Job Description Job Title: Security Analyst – Identity Management

advertisement
Job Description
Job Title:
Grade:
Security Analyst – Identity Management
Technology Adviser
Details
The Security Analyst will participate in the Identity Management functions for the Information
Security team, overseeing compliance with IM policy and Joiners, Leavers and changes processes.
Job Details








To monitor and maintain the security of Student Loans Company information systems.
Development, maintenance and promotion of technical ICT security procedures in response
to defined risk, threats and technological requirements.
Representation at the ICT Security Group as a point of contact for IT security matters.
Provision of timely advice across the business on security issues.
Contribute to security management processes across ICT departments.
To coordinate the use of external suppliers to provide security support, consultancy and
services for security.
To respond appropriately to security incidents, ensuring escalation and remediation
activities.
To monitor and assess the impact of vulnerabilities and work with ICT to coordinate
appropriate remedial actions.
Key Accountabilities






Report on compliance with attestation requirements, maintain a master role definition for
systems and assist in reporting on the above.
To enforce and interpret technical policies and standards and promote compliance in line
with Government security (i.e. HMG Security Policy Framework (SPF) and Infosec Standards),
corporate policies and corporate or local procedures and legal and international security
standards (i.e. ISO27001, COBIT),
Maintain and monitor security tools in conjunction with the ICT technical teams including
configuration of such tools.
Assess technical security risks in terms of impact to systems and service confidentiality,
integrity and availability, and report and escalate results of risk assessments.
To run the Security Incident Process for any real or potential security breaches in identity
access management, providing information and leadership to ICT teams ensuring that
appropriate remedial steps are taken.
Produce, review and constantly evaluate effectiveness and efficiency of technical security




controls, standards and procedures in line with security requirements, business needs,
delivering enhancements where applicable.
Assist in the provision of designs and technical solutions in support of corporate security
policies and external standards.
Active sponsor of continuous process improvement, in relation to security matters, within
ICT.
Provision of consultancy, advice and guidance to ICT technical teams involved in the design,
development and delivery of SLC products and services.
Provide ICT security advice and consultancy on a day to day basis.
Essential Skills / Experience / Qualifications







Practical experience in Information Security.
A good ICT background in ICT infrastructure (UNIX, NT, Windows, LAN/WAN/VLAN, firewalls,
web servers, IDS etc) and/or systems and application development (Oracle, Java, UNIX,
Notes, web services etc).
Knowledge of current security standards.
A proven track record of analysis of requirements and implementing solutions to security
requirements.
Experience in developing of technical security documentation and review of ICT technical
documentation.
Knowledge of security monitoring tools.
Preferably holder of CISSP qualifications
About SLC
Student Loans Company is a non-profit making Government-owned organisation set up in 1989 to
provide loans and grants to students in universities and colleges in the UK. We are responsible, in
partnership with Local Authorities in England and Wales, the Student Awards Agency for Scotland,
the Education and Library boards in Northern Ireland, the Higher Education Institutions and HM
Revenue & Customs, for student support delivery in the UK.
Download