Information Security Analyst - Policy and Standards

Coventry Walsgrave Triangle
13 Apr 2018
17 Apr 2018
Contract Type
Full Time
Working within the Standards and Compliance team, you will support thecreation and review of Information Security Policy, Standards andSecurity Design guidance documentation. You will research InformationSecurity best practice by investigating and analysing technologies (inuse, planned and emerging) within Sainsbury's. Support the education ofColleagues through awareness training and the provision of advice toensure the secure use of technology.What I need to do Research of Information Security best practice for technologies usedby Sainsbury's Create a research knowledgebase Co-ordination of internal projects and work streams Triage team inbox and be the first point of contact for the Standards team Support creating appropriate Policy, Standards and Security Designguidance documentation to support Sainsbury's Colleagues in implementingthe appropriate Administrative, Logical, and Physical controls Engage with the assessment, review and updating of existing Policy,Standards and Security Design guidance documentation Analyse new technologies and develop process and guidance for thetools being brought into service by Sainsbury's Group and support theirsecure use through the creation of relevant documentation Implement Industry best practice and update existing Standards andSecurity Design documentation used by Sainsbury's Group Identify technology Owners, Services and Infrastructure and provideconsultation services to Sainsbury's Group regarding the mostappropriate use of technologies and advise them of Information Securityservices offered by Sainsbury's Support the implementation of ISO 27001 Understand the relevant Legislation and Regulations regarding the useof Information Technology and the Protection of Data Support the implementation of the General Data Protection Regulations A flexible outlook may be required when dealing with Investigations orIncidents out of hours Travel to different sites as and when required Have involvement with all Information Security functions includingProjects, SOC and Security Testing to ensure Policies, Standards andAwareness initiatives support their requirements and processesHow I will succeed Enjoy delivering a professional Information Security service to Colleagues Effective creation and review of Policies, Standards and Documents Successful completion of allocated tasks Compliance with Sainsbury's Information Security Standards Recognition as an Information Security professional Continuous personal development Keeping up to date with latest industry knowledge and trends Excellent feedback from customers Talkback 360 degree feedback from colleaguesWhat I need to know Degree or relevant industry experience (Info Sec, IT or technology projects) Professional Security qualification (Current CISSP or CISM) Knowledge of ISO 27001 Knowledge of Data Protection Act and PCI DSS Knowledge of General Data Protection Regulation (GDPR) Knowledge of the principles of Information Security in a commercial environment Understanding of network architecture, protocols and principles Understanding of Security risk analysis techniquesWhat I need to show Creating and reviewing Information Security Policy and Standards A demonstrable interest in Information Security Proactively taking responsibility, owns any issues arising and followsthrough to resolve them (get the required result) and recognises howindividual responsibility impacts team delivery and inspires others todo the same Works collaboratively with a range of people to support the widerbusiness agenda Ability to think pragmatically, methodically and logically andcommunicate well using spoken and written wordResources available to me Software licences, hardware, documentation and management tools ofrelevance to the role 3rd party service providers (as appropriate) Proactive Information Security teamWhat decisions I can make Risk analysis quantification Workload management Points of escalation*LI-SS - provided by Dice CISM, CISSP, DEGREE, INFORMATION SECURITY, RISK ANALYSIS