Report this ad

About the role
The Senior Security Assurance Analyst will support the Security team in all aspects of Security Assurance to protect the services and data of our organisation and customers against unauthorised use, disclosure, modification, damage, and loss.
The successful candidate will be responsible for developing, implementing, and assessing security measures to protect information assets from security threats. The role will require excellent analytical and investigative skills along with a good working knowledge of Information Security practices.
The Senior Security Analyst will be expected to make positive and effective contributions within the following security practices and activities:
Security Risk Management
* Contributing to the development and ongoing maintenance of the organisation's security risk register.
* Identifying, analysing, and evaluating strategic and operational risks.
* Conducting policy exception reviews.
Security Controls, Policies and Standards
* Designing, developing and documenting security controls, policy documents, standards and guides.
* Designing control maturity tests and conducting control maturity assessments.
* Conducting annual policy reviews.
Threat Modelling
* Contributing to the creation of data flow diagrams.
* Evaluating technical and organisational changes to identify threats, vulnerabilities, and countermeasures.
* Analysing and processing threat intelligence.
Security Control Assessments of Suppliers and Third Parties
* Identifying and managing weaknesses within the supply chain.
Certification Programmes
* Contributing to internal and external audit activities relating to all applicable certification programmes, including ongoing compliance to ISO27001:2022, Cyber Essentials Plus, and SOC 1 Type 2.
Security Incident Response
* Major incident response coordination and management.
* Supporting security incident reviews.
Security Awareness Training
* Managing policy awareness campaigns.
* Producing awareness material.
* Supporting phishing campaigns.
Commercial Engagements
* Contributing to client-facing commercial engagements in relation to the various aspects of our information security posture.
* Providing consultancy to internal stakeholders and assistance in responding to customer questionnaires and general queries relating to Information Security.
* Contributing to customer audits.
* Creating and maintaining knowledge articles and other collateral relevant to Zellis security.
Issues Management
* Managing security related issues, ensuring that issues are reviewed, assigned, monitored, and progressed appropriately.
Reporting
* Contributing to the production and reporting of security metrics.
* Developing and maintaining dashboards.
Project Management
* Assisting in all aspects of Security projects and service improvements as required.
* Attending Change Advisory Boards.
* Attending Technical Design Authority reviews.
* Providing consultancy to project boards.
* Maintaining Security project portfolios.
Skills and experience required
Essential Functional / Technical Skills
- Recognised qualification in relevant technical discipline; or the equivalent combination of education, professional training and minimum 3 years work experience in a similar role.
- Understands current and emerging Security practices and standards, including ISO27001:2013/2022, CSA, Cyber Essentials, and NIST principles.
- Understanding of emerging technologies and general network and infrastructure knowledge.
- Cyber-security knowledge across multiple practices, including Threat Management and Security Operations.
Business Knowledge
- Thorough understanding of the Zellis ISMS and control framework.
- Good understanding of Zellis products, services and system architecture.
- Awareness of Zellis 3rd parties (customers, suppliers, and partners).
- Good working knowledge of the procedures and tools used within the security practice.
Personal Attributes / Competencies
- Excellent communication skills and a team player.
- Takes ownership of issues and is proactive.
- Ability to be creative.
- Focus on 'making it count,' ensuring that actions create positive outcomes.
About us
Zellis is the leading provider of payroll and HR solutions for the UK & Ireland. Together with Benefex and Moorepay we form the Zellis Group, serving a vast array of companies across every vertical and industry. Our purpose is to power exceptional employee experiences so that our customers and their people do better.
We have over 50 years of heritage and industry experience and weve been ahead of the curve throughout. More than half a century ago, we were founded as Peterborough Data Processing. Quite a lot has changed since then not least our name. We were acquired by Northgate, becoming NorthgateArinso in 2007 and NGA Human Resources UK and Ireland in 2014, where we were joined by Moorepay. In 2018, the UK and Ireland division was sold to Bain Capital and now we operate as a standalone company, Zellis. After acquiring Benefex, were now even better equipped to serve the complex needs of our customers.
Our vision is to be the clear leader in pay, reward, analytics, and people experiences. Were proud of our culture and we work hard to create an environment where people want to join, belong to, and be part of a progressive organisation. Our values, which were defined with input from all of our 2,000 colleagues, are not empty words on a poster:
- Unstoppable together.
- Always learning.
- Make it count.
Salary package
- Competitive base salary.
- 25 days annual leave, plus your birthday off + bank holidays.
- Private medical insurance.
- Life assurance 4x salary.
- Enhanced pension.
- Range of additional flexible benefits