The primary responsibility of the Technical Security Assurance Analyst is to deliver assurance activities across all cyber security services delivered by Group IT Security. You will coordinate with third party providers in order to deliver technical security control assessments for the business in the areas of penetration testing, vulnerability scanning, application security testing and firewall assurance.
- Coordinate with third party providers in order to deliver technical security control assessments in the areas of penetration testing, vulnerability scanning, application security testing and firewall assurance. This involves: Scoping of these tests, Coordinating the timely execution of the testing schedule, Reviewing, prioritising and coordinating remediation of findings and issues
- Conduct IT security control testing and evidence review (e.g. in the area of identity and assess management ) and provide associated improvement recommendations to help ensure controls outlined in the policies and standards are designed and operating effectively.
- Engage and coordinate with Group IT and business divisions to facilitate planning and execution of the security testing activities in order to meet testing schedule and internal audit requirement.
- Track progress and support control owners to implement remediation actions required to close internal and external audit findings in a timely and effective manner.
- Support IT and business transformation projects by performing security assessments and ensuring that controls and security requirements are being implemented through the transformation lifecycle.
- Track and prepare reporting on risk metrics for the assurance programme, to help ensure that senior stakeholders within Group IT and business divisions are aware of key vulnerabilities and risks within the organisation.
- Ensure alignment to the businesses Customer Experience and Treating Customers Fairly (TCF) policy.
- CISSP qualification essential