Information Security Analyst

Function: Digital Strategy

Role Title: Information Security Analyst

Reports To: Technical Information Security Manager

Salary: Grade 7

Overview:

Information Security (IS) is fundamental to protecting the confidentiality, integrity and availability of the university's IT systems and data. IS works across all technologies to ensure appropriate levels of security are implemented and maintained. From project support to awareness IS deliver security services across the university.

This is a role with a high level of autonomy, analysing and managing a significant number of high risk and sensitive enquiries and incidents, often utilising complex tooling. Driving improvements to the management and understanding of information security across the organisation. Frequent interactions with senior stakeholders and customers including university staff, academics, students as well as third parties. This role is pivotal in securing our network and infrastructure and will lead improvements in the way we identify and manage threats to our information and systems.

Responsibilities

• Develop technical information security capabilities, strategies, standards, methods, tooling, and processes that will improve performance and efficiency of the information security function, considering changes to regulatory requirements, the threat landscape and technological advances.
• Maintain awareness of current security technologies, threats and trends and use this knowledge to proactively seek out security weaknesses in technology, processes and working practices and implement corrective measures to enhance the University's security posture.
• Consult on projects, providing authoritative, expert, advice on cybersecurity controls and issues to increase the organisation's overall security posture and to drive adherence to security policies, standards and guidelines.
• Lead investigations into security incidents and requests having a perceived security impact, including investigation of network and platform specific security issues.
• Coordinate the cyber incident response capability, acting as a point of contact for security incidents, ensuring relevant information is communicated to senior stakeholders in a timely manner, assisting in secure restoration of business capabilities following a cyber incident and overseeing the continual improvement of the Cyber Incident Response Plan and runbooks.
• Proactively liaise with business, IT teams and third parties to understand technologies, business needs, processes, and dependencies to ensure advice given is professionally sound and appropriate to the university's needs.
• Identify business practices that result in incidents and requests that are challenging from a security perspective and recommend improvements to reduce incidents and improve efficiency and effectiveness.
• Develop and communicate corporate information security policy, standards and guidelines. Consult and advise on exceptions to technical security policies and standards and oversee escalation and approval processes. Maintain a registry of exceptions and continuously track them.
• Oversee security related tooling and processes as well as maintaining various security related registers and records.
• Maintain and operate a regular vulnerability scanning and penetration testing schedule including development of test scopes, facilitation and coordination of testing and managing remediation of test findings.
• Track and report on trends in security posture. Formulate and oversee appropriate responses to changes in the security position.
• Act as a point of contact in audits and liaising with external auditors providing information and documentation as required.
• Represent information security at relevant governance forums and committees, preparing and delivering management information as required.
• Deputise for the Technical Information Security Manager and Head of Information Security and as required.
• Undertake any other duties commensurate with the role as advised by the Head of Information Security or Technical Information Security Manager as required.

Equality, Diversity, and Inclusion Statement

One of our strategic ambitions, articulated in our current strategic framework, is to advance equality, diversity, and inclusion (EDI). This includes achieving greater diversity within our workforce and creating an inclusive working environment service wide. We will create a culture that is collaborative and innovative and that adapts to the changing needs of our clients. EDI will be fundamental to this culture. In this role you can expect to contribute to our thinking and be challenging on how Salford can transform the way it addresses equity disparities, embraces diversity, and becomes more inclusive.

The University of Salford is committed to an inclusive approach to equality and diversity. We make every effort to form shortlisting and interview panels that are diverse in terms of gender, age, ethnicity, nationality, and socio-economic background.