Information Security Analyst

About us

We’re The Very Group and we’re here to help families get more out of life. We know that our customers work hard for their families and have a lot to balance in their busy lives. That’s why we combine amazing brands and products with flexible payment options on Very.co.uk to help them say yes to the things they love. We’re just as passionate about helping our people get more out of life too, building careers with real growth, a sense of purpose, belonging and wellbeing.

We are looking for an Information Security Analyst who will be responsible for delivery of all areas of Information Security policy and procedure at The Very Group. With particular focus on Vulnerability management, Penetration testing and the assurance of the identity access management processes.

For this role you will have the following responsibilities:

• Arrange and where directed manage cyber threat assessment activities.
• Deliver vulnerability assessments, arrange penetration tests and red/purple team exercises within The Very Group
• Cover for the Information Security Specialist where required.
• Be accountable for fixes and decisions relating to vulnerability assessment services.
• Assist in producing security assurance metrics related to threat and vulnerability assessments and provide key stakeholders with performance data as required by the Head of Information Security and manager.
• Support teams within IT Security in the production and maintenance of Security Procedures, Guidelines, Work Instructions, Working Practices and other operational documentation.
• Provide information to other teams within IT Security as required to support development of threat intelligence, security strategy and all service improvement activities.
• Responsible for delivering threat and vulnerability assessment services and assuring they are frequently reviewed and where required service improvement plans are implemented.
• Assist in the establishment and maintenance of IT Security standards and policies.
• Key contributor in various facets of Security incident response including notification, escalation response and post incident review.
• Provide general advice and guidance on IT Security related matters as and when required.
• Assist and support Threat Hunting and Digital Forensics as directed by the Security Operations Lead.
• Managing and develop IAM/ PUAM functions
• Ensuring the business is compliant with all issues relating to IAM/ PUAM including legal and regulatory changes affecting UK financial services and engaging in professional development to maintain professional skills and knowledge essential to the position.
• Build relationships across TVG to support essential security policy adherence

Requirements

What you’ll bring

• A broad understanding of the Information Security industry and specifically, a solid understanding of UK regulations and compliance.
• Experience of contributing and improving the Information Security agenda within a corporate organisation
• The ability to understand and integrate business and security strategies.
• Experience in IT Security Vulnerability Management.
• Strong knowledge of security vulnerability assessment tooling, report analysis and remediation plans.
• Good understanding of networking concepts and enterprise IT systems including OS (Windows, Mac, *nix)
• Knowledge of Windows Active Directory and Linux identity management
• Experience with Identity management and privilege user access management in an enterprise environment would be advantageous.
• Experience in the implementation and day to day running of IAM/ PUAM tooling
• Experience of cloud based IAM especially with AWS and Office 365
• An understanding of incident response procedures and standards and the managing of information security and privacy incidents.
• Excellent interpersonal skills
• Information Security and /or Information Technology industry qualification would be advantageous (such as CISSP or CISM) or equivalent time served

Benefits

Some of our benefits