Information Security Analyst, Vulnerability Management

As an Information Security Analyst, you will be working within our vulnerability management team, which focuses on the technical side, ensuring IT systems are operated in a secure manner.

Employment type: Full Time

Closing date: 01/10/2025

The Information Security department monitors our live operation, creating and reacting to alerts and other anomalies identified through automated tools or manual analysis. The vulnerability management (VM) function covers two high-level areas, including owning the processes and schedules relating to the vulnerability scanning of all endpoints in the Business. You will review the results in terms of risk and impact assessment, additionally you will own the scheduling of, and planning for specialist third-party vulnerability and penetration testing, in addition to the collation of reports. You will liaise with various teams within the Business to enhance their understanding of the Company's risk profile, and provide guidance on effective solutions for identified vulnerabilities.

• Conduct vulnerability scanning with class leading tools.
• Schedule scanning across the entire Business ensuring reporting requirements are met whilst minimising operational impact to endpoints.
• Articulate Business risk to both technical and non-technical colleagues.
• Schedule internal and external resources and ensure that targets are met.
• Work within the project process to ensure that the information security aspects are considered up front and throughout the project lifecycle.
• Liaise with the Business to ensure we remain compliant with all information security requirements within our operational jurisdictions.
• Acting as an escalation point where necessary.
• Create technical documentation.
• Stay up to date with new and emerging threats, escalating any of interest to appropriate teams for further evaluation.
• Take an active role in audits where necessary.
• Work closely with colleagues in the governance and compliance functions to ensure the Company meets its requirements on regulatory matters.

• Good understanding of the general principles, practices and technologies of Information and cyber security.
• Ability to demonstrate hands-on technical experience of conducting vulnerability scanning, evaluation of results and articulation of the risk vulnerabilities may pose.
• Experience of security related technical investigations.
• Working knowledge of industry standard information security practices.
• Knowledge of developments in security technologies and their applications.
• Awareness of PCI DSS at current version.
• Excellent communication and documentation skills, including a high attention to detail.
• Excellent organisational skills with the ability to work to deadlines.
• Pragmatic approach to the administration of governance and risk.
• Display a committed, flexible, can-do attitude towards work.