Information Security Analyst – Information Security at Entrust

Newbury, England, United Kingdom

Apply Now

Not SpecifiedCompensation

Mid-level (3 to 4 years)Experience Level

Full TimeJob Type

UnknownVisa

Cybersecurity, Identity ManagementIndustries

Requirements

ISO27001 Lead Implementer or Lead Auditor certification
Must be commutable to Newbury, Berkshire, with access to transport
Regular on-site presence (3–4 days per week) for hybrid position

Responsibilities

Operational implementation and maintenance of the Information Security Management System (ISMS) ensuring that controls, processes, and standards are complied with, maintained, current and effective
Reporting of any weaknesses, vulnerabilities, non-conformities or behaviours that undermine the high assurance levels expected of and by Entrust
Proactively identifying InfoSec improvements, efficiencies, savings and benefits
Acting as Deputy Security Officer for the Trust Service Centres (TSC), supporting the Company Security Officer, ensuring that corporate policy and local standards and procedures are upheld and maintained to protect Trust Services
Ensuring conformity to external standards such as ISO27001:2022, tScheme, Cyber Essentials Plus and WebTrust
Daily interaction with the MSO, providing subject matter expertise support, guidance and advice
Supporting security enforcing events such as Key Signing Ceremonies (KSC), Hardware Security Module (HSM) operations, CA builds and off-site Trust Services, including preparation and administration of artefacts and components, management and transfer of security artefacts, HSM management, preparation of security enforcing and audit events, and audits of security artefacts (on-site & off-site)
Analysis of customer-specific security compliance requirements and advising the relevant business owner regarding delivery of such controls
Supporting risk assessments in accordance with the Corporate risk policy and customer requirements
Supporting all internal and 3rd party audits, both in preparation and attendance
Supporting the management and maintenance of all local security and relevant standards, procedures and processes ensuring ongoing compliance with requirements
Developing and delivering local security awareness campaigns, training and briefings
Managing secure destruction and disposal of information assets (paper and media), decommissioning of CA/PKI and related components, in accordance with PKI policy and data retention policy and standards
Coordinating maintenance of technical security and environmental controls such as Alarms, CCTV, Cooling systems, Standby Generator, and Access Control Systems
Supporting Business Continuity and Disaster Recovery (BCDR) plans, tests and maintenance