Security and Risk Analyst

There’s never been a more exciting time to join Homebase. With our new owners, Bunnings, we’re changing how we do things and shifting up a gear. By joining us at the beginning, you’ll be able to help us create the best home improvement and garden business in the UK. And, because we understand that it’s you who will make this happen, you can be sure you’ll be working in a culture that’s geared to helping you give your best.

About the role:

The Security & Risk Analyst role is part of our IT Security & Risk team. The successfully candidate will support the operational analyst in resolving operation security issues. Additionally, the successful candidate will lead the vulnerability\threat management activities including monitoring and security incident management. They will be key in shaping the future security landscape.

As an organisation, our focus is the principle of Security by Design. The role is key to information security strategy going forward and will be responsible for performing privacy impact assessment for new project and initiative as well as security assessment on third-party solutions.

The Analyst will be working closely with both internal and external audit teams, they will lead regularly access and information security checks and ensure risks are mitigated appropriately

The successfully candidate will work very closely with both IT & business team members at all levels, good communication and presentation skills is a must for this role.

You will be required to use your initiative, research and problem-solving skills to resolve problems and issues and create written documentation where required. The position requires a good grounding in computer systems and network security, and requires the ability to adapt to new technologies, learn new procedures, determine the source of problems, come up with both tactical and strategic solutions.

You will be responsible for:

Establish and maintain security technical standards, procedures and guidelines
Provide IT teams with security focused technical support, training and advise to ensure compliance with security standards, policies and legislation
Be the focal point in the continuous improvement of security services delivery and IT Security expertise
Analyse security landscape with a view to updating the corporate security risk register
Monitor internal and external cyber threats and vulnerabilities to ensure our technical controls are aligned
Develop, communicate and operate procedures to counteract potential threats and vulnerabilities.
Work in line with the IT Change Management process to assess changes and ensure relevant security points have been addressed
Advise on and manage any PEN tests or vulnerability testing, run Qualys vulnerability scanning and manage any remediation actions
Leading the security incident response and co-ordinating with third party teams
Part of the Out Hours Support – As per rota

Person specification:

At least 3 years in IT Security/IT Operations, or equivalent position
Information Security Incident handling experience
Track record of writing Information Security Standards, procedures and guidelines
Knowledge of industry recognised security standard such as ISO or COBIT
Strong organisational skills with the ability to plan and coordinate daily tasks and track them effectively
An ability to work independently, when necessary, to solve problems with minimal supervision
Good understanding of networks and firewalls
Consideration will be given to candidates who lack some of the key requirements but whose professionalism and track record indicate their ability to meet the set criteria within a short period.

Qualifications (desirable)

Certified Information Systems Security Professional (CISSP)
MSc Information Security
Vendor technology trained (certifications) e.g. Antimalware, Intrusion prevention, email security management technologies.

What we offer:

24 days’ holiday
Pension
Discretionary Bonus
Life Assurance
Up to 20 % discount in store
Flexible working
Great team dynamics


Apply now