Information Security Assurance Analyst

Portsmouth/Horley | £44.4k - £55.5k per annum (dependent on skills and qualifications)

Full Time | Hybrid

Competitive pension scheme - Enhanced maternity/paternity pay - Life assurance - HolidayPlus - Cycle2work Scheme & more

REQ5202

Here at SGN we are looking for an Information Security Assurance Analyst providing support the security assurance function in triaging, assessing, and providing security advisory services across all programmes, projects, and steady state services.

You will be responsible for providing assurance to the SGN leadership team regarding the design and operating effectiveness of the security controls within both SGN's IT and OT environments.

You will work collaboratively with risk management, business analysts, projects managers, architects, and support teams to identify, evaluate, report, and mitigate risks.

In addition, you will be responsible for reviewing and identifying security control gaps in design documents, providing remediation and mitigation recommendations.

• Perform a threat modelling exercise of all projects and provide mitigating cyber security requirements to help ensure the secure delivery of compliant systems, applications and business processes
• Review both high/low level architecture definition documents for compliance against security policies, standards and regulatory requirements, and attend Technical Design Authority (TDA) and Architecture Review Board (ARB) meeting to provide security signoffs
• Manage a team of security assurance analyst / consultants providing thought leadership across a number of assurance functions, and helping to navigate through senior management approvals thereby allowing for seamless and smooth engagements with project delivery teams
• Perform cyber security risk assessments, compliance checks, audits and reviews to ensure that appropriate security controls are in place and highlight any deficiencies and gaps for management consideration.
• Provide cyber security assurance activities by ensuring implemented solutions are a replica of agreed and approved architecture definition documents, helping to facilitate penetration testing as per local Cyber policies, whilst providing security advice, in collaboration with Corporate Cyber Security, and support to management, BAU and projects to comply with both global and local requirements and obligations.
• Maintain and communicate relevant local security procedures aligned with necessary Cyber Security rules, processes, procedures and standards.
• Where required, propose solutions and coordinate delivery of mitigating actions to ensure risk levels are aligned with risk appetite.
• Perform compliance checks to ensure Cyber Security controls are operating as designed.

• The individual should be educated to degree level in a relevant discipline.
• Must be one of CISM/CISSP/CCSP/TOGAF/CRISC/AWS Solution Architect or equivalent certified or willing to undergo certification on the job.
• Must have expertise in Cloud (IaaS, Paas, SaaS), in particular AWS and Azure
• Must have proven expertise in three of the following security domain areas; Vulnerability Assessment and Management, Security Risk and Compliance, Cloud Security Architecture, Application Security, Security Operations Centre and Investigations, Incident Management and Security Engineering
• Must have 2-3 years' cyber security experience
• Good understanding and practical experience of Cyber Security Frameworks and standards such as NCSC security principles, NIST Framework, ISO 27001, ISO27005, IEC62443 etc.
• Good understanding of Cyber Assurance Framework and experience with working with Regulators and providing compliance updates for OT environment

Research shows some people - particularly women and those from underrepresented backgrounds - may hesitate to apply unless they meet every criteria. At SGN, we value diverse backgrounds, experiences and perspectives. If this role interests you but you're not sure you tick every box, we'd still love to hear from you. You might be just who we're looking for – now or in the future.

SGN is a leader in pioneering research and development toward a net-zero energy system. Our cutting-edge technologies and innovative thinking are driving change in the gas industry, all while keeping people safe and warm.

About us | Benefits | Diversity and inclusion

—