Information Security Analyst

Purpose of Job

HH Global has a requirement for an Information Security Analyst to help us ensure that our information security policies, procedures, standards and threat defences are reviewed, maintained and continuously improved to provide an information security management system of excellence. The individual will assist us with threat discovery and analysis and ensure we continue to be compliant with ISO27001:2022.

You will be responsible for supporting the overall enhancement and assurance of Information Security. The role includes developing, maintaining, enforcing Information security standards and procedures in line with ISO27001:2022 ISMS and SOC 2 Type II standards, industry best practice and stakeholder requirements; the provision of expert advice to projects within HH Global including evaluating, reviewing, recommending and setting baselines for new security technologies for use within the business.

This role includes a collective oversight of IT Security Governance, risk management, compliance and assurance including the technical and organisational controls assuring the confidentiality, integrity and availability of information assets. The Information Security Analyst is also responsible for providing expert guidance and techniques and presenting efficient and pragmatic change recommendations to stakeholders enabling them to own and manage their information security requirements and controls to change or improve our ISMS.

You will be required to implement security controls and work alongside the IT engineers and Security Operations Center to enhance the infrastructure and improve practices where possible. The successful candidate is expected to have experience within an IT technical background to allow a good understanding on how to improve and maintain security posture from a security and technical perspective. This role will be based hybrid in our Chicago Headquarters. You must be legally authorized to work in the United States without the current or future need for employer sponsorship.

Key Responsibilities

• Review and risk assess information security reports and dashboards to identify threats, vulnerabilities and opportunities for improvement regarding information security threat defences.
• Assess, investigate and support security incidents and vulnerabilities.
• Support and collaborate with our Security Operations Center to respond to incidents and requests, and to improve our organizational security posture.
• Review, manage and implement security controls to cloud technologies.
• Support, control and evaluate IT Security operations.
• Organization and management of penetration tests and vulnerability management reports.
• Implement controls, policies and recommendations of security findings to improve the organization security posture.
• Assist in the development of plans to safeguard information security assets against accidental or unauthorised modification, destruction, or disclosure and to meet emergency data processing needs.
• Assisting in the development, recommendation and implementation of Information Security framework for HH Global, in line with IS027000 series principals and good practice disciplines, including overarching policies, procedures, guidelines, awareness and training plans, security monitoring processes, privacy regulations and overall security infrastructure recommendations.
• To work collaboratively or independently as part of the Information Security and Risk team to ensure the design, delivery, implementation and operational testing of agreed security strategies meet the business needs.
• Assist with assessments of Information Security controls to ensure they meet the legislative and regulatory compliance and propose remedial actions surrounding identified deficiencies.
• Monitoring security compliance through ongoing security control reviews and risk assessments, change management reviews and working closely with the ISR team to advise on Information Security issues that require support and closure.
• Assisting with the development of policies based on audit findings;
• Assisting with risk assessments;
• Assisting with the review, approval and implementation of IT changes with security conscious principles applied.
• Assisting with the support and ongoing maintenance of the ISO27001:2022 ISMS
• Contribution to Information Security strategy, overseen by the Global Head of Information Security and Risk.

Knowledge, Skills + Experience

• Excellent attention to detail, analytical skills and an ability to analyse complex technical information to identify patterns and trends.
• An ability to work under pressure, particularly when dealing with security threats and at times of high demand.
• Knowledge of ISO 27001:2013 / 2022 frameworks, associated legislation and good practice standards together with good core knowledge of web and network security plus excellent general information security knowledge.
• Knowledge of SIEM platforms such as Splunk and Microsoft Sentinel to derive the best value out of the tools for identifying security risks, malicious activity, and system misconfigurations within the information assets.
• Experience of Microsoft 365 security tools such as Microsoft Defender for Endpoint, Microsoft Intune and Microsoft Defender for Cloud Apps.
• Knowledge of Endpoint Detection and Response (EDR) configuration to monitor, detect and block cyber security threats.
• Managing and reporting from vulnerability management platforms, such as Qualys VMDR.
• Respond to security incidents and events, including triage, containment, and remediation activities.
• Working knowledge of hardware and software security products.
• Security hardening knowledge of IT systems, including but not limited to endpoints, servers and networks.
• Knowledge of Internet Security and Web Content Filtering Controls
• Knowledge of Data Loss Prevention (DLP) controls.
• Experience with evaluating Threat Intelligence response and ways to manage them.
• Investigate security alerts and provide incident response.
• Monitor identity and access management, including monitoring for abuse of permissions by authorised system users.
• Test and evaluate security products.
• Assist with the creation, maintenance and delivery of cyber security awareness training for colleagues.
• Give advice and guidance to staff on issues such as spam and unwanted or malicious emails.
• You will be expected to work independently or as part of a team and will be able to quickly research and assimilate new information, keeping abreast of rapidly changing situations and work themes.
• You will have a diplomatic manner and strong interpersonal and communication skills that enable you to work with a wide range of people to deliver high profile pieces of work within pressured time frames.
• Excellent IT skills, including knowledge of computer networks, operating systems, software, hardware and security.
• An understanding of the cyber security risks associated with various technologies and ways to manage them.
• A good working knowledge of various security technologies such as network and application firewalls, host intrusion prevention and anti-virus.
• Written communication skills, for example to write technical reports.
• Time-management and organisational skills to manage a variety of tasks, prioritise workload and meet deadlines.
• Excellent attention to detail, analytical skills and an ability to analyse complex technical information to identify patterns and trends.
• An ability to work under pressure, particularly when dealing with threats and at times of high demand.

Company Benefits

• Healthcare, Dental, Vision Insurance.
• Short-term and long-term disability coverage.
• 401k with discretionary company match.
• 16 days of PTO with 9 company holidays + 3 floating holidays.

Compensation

For U.S based applicants: The U.S base salary range for this position is $75,000 to $85,000 annually. Actual compensation packages are based on a variety of factors that are unique to each candidate, including skill set, experience, education, certifications and work location. This range may be different in other locations due to differences in the cost of labor.

Application Process

Your application will be reviewed by a member of our Recruiting Team and we'll reach out to you directly if there's a fit for the position. We're using video conferencing software to conduct many of our interviews, but all interviews will be live with a member of our Recruiting or Hiring teams.

Key skills/competency

• Information Security Analyst
• ISO 27001
• SOC 2
• Risk Management
• Vulnerability Management
• Incident Response
• SIEM
• Microsoft 365 Security
• Endpoint Detection and Response (EDR)
• Cyber Security Awareness Training