Cyber Security Analyst

Overview

People. Passion. Pride. This is what has driven our teams since 1833.

Since that time, we have developed to become a critical partner in the global aviation industry, delivering time-critical logistics services at over 290 locations in 65 countries, across 6 continents.

But at the heart of our business is our people.

Role Purpose

Working as part of, and supported by, a global team, based in UK, Kuwait and the US you will be aligned to, and provide support to the regional IT team.

Daily this will involve spending time reviewing and responding to security tickets and alerts primarily raised by our SOC. This may involve investigating using SIEM and EDR tools to understand and resolve the issue.

Weekly, you will be involved in understanding and planning the remediation of any high and critical vulnerabilities identified in the region via tools such as Tenable and Managed Engine.

Monthly you will support the implementation of projects in the region, risk assessing projects and changes at the earliest opportunity to assist with the design and implementation of the relevant security controls.

What You Will Be Doing

• Managing time critical Security Operations, ensuring events and incidents are responded to effectively, playbooks are followed and opportunities for improvement are identified and actioned.
• Ensuring the security architecture is implemented and functioning across the estate and providing the expected detection and prevention capabilities.
• Supporting the designing, management and operation of a global Vulnerability Management Programme. Managing the relevant processes to ensure oversight of the cyber security posture, working with the relevant teams to remediate known vulnerabilities, and reporting monthly to the Chief Information Security Officer quantifying the risk and the progress of remediation.
• Scoping and managing the annual mandatory external testing of cyber security controls on key production systems. Reporting the findings to the relevant stakeholders and managing the required mitigations.
• Analyse and prioritise cyber threat intelligence and disseminate actionable information to the relevant IT teams and system owners to proactively mitigate emerging vulnerabilities.
• Ensure the relevant training and communications materials, informed by current threat intelligence, are available to promote a ‘Cyber Aware' culture within the business.
• Collaborate with other departments such as IT, Development, legal, and Human Resources to ensure that cybersecurity measures are understood and implemented.
• Monitor, measure and advise on the cyber controls of third-party suppliers.
• Meet at least monthly with the regional IT team, to understand the projects and changes that are happening, intervene if necessary to maintain the security by design principle, update the regional risk register and review incidents, threat intelligence or other relevant business
• Maintain and develop cyber governance by:
• Understanding contractual and regulatory cyber compliance requirements to designing and implement the appropriate controls.
• Performing risk assessments for new systems, significant changes, current processes, projects, integrations and update the risk register with findings and propose an appropriate remediation plan.
• Other responsibilities include:
• Management of cyber risk by working with business and IT stakeholders to understand processes, inform on current cyber risk and manage the this to an acceptable level.
• Working with business and IT stakeholders to define metrics and reporting strategies that effectively communicate the value of the security program.
• Consulting with IT and system owners to ensure that their cyber security requirements are factored into the evaluation, selection, installation, and configuration of hardware, applications, and software. Identifying areas for potential improvement.
• Monitoring and reporting on compliance with security policies, as well as the enforcement of policies within the IT department.
• Supporting responses to customer bids, RFQs, and subsequent clarifications.
  
  
  

Would you like to see more detail on the accountabilities of the role? Please see the attached job description for further information

Safety, Security, WellBeing and Compliance:

You will have a responsibility and duty whilst at work to take reasonable care of the health, safety and wellbeing of yourself and others in accordance with provided information, training, and workplace health and safety rules or procedures. The company is committed to providing a safe working environment for all staff members. In all areas of our business there is a potential risk to the health, safety and welfare to everyone on our sites through the misuse of alcohol and drugs. As such the Company prohibits such misuse and carries out regular testing to enforce our Substance Misuse Policy.

Please see the attached job description for further details on safety, security, wellbeing & compliance.

What We Are Looking For

• Education: A degree in IT or cybersecurity is preferred
• Professional Certifications Relevant certifications such as CISSP, CISM, CISA, CEH, or others are highly valued.
• Ability to manage and support a security operations team.
• Ability to manage the performance of third-party service delivery partners.
• Ability to communicate effectively to a range of audiences.
• Undergraduate Degree in an IT or cyber security discipline, or equivalent experience and relevant qualifications.
• Knowledge of common information security management frameworks, such as International Standards Organization (ISO) 27001, the IT Infrastructure Library (ITIL), or the National Institute of Standards and Technology Cybersecurity Framework.
• Keep abreast of regulations affecting cybersecurity (e.g., GDPR) and ensure the company's adherence to these and other relevant standards.
• Understanding of networks, systems, applications, and Cloud technologies.
• Familiarity with the principles of cryptography.
• Knowledge of security testing.
• Experience working and learning within a fast-moving, changeable environment with new technology/services/infrastructure/priorities and working practices (processes).
• Excellent organizational, planning, and administrative skills and a good eye for detail.
• Highly analytical with the ability to influence, challenge, and implement change.
• Experience in dealing with work of a confidential and sensitive nature.
  
  
  

Diversity

MenziesAviation are a committed equal opportunity employer and encourage applications for suitably qualified and eligible applicants regardless of sex, race, disability, age, sexual orientation, gender reassignment, religion or belief, marital status, pregnancy, and maternity. We strive to create an inclusive working environment, where the different knowledge, perspectives, experiences, and approaches of our global workforce are represented. Where everyone feels valued and can reach their full potential.

Please be aware that as part of our recruitment process, we may look to use a variety of resourcing tools to help us understand your skills and experience in relation to the role. Please feel free to contact to recruiter below, if there are any reasonable adjustments to our process that you would like us to consider.

As part of our recruitment process, we will always consider how candidates fit with our values which you can learn more about here.

Application Instructions

Is this role ticking all the boxes for you? If so, please click apply now!