Job Description

Job Title: Senior Security Analyst

Grade: <TBC>

Details
About SLC
Student Loans Company is a non-profit making Government-owned organisation set up in 1989 to provide loans and grants to students in universities and colleges in the UK. We are responsible, in partnership with Local Authorities in England and Wales, the Student Awards Agency for Scotland, the Education and Library boards in Northern Ireland, the Higher Education Institutions and HM Revenue & Customs, for student support delivery in the UK.
Core responsibilities:
·  Take a leading role in ensuring SLC systems and data are secure from internal and external threat actors
·  Monitor SLC networks and systems for threats and take corrective action
·  Undertake technical risk assessments of SLC systems and communicate findings to senior stakeholders
·  Monitor the changing threat landscape to identify and report emerging threats and issues Drive improvements in SLC’s security posture through enhancements to security tools
·  Key stakeholder of technical vulnerability management process
·  Ensure that security risks are reduced or mitigated through effective security practices
·  Contribute to security strategy and security tooling selection
·  Organise, scope and execute vulnerability assessments and penetration testing
·  Collaborate with internal stakeholders to effectively communicate security issues
·  Form part of Security Incident Response team when required
·  Provide ICT security advice and consultancy on a day to day basis.
·  Maintain technical policies and standards and promote compliance in line with Government security, corporate policies and corporate or local procedures and legal and international security standards.
·  Ensure security systems and processes are compliant with PCI-DSS
·  Mentor junior team members
What do you need to apply?
·  A strong background in Cyber and Information Security
·  Experience of security in a DevOps & Agile environment is preferred
·  A comprehensive knowledge of technology enabled controls i.e. IDS, IPS, Encryption, Cryptography, Key management, Wireless comms, Penetration Testing, Firewalls
·  Experience in design and implementation of Infrastructure, Network and Application Security policies
·  A comprehensive knowledge of current industry security standards (ISO27001, PCI-DSS)
·  Good working knowledge of OWASP Top 10
·  Knowledge of the latest industry vulnerabilities, anti-virus software & malware protection
·  Experience of performing security reviews and risk assessments
·  Experience in detecting, managing and resolving security-related incidents using threat analytics
·  Good analytical and reasoning skills
·  A professional security qualification is desirable (e.g. CISSP, CISM, Certified Ethical Hacker)
·  Excellent presentation skills including the ability to articulate complex security principles to a diverse audience.