Information Security Compliance Analyst (12 months FTC)
Techtronic Industries (TTI)
Maidenhead SL6, UK
Published 4 weeks ago
Compliance Management Systems / Technology
TTI is a fast growing world leader in Power Tools, Accessories, Hand Tools and Outdoor Power Equipment for Do-It-Yourself (DIY), professional and industrial users in the home improvement, repair, maintenance, construction and infrastructure industries. Powerful brands, innovative products, exceptional people and operational excellence: We are dedicated to improving the lives of homeowners and tradespeople around the world. Join us and become a part of our success story.
KEY RESPONSIBILITIES:
The primary responsibilities of the Information Security Compliance Analyst include-
Assist with a project to improve our Business Continuity / Disaster Recovery capability and ensure our strategy and plans are re-developed to suit.
Compliance Management - Regularly review business processes and systems to ensure ongoing compliance with specific regulatory or compliance frameworks, examples are:
Drive our 3rd Party Risk Management process:
Identity and Access Management:
On occasion - assist with the investigation, remediation and documentation of any security incidents.
On occasion - assist with formulating and enacting the response to a BCP scenario.
Suggest and contribute to Cyber Security and IT process improvement initiatives.
WHAT YOU'LL NEED:
To have 3+ years' experience working in a Cyber Security focussed role
To have a practical understanding of the European General Data Protection Regulation and other Data Protection regulations.
Possess a good level of understanding of some of the most frequent regulatory or compliance requirements (PCI, ISO, NIST, SOX, CE etc)
Experience maintaining an organisations adherence to common Cyber Security compliance standards
Experience administering user Identity and Access Management (Preferably Microsoft AD/ AAD and AWS)
Experience writing IT / IT Security Policies
A structured and organised working style.
The ability to work simultaneously on several projects and work streams.
The ability to work independently with appropriate direction and supervision, seeking guidance when required for unusual or unfamiliar situations.
The ability to explain complex technical requirements and concepts in clear and simple language.
The ability to analyse and represent data in engaging visual formats.
A keen interest IT Security and compliance; and a desire to be a lifelong learner, taking advantage of self-study and other training opportunities to develop your career in Cyber Security.
Familiarity with Project planning / delivery methodologies and software tools an advantage
Comfortable with occasional travel within Europe.
Fluency in German or Polish an advantage; knowledge in European languages other than English desirable.
#LI-SK1
#LI-HYBRID
If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!
KEY RESPONSIBILITIES:
The primary responsibilities of the Information Security Compliance Analyst include-
Assist with a project to improve our Business Continuity / Disaster Recovery capability and ensure our strategy and plans are re-developed to suit.
Compliance Management - Regularly review business processes and systems to ensure ongoing compliance with specific regulatory or compliance frameworks, examples are:
- PCI
- ISO 27001
- CE
- GDPR
- Cyber Resilience Act
- Network & Information Systems Directive
- EU Data Act
Drive our 3rd Party Risk Management process:
- Conduct monthly retrospective checks for onboarded low-risk Suppliers
- Review submitted information and issue approvals for onboarding medium-risk suppliers
- Co-ordinate and carry out detailed technical reviews for high-risk Suppliers
- Ensure new project implementations maintain adherence to our published technical guidance
- Escalate and if necessary, document exceptions when a project is going to be outside of these.
Identity and Access Management:
- Active Directory Account Audit - regular review to ensure account creation and removal processes are being adhered to.
- Quarterly review of all locally managed user Databases - ensuring any leavers / job changes are being reflected in these locally managed systems.
- AD Permissions Audit - Ensure the Principal of Least Privilege is being adhered to, and that user role changes are being reflected in their NTFS Permissions.
- Monthly review of stats on our Cyber Security Dashboard and investigate where required
- Re-develop existing policies - introduce Bite-Size policy guides (to accompany the existing technical guidance) on the Cyber Website
- Maintain these new Bite-Size Guides to ensure alignment with future compliance requirements.
- Maintain wider (full) policy documents to ensure alignment with future regulatory requirement
On occasion - assist with the investigation, remediation and documentation of any security incidents.
On occasion - assist with formulating and enacting the response to a BCP scenario.
Suggest and contribute to Cyber Security and IT process improvement initiatives.
WHAT YOU'LL NEED:
To have 3+ years' experience working in a Cyber Security focussed role
To have a practical understanding of the European General Data Protection Regulation and other Data Protection regulations.
Possess a good level of understanding of some of the most frequent regulatory or compliance requirements (PCI, ISO, NIST, SOX, CE etc)
Experience maintaining an organisations adherence to common Cyber Security compliance standards
Experience administering user Identity and Access Management (Preferably Microsoft AD/ AAD and AWS)
Experience writing IT / IT Security Policies
A structured and organised working style.
The ability to work simultaneously on several projects and work streams.
The ability to work independently with appropriate direction and supervision, seeking guidance when required for unusual or unfamiliar situations.
The ability to explain complex technical requirements and concepts in clear and simple language.
The ability to analyse and represent data in engaging visual formats.
A keen interest IT Security and compliance; and a desire to be a lifelong learner, taking advantage of self-study and other training opportunities to develop your career in Cyber Security.
Familiarity with Project planning / delivery methodologies and software tools an advantage
Comfortable with occasional travel within Europe.
Fluency in German or Polish an advantage; knowledge in European languages other than English desirable.
#LI-SK1
#LI-HYBRID
If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!