Security Compliance Analyst

Contract Type: Permanent
Contract Type: Mon-Fri 08:30-17:00 or 09:00-17:30
Location: Chorley - Hybrid
Department: Governance & Security

Summary

We are an innovative and market leading software & services company based in Chorley serving clients in the utility sector ranging from new entrants to large existing suppliers. We deliver sophisticated software solutions and managed services in a Private Cloud infrastructure, servicing both traditional and modern real-time, smart energy clients.

Given the ongoing situation with COVID, you will initially work remotely, with dedicated support being provided by a senior team member by way of Teams, Slack, Phone, Screensharing etc. Our goal will be to return to our Chorley based office in the coming months, which is where you will be based. However, there will still be an option of working remotely when this happens under ESG’s Hybrid Remote Working Policy. During your probation period, which is 6 months, you will be expected to attend the office frequently for training.

Security Compliance Analyst will be responsible for supporting ESGs compliance with external legal, regulatory, and applicable standards and internal compliance with ESG policies within the ISMS.

Position Responsibilities

Essential Functions

Assist with annual ESG SEC CIO security assessments, including supporting the collation and presentation of evidence from required departments
Assist with annual ESG SEC IPA privacy assessment, including supporting the collation and presentation of evidence from required departments
Assist with maintaining, identifying, designing, documenting and implementing security related policies and procedures in line with ISO27001 and ISO9001 standards
Liaising and supporting the Clients through the SEC CIO assessment lifecycle, with potential of attending client assessments.
Liaising and supporting the ESG Professional Services team to support client readiness to complete the SEC CIO assessments.
Liaising and supporting the ESG Professional Services team to deliver internal and external projects, ensuring compliance with security and privacy requirements.

Assist with ensuring specific clients maintain compliance with privacy obligations within the SEC.
Assisting with analysis of Security Threats and supporting mitigating actions.
Undertake risk assessments on compliance controls in line with ISO27005 standards
Assist with all aspects of GDPR Compliance
Assist with all aspects of ISO27001 and ISO9001 Compliance
Assist with all aspects of Smart Energy Code (SEC) Security and Privacy Compliance
Assist with ensuring compliance of suppliers providing key services to ESG
Collate and present compliance metrics

Experience

2-3 years experience in a role involving Information Security and/or Data Privacy.
A successful candidate is likely to have Information Security and/or Data Privacy audit experience e.g. ISO 27001, ISAE3402, SOC2
Managing security requirements and traceability for formal compliance
Working to tight deadlines
Policy creation and maintenance
Analytical thinking and attention to detail
Strong communication skills, both written and verbal
Strong client facing relationship skills
Must be able to work independently and as part of a team communicating with all levels of staff.
Beneficial: Experience of working within a SOC
Beneficial: Experience of network monitoring toolsets
Beneficial: Knowledge of network protocols
Beneficial: Smart Energy Code
Beneficial: Smart Metering / Utilities

Education

A successful candidate is likely to hold, or be working towards Information Security and/or data privacy qualifications such as
ISO 27001 Lead Auditor, ISO 27001 Lead Implementer, CompTIA Security+, SSCP

Knowledge of GDPR Compliance
Knowledge of ISO 27005 Risk Methodology
Knowledge of Security Threat Management
Knowledge of ISO 27001 / ISMS implementation and compliance

ISO Awareness

Follow IMS Policies
Reporting of Incident
ISO Responsibilities
ISO Staff Awareness

Apply Now Email to a friend