Cyber Security Associate

We are recruiting for a Cyber Security Associate

Profile Summary

The EIOD-IT Business Security Team has two key areas - Security Operations & Cyber Security Risk. This role reports to the Cyber Security Risk Team Leader, who reports to the Head of Business Security. The Cyber Security Risk function includes participation in relevant IT & business projects and technical consultancy.

Our scope of work is diverse, ranging from working with Business Unit/Country Information Security Officers in Europe, Middle East and Africa (EMEA) to Internal and External Auditors, Legal/Compliance, Human Resources, IT teams and the Head Office Cyber Security team plus many other areas.

This role is part of an increase in Business Security staff headcount to enable us to meet the evolving and increasing requirements in relation to cyber security risk. As part of this expansion, we are dedicating specific team members to key areas that we work with and the role holder will take a lead in at least one of these.

Working in our team provides an excellent opportunity to learn and experience key aspects of cyber security risk management hands-on including the use of our tools (including behavioural analytics, privileged password management, user awareness training, phishing simulation and others) and enhance learning about the legal and regulatory environment such as Operational Resilience.

Business Security is a key function in relation to Cyber Security risk management, an increasingly strong area of focus for senior management. As risks evolve, we require our staff to meet the consequent challenges and changing environment.

**Responsibilities**:

- Cyber Security Risk Management is the key focus area of this role. However, there are no silos in our team and duties can range across all areas of Business Security.
- Work closely with business security management, our auditors and business units, to provide documentation deliverables and other requirements on a timely basis.
- Participate as a key member of the Business Security team in the half-yearly independent assessments of our Information Security Management System in support of our ISO27001 accreditation as requirements evolve. An aspect of this work includes the maintenance and development of our processes and procedures.
- Provide timely and high quality responses to service desk requests and a wide range of requests from management.
- Prepare accurate and timely inputs to the monthly Business Security Management Information Pack.
- Help manage on-going cyber security activities, including cyber incident response management, third party cyber security posture, evolving regulatory requirements, support to the cyber security risk management aspects of major IT and business projects as well as other areas.
- A key Business Security responsibility is participating in a wide range of Cyber Security related activities. This work is evolving constantly and an important aspect of this role is participation in automation and improvement initiatives as part of our 3-year enhancement plans. These include:

- Working with Head Office - enhancing our ability to work more effectively with the Head Office Global Cyber Security team and handling all information requests (for example official circulars, notifications of incidents of compromise, regulatory requirements, surveys, implementation of new systems and ad hoc requests).
- Participation in the further development of the local Cyber Security Strategy including alignment with the Head Office Cyber Strategy.
- Enhancing our lead cyber co-ordination role for EMEA, which involves liaison with the branch Information Security Officers as key points of contact.
- Managing key cyber security initiatives - this additional role will enable us to more effectively deal with the increasing volume of activity in this area. Examples of current and planned initiatives from our extensive Business Security Book of Work include:
Enhancing our cyber security posture in relation to internal (Internal Audit/Head Office) / external (third party consultants/advisers) assessments.

Enhancing our database and security incident monitoring solutions.

Upgrading our staff security awareness training tools for all staff including senior management, from periodic phishing awareness training, cyber incident response management scenario simulations to enhancing social engineering awareness.

Assisting in the enhancement of our automated penetration testing,

vulnerability scanning and patch management in conjunction with our Security Engineering team.

Qualifications, Skills and Experience
- Able to demonstrate practical awareness of risk management, particularly in relation to Cyber Security.
- Prior experience of working in information security with a strong interest and desire to develop further in this area.
- Experience or knowledge of ISO 27001 or similar Cyber Security frameworks/ accreditations.
- Possess or have a strong motivation to attain an indu