Menu
Warning This job advert has expired and applications have closed.

Cyber Security Testing Assurance Analyst

Job details
Posting date: 14 August 2024
Salary: Not specified
Additional salary information: Excellent Benefits and Bonus
Hours: Full time
Closing date: 04 September 2024
Location: Crawley, West Sussex, RH10 1EX
Remote working: Hybrid - work remotely up to 2 days per week
Company: UK Power Networks
Job type: Permanent
Job reference: 79354_1723621107

Summary

Cyber Security Testing Assurance Analyst

Reference Number - 79354

This Cyber Security Testing Assurance Analyst will report to the Cyber Security Testing Manager and will work within the Information Systems directorate based in our Crawley office. You will be a permanent employee.

You will attract a salary of £49,600.00 and a bonus of 7.5%. This role can also offer blended working after probationary period (6 months) - 3 days in the office and 2 remote

Close Date:06/09/2024

We also provide the following additional benefits

  • 25 Days Annual Leave plus bank holidays

  • Personal Pension Plan - Personal contribution rates of 4% or 5% (UK Power Networks will make a corresponding contribution of 8% or 10%)

  • Tenancy Loan Deposit scheme

  • Tax efficient benefits: cycle to work scheme

  • Season ticket loan

  • Occupational Health support

  • Switched On - scheme providing discount on hundreds of retailers products.

JOB PURPOSE:

The Testing Assurance Analyst will support the Cyber Security Testing Manager in ensuring that a strong cyber security posture is maintained across the UK Power Networks (UKPN) IT estate, by identifying cyber security weaknesses and vulnerabilities and guiding actions to mitigate the risks and avoid disruption to the integrity and availability of the IT services that are crucial to delivering UKPN services to customers.

DIMENSIONS:

  • People - work collaboratively in a team of circa 10 permanent and temporary cyber security testing and assurance resources.

  • Financial - no direct budget responsibility.

  • Suppliers - regular interaction with third party suppliers commissioned for meeting specialist testing and assurance requirements.

Principle Responsibilities:

  1. Compliance: work with service owners and the Technology team to ensure the IT estate complies with current UKPN technical standards, driving and tracking remediation actions required to mitigate identified weaknesses and vulnerabilities.

  2. Penetration testing: help develop red and purple team penetration testing exercises, aligned to important industry cyber security threat intelligence.

  3. Vulnerability management: help develop vulnerability management, ensuring that all known security vulnerabilities are identified, assessed, prioritised and tracked to remediation against UKPN policy.

  4. Identity and access management: help develop identity and access management across UKPN, ensuring alignment with appropriate policies.

  5. Business Forensics: work with HR and the Data Privacy Officer to complete approved requests for information from the wider business, ensuring that sensitive data is handled according to policy.

  6. Analysis: analyse risks associated with vulnerabilities, develop and present reasoned remediation steps, track progress and escalate to ensure remediation activities are completed according to set timescales

The Information Systems Department works across UK Power Networks, supporting us in the achievement of our vision to remain the best performing Distribution Network Operator (DNO). The team achieve this through the provision of technology solutions, and the optimisation of current solutions to improve how we operate. Continuous improvement, customer service and seamless delivery is at the heart of this ethos and are therefore strongly underpinned by effective cyber security.

Qualifications:

  • Experience in cyber security within enterprise environments, including Azure Cloud and Office 365. Should understand these platforms and how to utilize their security features including defender for identity.

  • Bachelor's Degree in Cybersecurity, Computer Science, Information Systems, related field or equivalent training and/or experience.

  • A comprehensive understanding of Identity and Access Management and the implementation of it in an enterprise environment.

  • A basic knowledge of compliance regulations, such as Cyber Essentials, PCI DSS, and GDPR to be able to confirm data is being handled in a compliant manner.

  • Experience with network and infrastructure security principles, such as firewalls, intrusion detection and prevention systems, and access control.

  • Knowledge of security tools, such as Vulnerability detection, scanning and remediating, penetration testing tools, and forensic tools to help assess and validate security posture.

  • Experience working in a team environment and with range of internal and external individuals and teams.

  • Demonstrate strong time management skills, prioritise tasks effectively

  • Show good self-motivation and initiative, including a desire to embrace continuous learning and development, whilst achieving results.

We are committed to equal employment opportunity regardless of race, colour, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status. We are proud to be an equal opportunity workplace.