Information Technology Security Analyst

Purpose of Role

The Security Analyst will be responsible for managing Governance, Risk, and Compliance (GRC) for the group,

developing and maintaining security policies, and ensuring adherence to industry-standard security

frameworks. The ideal candidate will also possess hands-on technical experience with application and network security, along with expertise in various security solutions.

Key Duties and Responsibilities

The Security Analyst will work professionally under the general guidance of the System Engineer as part of a

cross-functional team to undertake the following general activities:

• Oversee the implementation and maintenance of GRC frameworks and standards.
• Conduct regular risk assessments and audits to identify potential vulnerabilities and ensure compliance with industry regulations.
• Develop and implement effective remediation plans for identified risks.
• Implement and manage security frameworks such as ISO 27001, NIST Cybersecurity Framework, or CIS
• Controls and ensure adherence to industry best practices and regulatory requirements.
• Possess in-depth knowledge of security solutions (Zscaler, CrowdStrike, Rapid7), configure, manage, and troubleshoot these tools to protect the organization's IT infrastructure.
• Craft and implement security policies, standards, and procedures to guide the organization's security practices.
• Demonstrate hands-on technical experience in application and network security, including vulnerability assessment, penetration testing, and incident response.
• Implement and maintain endpoint security solutions, firewalls, and software updates.
• Install, configure, and maintain security software to protect data systems and networks.
• Simulate data loss scenarios to evaluate the effectiveness of existing recovery plans and make necessary adjustments.

Education and Experience

• Bachelor's degree (or equivalent) in information security, computer science, technology, or related fields.
• 5+ years of experience in cybersecurity at a midsize company. This experience should demonstrate:
• Deep knowledge of IT, including hardware, software, and networks.
• Extensive knowledge of security frameworks.
• Ability to identify and diagnose threats using critical thinking and analytical skills.
• Ability to develop effective procedures and plans through strong problem-solving skills.
• Strong oral and written communication skills to: Write reports, Train staff & Collaborate with other IT team members.
• Excellent organisational skills to create clear and easy-to-read reports.
• Knowledge of security solutions such as Zscalar, Crowdstrike and Rapid7 is preferred.
• Ability to work successfully in both individual and team settings.
• Certifications such as CISSP, CISM, or CEH are a plus.

Personal Attributes

• Excellent analytical, troubleshooting, and problem-solving skills within a multi-faceted environment.
• Exceptional customer-centric mindset and passion for customer outcomes and delivery excellence.
• Effective communication and interpersonal skills in dealings with team members, customers and other stakeholders, including tactfully communicating complex/sensitive information.
• Consultative style; positive and professional attitude when working with others in a team environment; respect for each member's contributions.
• Aptitude to learn, with a high level of initiative and creativity to tackle complex problems.
• Self-motivated, highly organised, and independent with the ability to effectively manage own workload and work unsupervised.
• Accountable for deliverables; a cooperative and proactive approach to “go the extra mile” to achieve results.
• Adaptable to the relevant internal procedures of a customer whilst adhering to company procedures.
• A passionate ‘can-do’ mindset focused on understanding and addressing customer needs.

Special Conditions

• The position may involve occasional overseas travel.
• All air travel is economy class.