Cyber Security Analyst

**Overview**

Reporting to the Chief Information Security Officer as part of the Enterprise Business Services team you will be responsible for proactively identifying, reporting, and managing the cyber risk.

**Principal Responsibilities**
- Continuous improvements to Menzie's overall operational cyber security
- Ensuring the security architecture is implemented and functioning across the estate and providing the expected detection and prevention capabilities.
- Supporting the designing, management and operation of a global Vulnerability Management Programme. Managing the relevant processes to ensure oversight of the cyber security posture, working with the relevant teams to remediate known vulnerabilities, and reporting monthly to the Chief Information Security Officer quantifying the risk and the progress of remediation.
- Scoping and managing the annual mandatory external testing of cyber security controls on key production systems. Reporting the findings to the relevant stakeholders and managing the required mitigations.
- Analyse and prioritise cyber threat intelligence and disseminate actionable information to the relevant IT teams and system owners to proactively mitigate emerging vulnerabilities.
- Ensure the relevant training and communications materials, informed by current threat intelligence, are available to promote a ‘Cyber Aware' culture within the business.
- Collaborate with other departments such as IT, Development, legal, and Human Resources to ensure that cybersecurity measures are understood and implemented.
- Monitor, measure and advise on the cyber controls of third-party suppliers.
- Management of cyber risk by working with business and IT stakeholders to understand processes, inform on current cyber risk and manage the this to an acceptable level.
- Maintain and develop cyber governance
- Education: A degree in IT or cybersecurity is preferred
- Professional Certifications Relevant certifications such as CISSP, CISM, CISA, CEH, or others are highly valued.
- Ability to manage and support a security operations team.
- Ability to manage the performance of third-party service delivery partners.
- Ability to communicate effectively to a range of audiences.
- Undergraduate Degree in an IT or cyber security discipline, or equivalent experience and relevant qualifications.
- Knowledge of common information security management frameworks, such as International Standards Organization (ISO) 27001, the IT Infrastructure Library (ITIL), or the National Institute of Standards and Technology Cybersecurity Framework.
- Keep abreast of regulations affecting cybersecurity (e.g., GDPR) and ensure the company's adherence to these and other relevant standards.
- Familiarity with the principles of cryptography.
- Knowledge of security testing.
- Experience working and learning within a fast-moving, changeable environment with new technology/services/infrastructure/priorities and working practices (processes).
- Excellent organizational, planning, and administrative skills and a good eye for detail.
- Highly analytical with the ability to influence, challenge, and implement change.
- Experience in dealing with work of a confidential and sensitive nature.
- Proficient in English with secondary language of Cantonese preferred.

**Diversity**

Please be aware that as part of our recruitment process, we may look to use a variety of resourcing tools to help us understand your skills and experience in relation to the role. Please feel free to contact to recruiter below, if there are any reasonable adjustments to our process that you would like us to consider.

**Application Instructions