Security Risk Analyst
The security analyst will develop and maintain Information security policies and procedures for the business and will be responsible to monitor and assist with their implementation, while also managing risk.
You will be responsible for ensuring that IT application software and infrastructure are designed, implemented, and operated in accordance with applicable security standards and practices. This is a hands on role and the candidate will be expected to be able both to propose and implement solutions.
* Implementation of ISO 27001 standards and and achievement of 27001 certification.
* Maintains and enforces the Company's risk management and Information security risk management framework/methodology.
* Documenting and updating security and other related policies and procedures.
* Conduct regular penetration testing on both applications and infrastructure.
* Developing technical solutions to help mitigate security vulnerabilities.
* Exhibits best practice risk management skills through effective internal risk controls, risk monitoring, risk assessment and improvement of risk management processes.
* BS in Computer Science or an IT related discipline
* Minimum of seven years industry experience in a security related role
* Experience with implementing an ISO 27001 standard and conducting risk assessments.
* Experience doing web application and infrastructure penetration testing
* Good knowledge of Open Source Technologies
* Experience or detailed knowledge in the following areas would be expected:
* CISA, CISM or CISSP certification
* OWASP, Cloud Technologies
* Experience in the area of secure coding and secure application development