlines.
• Excellent attention to detail, analytical skills and an ability to analyse complex technical information to identify patterns and trends.
• An ability to work under pressure, particularly when dealing with threats and at times of high demand.