Cyber Security Analyst (2192)

  • Location: Gloucester
  • Duration: Permanent
  • Working hours: 35 hours per week, Monday to Friday
  • Application end date: 18/06/21

About the role

To deliver a Cyber Security service to all areas of Ecclesiastical Insurance Group aligning with Industry Standards (e.g. ISO27001/2).

Key Accountabilities

  • To support the Group Cyber Security Manager in defining and maintaining the Group’s overarching cyber security standards and ensure that these are adopted on a Group-wide basis;
  • Participate in Business & IT Projects as directed by the Group Cyber Security Manager providing technical advice and challenge on all aspects of Cyber Security within timescales and budget;
  • Produce written reports highlighting Cyber Security risks and recommending areas of improvement internally and externally;
  • Perform Internal Audits relating to Cyber Security risks across Business and IT and produce relevant Audit actions.
  • To resolve allocated Cyber Security support calls within SLAs;
  • To perform Due Diligence on External Suppliers providing appropriate feedback to the Business Owner and supplier and produce risk recommendations that protect and enable the business;
  • To support the Group Cyber Security Manager in managing internal and external exercises to verify our compliance to Cyber Security standards, policies and report findings;
  • To work with the Group Cyber Security Manager in managing Cyber Security incidents, taking control when the Group Cyber Security Manager is not available, including out of office hours, and provide reporting of events;
  • Contribute to the delivery of Cyber Security awareness and education programme in line with identified business needs;
  • Provide consultancy on Cyber Security to all areas of the Group for both planned and ad-hoc activity;
  • Liaise with all areas of the Group, providing expertise, assistance and guidance to ensure that all aspects of Cyber Security is considered by the other areas;
  • As directed work with Human Resources to identify and monitor breaches of policy leading to potential loss of confidential/commercially sensitive material.

Key Performance Indicators

  • Maintenance of policies, standards and regulatory compliance across all areas of the Group for Cyber Security;
  • Delivery and maintenance of security due diligence reports on External Suppliers.
  • Minimise the impact of any Cyber Security incidents that take place;
  • Highlight risk or compliance issues to the appropriate areas when they are identified.

Knowledge, Skills & Experience

  • Qualified, working towards or desire to study CISSP, CSLLP, CISM, CISA, QiCA other IT audit qualification or equivalent;
  • Thorough understanding of the concepts and current experience of working in Cyber Security in a business environment; 
  • Experience in managing stakeholder relationships at all levels;
  • Excellent analytical, problem solving, decision making and judgement skills;
  • A credible and trustworthy individual who can engage with and gain the confidence of colleagues at all levels across the Group;  
  • Flexible, resilient and able to work under pressure.