- Contract Type
- Permanent
- Contract Type
- Mon-Fri 08:30-17:00 or 09:00-17:30
- Location
- Chorley - Hybrid
- Department
- Governance & Security
Summary
We are an innovative and market leading software & services company based in Chorley serving clients in the utility sector ranging from new entrants to large existing suppliers. We deliver sophisticated software solutions and managed services in a Private Cloud infrastructure, servicing both traditional and modern real-time, smart energy clients.
Given the ongoing situation with COVID, you will initially work remotely, with dedicated support being provided by a senior team member by way of Teams, Slack, Phone, Screensharing etc. Our goal will be to return to our Chorley based office in the coming months, which is where you will be based. However, there will still be an option of working remotely when this happens under ESG’s Hybrid Remote Working Policy. During your probation period, which is 6 months, you will be expected to attend the office frequently for training.
Security Compliance Analyst will be responsible for supporting ESGs compliance with external legal, regulatory, and applicable standards and internal compliance with ESG policies within the ISMS.
Position Responsibilities
Essential Functions
- Assist with annual ESG SEC CIO security assessments, including supporting the collation and presentation of evidence from required departments
- Assist with annual ESG SEC IPA privacy assessment, including supporting the collation and presentation of evidence from required departments
- Assist with maintaining, identifying, designing, documenting and implementing security related policies and procedures in line with ISO27001 and ISO9001 standards
- Liaising and supporting the Clients through the SEC CIO assessment lifecycle, with potential of attending client assessments.
- Liaising and supporting the ESG Professional Services team to support client readiness to complete the SEC CIO assessments.
- Liaising and supporting the ESG Professional Services team to deliver internal and external projects, ensuring compliance with security and privacy requirements.
- Assist with ensuring specific clients maintain compliance with privacy obligations within the SEC.
- Assisting with analysis of Security Threats and supporting mitigating actions.
- Undertake risk assessments on compliance controls in line with ISO27005 standards
- Assist with all aspects of GDPR Compliance
- Assist with all aspects of ISO27001 and ISO9001 Compliance
- Assist with all aspects of Smart Energy Code (SEC) Security and Privacy Compliance
- Assist with ensuring compliance of suppliers providing key services to ESG
- Collate and present compliance metrics
Experience
- 2-3 years experience in a role involving Information Security and/or Data Privacy.
- A successful candidate is likely to have Information Security and/or Data Privacy audit experience e.g. ISO 27001, ISAE3402, SOC2
- Managing security requirements and traceability for formal compliance
- Working to tight deadlines
- Policy creation and maintenance
- Analytical thinking and attention to detail
- Strong communication skills, both written and verbal
- Strong client facing relationship skills
- Must be able to work independently and as part of a team communicating with all levels of staff.
- Beneficial: Experience of working within a SOC
- Beneficial: Experience of network monitoring toolsets
- Beneficial: Knowledge of network protocols
- Beneficial: Smart Energy Code
- Beneficial: Smart Metering / Utilities
Education
- A successful candidate is likely to hold, or be working towards Information Security and/or data privacy qualifications such as
- ISO 27001 Lead Auditor, ISO 27001 Lead Implementer, CompTIA Security+, SSCP
- Knowledge of GDPR Compliance
- Knowledge of ISO 27005 Risk Methodology
- Knowledge of Security Threat Management
- Knowledge of ISO 27001 / ISMS implementation and compliance
ISO Awareness
- Follow IMS Policies
- Reporting of Incident
- ISO Responsibilities
- ISO Staff Awareness