Security Operations Analyst

Security Services Administrator

Role Summary

To support the administration and management of Security Services across the Global IT function. Working within the SecOps function, the role will serve to grow and maintain a disciplined IT security function which safeguards IT assets, business information and workers from security and compliance breaches.

Responsibilities:

• Manage and maintain the portfolio of IT Security tools in operation at CloudFactory, keeping track of security events and remediating security related issues where possible.
• Maintain compliance standards in support of security controls for endpoint devices across CF (e.g AV, Patch mgmt etc).
• Review and test system, web and mail policies, always seeking to reduce risk through strong DLP, encryption and security posturing (when possible).
• Baseline user security according to our published security policies (Acceptable use, Password Policy etc). Provide feedback to relevant parties in regard to policy update requirements or policy compliance issues.
• Support and assist in the management of security related issues via our internal tools (ITSM, Risk Register) whilst following the appropriate escalation channels.
• Stay informed of security related news, industry trends and vendor updates to provide expertise around new security developments, reported breaches and emerging vulnerabilities across the industry.
• Help to maintain strong communication channels to the wider business to help ensure that staff are well informed of security vulnerabilities, online threats and growing security trends.
• Help to educate and raise user awareness in effective security practices, identify training platforms and education opportunities to widen information security awareness and knowledge.
• Support business endeavours in achieving and adhering to industry-led security standards (ISO27001, SOC2 etc).
• Provide functional knowledge and guidance in relation to operations and controls to support the wider business and our Clients.
• Identify and highlight security gaps, weaknesses and opportunities for improvement.

Process and Policy

• Assist in supporting the internal and external audits process, through info gathering and action tracking.
• Support the development of key security processes; business impact assessments, security response plans and end user security policies.
• Help to maintain the InfoSec document portal, working to ensure that document control standards are met
• Work with the IT Service Delivery function to ensure that risks are being recorded within the relevant Risk Register whilst making sure to log and track risks that emerge from scans, audits etc.
• Work to champion the presence of the risk register to ensure that internal staff are mindful of the need to report any form of operational or system risk which may impact the business.
• Maintain a good awareness of data privacy regulations such as GDPR, HIPAA etc whilst helping to ensure that the business adheres to good practise and defined processes.
• Produce, maintain and manage policy documentation. Addressing any policy gaps and advising the business over policy use.