Information Security Analyst jobs in United Kingdom

The Senior Information Security Analyst is one of several such Analyst roles in the firm. Each Analyst is responsible for assisting with the day to day operation of CISO office tasks. Analysts are encouraged to participate in proactively identifying sources of vulnerability and threat. The role will be part of a worldwide team that is empowered to operate the activities within their assigned function. Daily activities will focus heavily on request, event and incident management and direction will be provided by the Information Security Manager.

Norton Rose Fulbright is committed to the professional development of its staff. There will be significant development opportunities for the Senior Information Security Analyst role, both through on-the-job learning and targeted training. The CISO team also embraces a mentoring and meritocratic approach. The success of this role is dependent upon building a lasting alignment between information security provisions and business requirements.

• Act as a champion for Information Security best practice and policies.
• Act as an intermediate escalation point and technical mentor for other members of the analyst team.
• Operate and manage security incidents and requests to SLA guidelines.
• Review, action, and escalate any unusual event behaviour identified.
• Assist with development and maintenance of the Firm-wide security infrastructure configuration, policies and procedures, identifying improvements to procedures, and reporting on incidents.
• Actively promote security governance in support of the Information Security policies, to ensure appropriate measures are taken to secure the Firm\'s confidentiality and integrity.
• Encourage cooperative working with all business functions to achieve shared goals, ensuring skills transfer and technical security awareness within the teams. This includes writing process documents and conducting training.
• Work cooperatively with project teams to ensure that new project and changes adhere to Information Security policies and governance standards.
• Identify threats and vulnerabilities.
• Keep a technical industry awareness of security risks and exposures and proactively promote effective counter-measures.
• Configure appropriate security parameters in monitoring systems and act as a technical point of escalation for any alerted issues.
• Perform document reviews and privileged account reviews.
• Demonstrate a willingness to work in a flexible model that supports remote and office-based work while delivering high standards of service.

• At least 5 years\' experience working within Information Security infrastructure or from another technical discipline.
• Proven ability to adapt quickly to emerging threats or new information, shifting focus as needed.
• Demonstrated expertise in Microsoft 365 Defender and Azure Defender for detecting, investigating, and responding to suspicious behaviors and anomalous activities.
• Familiarity with endpoint security solutions and security infrastructure, including EDR, vulnerability management tools, DLP solutions, and removable media encryption.
• Working knowledge of cloud-based web and email filtering solutions (e.g., Zscaler, Mimecast, Proofpoint, Cisco) and securing cloud environments (AWS, Azure, GCP) including configuration management, identity and access controls, monitoring, and incident response.
• Familiarity with cloud security tools (e.g., Microsoft Defender for Cloud, AWS Security Hub) and cloud compliance frameworks (e.g., CIS, CSA CCM) is highly desirable.
• Experience with security automation and orchestration, including scripting languages (PowerShell or Python) and SOAR platforms to streamline incident response and automate tasks.
• Strong knowledge of security technologies (firewalls, IDS/IPS, EDR, SIEM).
• Technical bachelor\'s degree or equivalent IT / Information Security experience (required).
• Security-related certification such as CompTIA Security+, GSEC, CISSP, CISA, CCSP (preferred).
• Good understanding of security frameworks such as ISO 27001, NIST, Mitre (preferred).
• Experience in introducing Information Security improvement through technology and/or processes to move to a proactive security posture.
• Ability to triage and remediate phishing and impersonation attacks in a timely and efficient manner as the risk dictates.
• Experience working with a service management tool.
• Familiarity with legal tech platforms (e.g., iManage, Relativity, NetDocuments) is a plus.
• Keen sense of responsibility and ability to adhere to defined security practices.
• Strong technical security understanding and self-motivation to work calmly and methodically under pressure.
• Excellent interpersonal skills, high integrity, and the ability to communicate clearly at all levels through reports, presentations, and matrixed relationships.
• Skilled in applying an agile approach to task management, with responsiveness to dynamic risk landscapes.
• Cooperative, service-oriented, team player, comfortable working in a geographically dispersed team.
• Good judgement regarding confidentiality and sensitivity of information encountered in duties.
• Adaptable and keen to learn new skills.

We\'re Norton Rose Fulbright - a global law firm with over 50 offices and 7,000 employees worldwide. We provide the world\'s preeminent corporations and financial institutions with a full business law service. At Norton Rose Fulbright, our strategy and our culture are closely entwined. We know that our expansion will mean little unless it is underpinned by truly global collaboration and we understand that pioneering work only takes place when our people have room to move and think beyond boundaries. As well as the relevant skills and experience, we\'re looking for people who are innovative, commercial and value the work that they do. Diversity, Equity and Inclusion information is available here.