Cyber Security Analyst

Cyber Security Analyst - Energy Sector - London

• 2 days per week in the London office
• Full time permanent role

As part of the wider UK Cyber Security team, the Cyber Security Analyst (CSA) will be responsible for protecting and safeguarding the organisation’s Information Technology (IT) and Operational Technology (OT) digital assets and systems. Working closely with the UK CISO and other global Cyber Security colleagues the Cyber Security Analyst will advise, manage, coordinate, and lead day-to-day cyber security discussions and activity, such as threat analysis, cyber reporting, technical analysis, alerting and incident management, risk management, policy and procedure development and management, and the general monitoring of the digital estate via cyber security tooling.

The Cyber Security Analyst will also work closely with other local IT / Info Sec teams and business stakeholders to maintain compliance against agreed cyber security frameworks (such as NIS2, ISO
27001, Group OT/IT and Cyber frameworks) offering analytical and technical advice were required.

• Provide expert advice and direction within Cyber Security specialism to the Local IT teams and the business.
• Advise, consult and actively participate in Cyber Security projects and take leadership in ensuring end-to-end security through lifecycle. Ensuring Secure by Design principles are adhered to and met.
• Provide Cyber Security expertise as part of the Architecture Review Board (ARB) to ensure technical solutions are designed, procured and/or developed to comply with internal group controls and security frameworks and best practices.
• Stay up to date with the Cyber and Digital technology curve, research and develop cyber security improvements and solutions.
• Develop and maintain appropriate Cyber security policies and procedures, compliance and service levels monitoring and reporting.
• In conjunction with CISO, assist in the development, adoption and monitoring of a local Cyber Security Strategy and Plan.
• Become a Cyber point of contact for the UK to other ‘assurance’ functions – Internal Audit, Internal Control, Enterprise Risk Management, Health & Safety & Security, Legal and third parties such as External Audit and security vendors.
• Advise and contribute to Cyber Security Risk analysis and Management.
• Advise and contribute to Cyber Incident management – e.g. response to virus attack, denial of service, etc. and service recovery, including coordination with group SOC.
• Conduct Cyber Security monitoring – e.g. network analysis, looking for anomalies, alert and detection analysis.
• Coordinate with Asset / Plant operations teams to ensure compliance with OT and Industrial Control System (ICS) Cyber Security and Standards.
• Act as Cyber Security expert for projects, ensuring Security due diligence is performed and risk identified during delivery of new solutions.

• London / Remote based with Adhoc travel to other UK offices

• Excellent understanding of IT and OT Cyber Security principles, technologies, processes and tooling
• Strong understanding of Cyber Security Incident and Risk Management
• Strong knowledge on third party supplier management
• Strong knowledge of Cyber Security accreditations and compliance frameworks, eg Cyber Essentials, ISO
  27001
• Good IT and OT technical knowledge across a range of business operations, eg energy production, distribution, trading, risk management

• Significant experience in IT Cyber Security operations
• Significant experience in OT Cyber Security operations in an industrial setting
• In-depth knowledge of a wide-range of technologies involved in Cyber Security
• Solid IT generalist background including IT infrastructure, networks and operations, service delivery management and project management
• Substantial experience in information security governance, Cyber Security and risk management - having a successful track record of organising an Information Security Management Programme
• Experience in documenting Cyber Security procedures and end-user documentation, and in security awareness actions
• Influencing other technical experts to deliver business outcomes and expectation

• Degree or equivalent experience in Information Technology or Computer Science (or related technical / scientific discipline)
• Recognised certification in IT security (e.g. CISSP – Certified Information Security Professional), preferably in information security management (e.g. CISM – Certified Information Security Manager)