Senior Security Analyst at Inspired Thinking Group – Birmingham, England, United Kingdom

We are looking for an enthusiastic and detail-oriented Senior Security Analyst to join our growing information security and data protection team.

The Role:

The Senior Security Analyst is an experienced security professional responsible for performing more advanced security and data protection tasks with a higher level of autonomy. In this role, you will be responsible for conducting comprehensive security and data protection assessments, overseeing vulnerability management, developing and updating security and data protection policies, reviewing configurations, and providing expert guidance to the organization. You will be expected to operate with minimal supervision and mentor junior analysts as needed.

This is a full-time position with some mentoring responsibilities. Occasional after-hours work may be required for incident response or urgent security tasks.

Successful candidates will be enrolled on a fully funded level 6 Cyber Security Risk Analyst apprenticeship and will be provided with mentoring support to help you grow and learn. Upon successful completion of the level 6 qualification, it is anticipated that you will be able to progress to a fully funded level 7 qualification (MSc) in Cyber Security.

Responsibilities:

KPI Reporting & Metrics Analysis:

• Lead the accurate tracking of KPIs related to security and data protection performance and risk management.
• Analyse data to identify trends, areas of improvement, and potential security and data protection risks.
• Prepare detailed reports for management and advise on mitigation strategies.

Lead Security Assessments:

• Perform risk assessments, vulnerability assessments, and commission penetration tests with minimal supervision.
• Prioritize and manage findings, providing actionable recommendations for remediation.
• Conduct security and data protection audits and collaborate with IT and development teams to identify weaknesses.
• Completes security and data protection assessments from clients.

Policy & Standards Development:

• Develop and update security and data protection policies, procedures, standards, and guidance to align with industry best practices and regulatory requirements.
• Review policies and provide recommendations for improving the organisation’s security and data protection posture.
• Supports the implementation of privacy policies and ensuring privacy by design and by default in company operations.
• Helps with data mapping, DPIAs (Data Protection Impact Assessments).

Configuration Reviews:

• Conduct detailed configuration reviews of systems, networks, and applications.
• Work with cross-functional teams to ensure that security configurations meet established standards.

Vulnerability Management:

• Oversee the identification and remediation of vulnerabilities across systems.
• Coordinate vulnerability scanning, patching, and remediation efforts with internal teams.
• Provide leadership in addressing critical vulnerabilities and mitigating risks.

Incident Response

• Support the incident management leads, helping to coordinates the response to security incidents, including data breaches, system compromises, or attacks.

Application Security

• Work with development teams to embed secure coding practices.
• Conduct regular security assessments of the company’s software, including the proprietary products sold to clients.

Collaboration & Communication:

• Provide security and data protection guidance to internal stakeholders, ensuring security considerations are incorporated into development and operational practices.
• Participate in ongoing security and data protection awareness training initiatives.
• Mentor and support junior analysts, assisting in their professional development.

Requirements