Euromoney Institutional Investor

  • Information Security Analyst

    Job ID
    Sep 2018-8035
    Department
    Euromoney Institutional Investor
    Location
    London
    Contract Type
    Permanent Full-Time
    Category
    IT/Web Development
  • Job Advert

    ABOUT EUROMONEY

    Euromoney Institutional Investor PLC is listed on the London Stock Exchange and is a member of the FTSE 250 share index. It is an international business-to-business media group focused primarily on the asset management, banking and commodities sectors under brands including Euromoney, Institutional Investor and Metal Bulletin.  It is a leading provider of economic and investment research and data under brands including BCA Research, Ned Davis Research. The group also runs an extensive portfolio of events for the financial and commodities markets. Its main offices are in London, New York, Montreal, Hong Kong and Sofia.

     

    Euromoney is a dynamic organisation with a newly independent status, following a share buy back from DMGT plc, and ambitious growth plans.

     

    ABOUT THE FUNCTION

    The Group’s Central Technology function works with and complements the business focused (outward) Divisional technology teams. It is principally responsible for delivering core shared services (inward) across the Group. Due to its group wide coverage it is able to leverage economies of scale and provide subject matter expertise in a range of core disciplines.

     

    The Service Delivery team provides core shared infrastructure and security services across the divisions. It delivers reliable, secure and cost effective core services (e-mail, file+print, end user computing, back-office applications, infrastructure and networks). The DevOps team support and maintain the centrally hosted divisional websites, providing 24x 5 coverage. The Information Security team develops, implements and maintains security controls to mitigate the ever-increasing risk of cyber threats.

     

    The Central Platforms team support and maintain the Group’s suite of centrally developed platforms (publishing and subscription management), used extensively across the divisions. The platforms are developed in line with business demand. The team is also responsible for maintaining and iterating development best practice and quality standards, sharing and promoting their adoption across the divisions.

     

    The Project Management Office is responsible for overseeing the portfolio of central technology projects, providing expert guidance and support to the project management team and stakeholders to deliver projects to time, budget and quality.

     

    The Central Technology function also oversees risk, audit, compliance and disaster recovery processes across the Group, working closely with the Risk function and divisional teams.

     

    THE ROLE

    This is a core role as an analyst and consultancy professional in the IT Security Team.

     

    The Junior Information Security Analyst will work with the IT Security Manager to identify IT security risks and recommend remediation activities to reduce risk to an acceptable level.

     

    Overall the Information Security Analyst must have:

    ·         A breadth of experience across a wide range of infrastructure technologies implementing enterprise scale technical solutions in a multi-tier, multi-platform environment

    ·         A good knowledge and understanding of Windows Server and associated Windows enterprise technologies in a networked, enterprise environment

    ·         Experience of configuring and supporting firewall and intrusion prevention/detection technologies

    ·         Current knowledge of security industry threats and trends and vendor landscape

    ·         Stays current with thinking and technology through continuing education, self-study, participation in industry events, and attendance at conferences as appropriate for level of responsibility

    ·         Demonstrable analytical capabilities

    ·         Some experience in cyber incident management including

    ·         Perform advanced diagnosis and remediation planning on security incidents

    ·         Operate, maintain and troubleshoot the SIEM environment

    ·         Understanding of Privileges and Rights in Windows AD primarily and other directory services

     

    ·         The role sits under the Central Technology.

     

    PRINCIPLE RESPONSIBILITIES

    ·         Work with the business as well as IT professionals in communicating flaws in security across systems, applications and infrastructure.

    ·         Recommend changes which will reduce the likelihood and impact of a serious incident occurring

    ·         Be enthusiastic about the security industry, coupling good analytical skills and excellent interpersonal capabilities to present a “can do” attitude

     

    The key areas include:

    • Identification of IT security risks to ensure that security measures and controls are in place to reduce risk to an acceptable level
    • Design and implementation of security controls
    • Assessing compliance against group information security baselines
    • Vulnerability management
    • Configuration reviews of firewall, AV, web content filter & other security tools
    • Effectiveness reviews of technical security controls
    • Auditing of access control systems
    • Daily review of critical security logs
    • Incident response and analysis supporting departments such as IT Operations and HR
    • Researching new technologies that will effectively protect the network and IT systems
    • Risk assessment of third-party suppliers
    • Identification of IT security risks to ensure that security measures and controls are in place to reduce risk to an acceptable level
    • Participate in the review and creation of enterprise security documentation
    • Assist the IT Security Manager with the development and implementation of the IT security strategy
    • Work with the operational teams to ensure that all technology and process controls are implemented, configured and maintained
    • A broad range of information security topics and activities including compliance with PCI DSS and Information Security baselines

     

    SKILLS/

    EXPERIENCE REQUIRED

    • Ability to work independently on defined tasks and can be relied upon to deliver high quality results
    • Enthusiastic about the security industry and driven to continue learning and developing new skills
    • Knowledge of industry security frameworks including Critical Security Controls for Effective Cyber Defense, ISO27001, NIST800-53
    • Ability to quickly understand and adapt to a complex and rapidly changing environment
    • Demonstrable problem solving, analytical skills and attention to detail
    • minimum of 3 years experience in various technologies AND concepts including but not limited to:
      • Firewalls & Intrusion Detection/Prevention

    ·         Malware protection

    ·         Virtual technologies

    ·         System hardening

    ·         Web application firewalls

    ·         Log management & SIEM

    ·         Vulnerability management

    • Experience in installation, configuration and troubleshooting of tools such as firewalls, SFTP, AV, web content filters and others
    • A good understanding of access and authentication technologies and concepts (active directory, multiple factor authentication etc)
    • A good understanding of privileged access management
    • Basic understanding of scripting (example power shell)
    • Experience in auditing of security controls
    • Understanding of PCI
    • Strong experience in dealing with various stakeholders at different levels
    • A working knowledge of both the operations and digital technology environment
    • Experience in working in a team-oriented, collaborative environment
    • Highly self-motivated, high achiever
    • Good written and oral communication skills in English
    • Delivering good customer service
    • Good knowledge of Microsoft Excel and ability to use pivot tables and VLOOKUP’s to manipulate large sets of data
    • Technical IT knowledge and aptitude

    KNOWLEDGE/
    QUALIFICATIONS

    One or more of the following:  GIAC certification/SANS training, CISSP, CISM, CISA, CRISC

    PERSONAL ATTRIBUTES

    ·         Professional

    ·         Reliable

    ·         Self-motivated

    ·         Manage and distill complexity

    ·         Strong communicator and listener

    ·         Analytical (with attention to detail)

    ·         Results driven

    ·         Persistent

    ·         Honesty and integrity

    ·         Self-awareness

    ·         Team player

    ·         Positive attitude

     

    KEY STAKEHOLDERS

    ·         Central Technology management team

    ·         Divisional (business) stakeholders

    ·         Vendors /suppliers

    ·         Central Technology Finance Manager

    ·         Project team, Project Board (as necessary)

     

    RESOURCES INCLUDING TEAM MANAGEMENT

    N/A

     

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed