SOC Analyst Level 2/Compliance Cyber Security Analyst
Home based role.
A great opportunity to join our operational security team to support our initial and ongoing assessment of Operational Security controls against Cyber Security best practice, Organizational Policies, and recognized Security Frameworks, working with relevant stakeholders to identify areas for improvement, and support development, enhancement and implementation of robust security controls.
In addition, this role will identify areas of improvement within the Operational Security function, proactively identifying opportunities to enhance and optimize internal processes, ensuring that they are both efficient and effective.
This role is crucial in ensuring that even the most sophisticated cyber security controls are robustly implemented and enhanced.
What You'll Be Doing:
Verification and Compliance:
'-Verify that systems and processes meet specified security requirements.
'-Assess the correctness of cyber security risk assessments and risk management plans.ul>
Auditing and Assurance:
'-Conduct cyber security audits to find suboptimal testing, monitoring, and management of security controls.
'-Present clear audit findings to technical staff and management.ul>
Risk Management and Education:
'-Assess threats and vulnerabilities, focusing on risk management.
'-Identify points of potential weakness and effective areas for investigation.
'-Play a role in delivering training to embed security practices.ul>
Relationship Management:
'-Meet with teams to identify potential risks, issues or concerns.
'-Collaborate with various teams to ensure identified security improvements are progressed.ul>
Continuous Improvement:
'-Continuously evaluate People, Processes and Technological controls to identify area for improvement.
'-Develop efficient and effective solutions with stakeholders.ul>
What we're looking for:
'-Proven experience in SOC, cyber security, compliance, and continual improvement.
'-Exposure to various industries and regulatory environments is beneficial.
'-Ability to perform security audits, including technical assessments and compliance checks.
'-Collaborate with cross-functional teams (IT, legal, compliance) to achieve security goals
'-Excellent interpersonal skills with ability to explain technical problems to non-technical stakeholders at all levels.
'-Strong written and oral communication skills
'-Active SC Clearance, or ability to obtain SC clearanceul>
Experience of following Cyber Security Frameworks:
'-NIST Cybersecurity Framework (CSF): Understand the five core functions of Identify, Protect, Detect, Respond, and Recover. Familiar with the framework's guidelines for managing and reducing cyber risks, in particular NIST 800.53.
'-ISO/ IEC 27001: Comprehend the international standard for information security management systems (ISMS). Knowledge about risk assessment, controls, and continuous improvement.
'-CIS Controls: Be aware of the Centre for Internet Security's critical security controls. These provide a prioritized approach to enhance cyber security posture.
'-COBIT (Control Objectives for Information and Related Technologies): Understand the framework for governance and management of enterprise IT.ul>
Preferred Qualification:
'-SANS Certification
'-CISSP, CISA, or CRISCul>
About Capita Technology and Software Solutions (TSS) and CISO
Capita Technology and Software Solutions (TSS) is a newly formed global shared service, responsible for delivering innovation and digital transformation for Capita's businesses and clients. We work collaboratively with Capita's divisions to shape the right digital technology solutions to help clients work differently, engage differently, sell differently and to be resilient to whatever next comes their way.
Within Policy, Governance and CISO our key capabilities are