Our client, a large and growing software house has created this brand-new role as their approach to regulatory and cyber risk continues to deepen. Reporting to Chief Information Security and Data Protection Officer, you will have the opportunity to influence and deliver new capabilities around the company's cyber security and data protection organisational controls.
This is not a hands-on technical role, but you will need a good understanding of the technologies that underpin businesses, and how to control any inherent risks. As the Cyber Security and Data Protection Analyst, you will have strong awareness of data protection, risk management, cyber security regulations, frameworks, and good industry practices. By forming productive working relationships with stakeholders around the business and beyond, you will be able to recognise risks and where improvements can be made.
Cyber Security and Data Protection Analyst Responsibilities
Be the first contact for customer assessments such as cyber security, ESG, risk management, data protection.
Develop and maintain a knowledge base for efficient handling of relevant customer due diligence audits.
Perform assessments of control measures for partners and vendors, including cyber, data protection, and business continuity.
Maintain and manage a schedule of policy reviews and updates, including legal requirements, modern slavery statements, DORA, and GDPR.
Maintain a register of data processors for, working closely with our legal team and partner managers.
Assist in managing and reporting security and data protection incidents with relevant parties and the DPO.
Serve as the main contact for initiating and advancing data protection impact assessments for all group companies.
Collaborate with IT Services Cyber Engineers to establish and manage an internal vulnerability testing program based on policy, adopted standards, or contractual obligations.
Coordinate external penetration tests with departments, CISO/DPO, and vendors.
Cyber Security and Data Protection Analyst Requirements
In-depth understanding of information security industry frameworks.
Understanding network infrastructures, security protocols, and controls.
A solid grasp of system and device monitoring principles, with the ability to present relevant metrics to audiences of varying technical knowledge.
Proficient in using common business applications, including Microsoft Office Suite and Power BI.
Knowledge of the EU or UK GDPR and UK Data Protection Act.
Knowledge of basic system exploits and mitigations, scanning, pen testing.
Familiarity with or exposure to standards, such as ISO27001/22301, SOC 2, or Cyber Essentials.
A good understanding and exposure to risk management methodologies
Formal qualifications in cyber risk management or data protection would be beneficial, but are not a requirement of the role.
Formal training or qualifications in project management or system auditing, such as CISA, would be very beneficial, but again are not a requirement.
This role offers a salary of up to £45,000, commensurate with experience as well as excellent benefits. The company is based in Worcester and you will be required to be in the office at least 2-3 days a week, more to begin with.
