The Company Health Partners (OH), have been delivering occupational health services for 18 years, building our reputation for quality. Founded by health professionals we are proud to help our clients reduce absence, mitigate risk, and boost their productivity through occupational health and wellbeing. Having specialist expertise in a range of sectors including aviation, construction, charities, emergency services, engineering, manufacturing, financial and professional services, public sector, retail, and utilities, makes us one of the leading OH providers in the UK.
The Role We are recruiting for an IT Security Analyst who will own the IT security function within the business, including management of vulnerability assessments, investigations, auditing of IT Security controls and responding to client IT security enquiries. They will work with IT management and the CISO to contribute to the continuous improvement of the security posture of our services and environment.
Duties and Key responsibilities: • Take ownership of IT security monitoring and governance within the organisation • Understand security threat intelligence to ensure the company is in strong position to mitigate threats • Lead the ongoing improvement of the vulnerability management programme. • Manage Penetration and vulnerability testing across our Estate & application. • Lead in the creation and adoption of security policies, standards and processes throughout the business • Define operational security requirements and implement appropriate controls • Monitor for security incidents and take part in incident response teams to contain, investigate, and prevent future security incidents • Identify solutions and controls which promote security automation. • Make recommendations as to how we can improve security within our environment. • Engage with and respond to client requests for IT security related information and complete the IT sections of information security supplier due diligence questionnaires • Provide information security related input to change boards
Qualification and essential skills required: • Experience working within an ISO27001 ISMS governed environment • Improving IT security controls, performing continuous risk assessments and managing risk treatment plans • Understanding of security technologies and principles in application, infrastructure, network, endpoint security and cloud • Experience working with Azure & Microsoft 365 and their associated security consoles • Strong communication skills across the business • Ability to champion and complete implementation of compliant process and procedural changes across a busy IT team.
Desirable skills: • CISSP, CISM, CISA or other qualifications are advantageous but not essential • Awareness of NIST framework • Knowledge of SIEM Systems.