Security Analyst

GRC Security Analyst

We are seeking a highly skilled and motivated GRC Security Analyst to join our team. As a GRC Security Analyst, you will be responsible for ensuring the security and compliance of our systems, identifying and mitigating threats and vulnerabilities, and contributing to the overall security posture of the organization. This is an exciting opportunity to work in a dynamic and growing company, collaborating closely with the DevOps team and reporting to the Security Operations Manager.

**Responsibilities**:

- **Conduct analysis of threats and vulnerabilities**:Monitor, analyze, and respond to security incidents, threats, and vulnerabilities. Conduct investigations to determine the root cause and implement appropriate remediation measures.
- **Implement and maintain security services**:Collaborate with the DevOps team to design, implement, and maintain security services to safeguard critical systems. This includes configuring and managing security tools, monitoring systems, and incident response procedures.
- **Contribute to SecOps and DevOps projects**:Participate in SecOps and DevOps initiatives such as phishing campaigns, maintenance of security compliance software and policies, and infrastructure optimization for security best practices.
- **Design and optimize Cloud infrastructure**:Collaborate with the DevOps team to design and optimize Cloud infrastructure, including building pipelines for security best practices like end-to-end auditing, static code analysis, and vulnerability scanning.
- **Improve release processes**:Enhance release processes through efficiency improvements, analysis, and implementation of security best practices.
- **Monitor and troubleshoot solutions and infrastructure**:Proactively monitor and troubleshoot our solutions and infrastructure for threats and vulnerabilities, ensuring timely response and resolution.
- **Assist with security guidelines and certifications**:Support Business Fitness Information Security guidelines, certifications, auditing, and standards. Ensure adherence and compliance to standards, policies, and procedures.
- **Collaborate with cross-functional teams**:Work collaboratively with Business Fitness team members and other areas of the business to ensure project goals and business objectives are achieved.

**Requirements**:

- Demonstrated commercial experience in software delivery and development, including knowledge of secure coding practices. Experience with business analysis, secure software architecture, and Agile methodologies (particularly Scrum) is preferred.
- Strong understanding of security technologies, tools, and trends. Experience with security compliance software, end-point security, Office 365 management, and Active Directory configuration is desirable. Familiarity with configuring and managing SSO (Single Sign-On) is a plus.
- Excellent analytical skills with the ability to gather requirements and analyze complex security issues. Effective written and verbal communication skills are essential.
- Dedicated, positive, and enthusiastic attitude with a strong work ethic. Must be autonomous, self-motivated, and demonstrate dynamic problem-solving skills. Ability to cooperate, collaborate, and work towards common goals with others.
- Tertiary qualifications in Computing Science, Engineering, or Business schools are required. Microsoft certifications and SecOps/DevOps training are beneficial.
- Familiarity with platforms such as OneTrust Tugboat, KnowBe4, Active Directory, and Azure AD is advantageous. Experience with ISO renewal and knowledge of security frameworks like Essential 8 and Cyber Essentials is a plus.
- Familiarity with security-related workflows in Jira is preferred.

**What to expect in the first few months**:

- Implement WAF (Web Application Firewall) for enhanced security.
- Manage patch management.
- Handle end-point security measures.
- Explore potential projects in the UK market.
- Contribute to the setup of new resources and teams.
- Develop expertise in the GRC space and contribute to pipeline development.
- Update policies and aligning