Search by job title or keyword
Cyber Security Analyst
Cyber Security Analyst
We’ve been reinventing shopping experiences for over a century. Technology has played a huge part in that, helping us transition from catalogues’ to pureplay online retail, but we’re not the finished article.
As the UK's largest integrated retail and financial services provider, we have a pretty unique position across three huge industries (retail, technology and credit) and our ambition is bold, to build the number one shopping destination for shoppers who value credit anywhere online. But we believe with our passion and track record for reinvention, we can improve how the world pays and shops for the things they love. Think you can help us? Read on...
Responsible for the provision of expert advice on, the selection, justification, implementation, operation and assurance of group wide information security controls, processes and management strategies to maintain confidentiality, integrity, availability, and accountability, in order to protect company assets in line with applicable legislation, regulation and relevant best practice standards.
Here you will provides leadership in relation to cyber security incidents and works effectively with business functions at all management levels to provide authoritative advice and guidance on the requirements for security controls and best practices.
This role is accountable for implementing the cyber security strategy and mitigation activities across the Group, partners and third-party suppliers to ensure that Information Security is relevant and cost-effective.
Additionally you will be responsible for providing 2nd/3rd line response to cyber security incidents in support of 3rd party security suppliers and any future operations hub.
There may also be the need for Day to day maintenance, tuning and monitoring of security tooling.
- An excellent broad understanding of the Information Security industry and specifically, a solid understanding of UK regulations and compliance.
- Experience of contributing and improving the Information Security agenda within a corporate organisation.
- Basic commercial knowledge with the ability to understand and integrate business and security strategies.
- Experience of carrying out Cyber Incident Response activities
- Able to produce high quality written reports of a technical and non-technical nature.
- Incident response qualification (SANS GCIH or equivalent) or demonstratable experience.
- Knowledge of latest trends, technologies and threats.
- An understanding of the concepts of Cyber Threat intelligence and threat hunting.
- Knowledge of the tools, tactics and techniques used in cyber-attacks.
- Malware behavioral analysis knowledge would be beneficial.
- Experience of security tooling e.g. WAF, endpoint protection, network behavior analysis.
- Good technical understanding of development and operational platforms including the Cloud.
Day to day responsibilities:
- Leading and managing incident response activities.
- Staying abreast with information (cyber) security issues, and legal and regulatory changes affecting UK financial services, and engaging in professional development to maintain professional skills and knowledge essential to the position.
- Reviewing, updating and delivering the group wide Information and Cyber Security risk framework. Maintaining and improving the Information Security policy and associated standards and guidelines
- Protection of the group’s assets (people, physical, informational and IT systems) from identified risk by implementing and gaining assurance on appropriate security controls.
- Assisting Information Security Risk Assessments on new business applications, IT changes, and group projects, identifies residual risk and recommending appropriate mitigating action.
- Maintenance and improvements of the Security Operations Team to identify potential breaches for further investigation.
- Maintain and improve the Vulnerability Management processes to identify vulnerabilities on IT systems and recommend appropriate mitigating action.
- Lead incident response activities.
- Developing play books to assist in the investigation of incidents.
- Point of escalation from level 1 security function (3rd party or internal).
- Tuning, maintenance and monitoring of all security tooling.
- Use of threat intelligence to inform pro-active threat hunting activities.
- Contribute to investigations, analysis and reviews following actual or alleged breaches of security controls, threats to the business, and manages security incidents.
- Prepares recommendations for appropriate control improvements, involving other teams as required.
- Works with IT, Legal and Fraud teams to provide investigation support.
- Conducts and reports on IT and Information Security policy assurance.
- Assists in continuous group wide threat assessments to identify and report on risk appetite position.
- Identifies, tracks and reports IT and Information Security risk and mitigating options.
- Generous and competitive starting salary
- Regular salary reviews and career progression
- Flexible benefits allowance £1000 (can take a part as salary uplift)
- Life Assurance / Private Medical
- Bonus up to 14%
- Matched pension at 6%
- Brand discount up to 25%
- Cycle to work scheme
- 30days holiday + bank holidays
- Free on-site parking *subject to post code
- Free on-site gym
- Discounted coffee houses and food outlets
- Flexible working*
How to apply.
If you're interested to find out more please contact Steven Williams in the talent acquisition team at The Very Group or apply online.
If you are an internal candidate looking to refer someone in please follow the referrals process and guidelines
Please note that the talent acquisition team are managing this vacancy directly, and if successful in securing this position, you may be required to undertake a credit, CIFAS and CRB check.
We're an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, colour, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.