Information Security Analyst
The Information Security Analyst – ISO27001, PAS1192-5 will support the information security across the HS2 Main works project. With particular emphasis and experience in ISO27001 & PCI DSS. You will have the opportunity to drive through security standards, processes and continue to assess any requirements. You will be dealing with Information Security Audits, carrying out regular IT Security Audits and implementing information security policy & guidelines following best professional and industry practice. You will report to the Head of Cybersecurity and resilience. Ensuring that existing and new systems introduced into the SCSJV Main works project adhere to the security controls mandated by the SCSJV security policies and procedures.
- Responsible for implementing and maintaining ISO 27001Cyber Essentials and PAS1192-5.
- Arrange and manage the Pen testing with approved providers
- Responsible for implementing and maintaining the ISO 27001, ensuring the ISMS is kept current and up to date.
- Implement information security policy, including best practice and processes.
- Provide information and cybersecurity support with regards to statutory and legal requirements, such as GDPR.
- Work with functional departments to ensure the consistent application of information and cybersecurity policies and standards across all technology projects, systems and services
- Foster Information Security awareness to minimise cyber risks and give to SCS JV staff and supply chain in Information security and cybersecurity matters.
- Be able to work with the customer HS2 and relevant SCS JV departments such as physical security, IT internal audit, HR, document management, enterprise risk management, data privacy protection and respective supply chains on Information Security related topics
- Perform threat identification and vulnerability, ensuring that security vulnerabilities are raised to internal teams and 3rd party suppliers and remediated according to agreed timescales.
- We are working with internal and external teams to mitigate and control Cyber Security incidents.
- Participate in Threat and risk assessment of information security assets.
- Liaise with JV Parent Company information security teams to ensure ISMS alignment.
- Understand the Client and Joint Venture Partners' Environment and Sustainability Policies, Processes and statutory requirements as they affect the SCSJV project and ensure information security standards applicable within their discipline are implemented to mitigate CIA triad risks.
The Ideal Candidate
- Experience or understanding of security methodologies and industry-standard Iso 27001, PAS 1192-5
- Experience an understanding of GDPR
- Experience in risk management and the performing of risk assessments.
- A proven track record in security. Awareness of Security policies as they relate to all aspects of a company's operations globally.
- Experience dealing with information security incidents
- Strong understanding of security principle, including current security issues and trends
- Proven track record in an Information Security or IT Audit role
- Excellent interpersonal and organisation skills
- Excellent stakeholder management skills
- Experience of working in a security team
About the Company
The role will work on the HS2 project. HS2 is the UK’s new high speed rail network. It will be a catalyst for economic growth across Britain, freeing up space on the existing railways and connecting 8 out of the UK’s 10 biggest cities with fast, reliable and frequent high speed services
The Skanska | Costain | STRABAG (SCS JV) is delivering the HS2 Main Civils Contracts which include both Lots S1 (Euston Tunnels & Approaches) and S2 (Northolt Tunnels). Scope of works includes twin-bored tunnels (TBM), SCL tunnels, shaft sinking, bridge demolition and reconstruction, services diversions, earthworks and the construction of site compounds.
You’ll be a welcomed member of the wider team, with opportunities to take on additional responsibility, join one of our networks for women, military or LGBT+ staff, and participate in cultural and social events with the local community (e.g. as a STEM ambassador).
Your personal and professional development is important to us. We welcome a discussion about how we can support you with further study, or professional membership or attainment for example.
HS2 – working with Skanska, Costain and STRABAG, closely monitors job applications, to ensure an inclusive recruitment process. To ensure we are able to maintain this, and to recruit a diverse workforce, we require candidates to complete the diversity form as part of their application so we are able to monitor and improve our approach to diversity. Please note, all responses are anonymous and we will not share any of your data with other parties. All data will be held securely, (as stated within the Data Protection Act 1998) and will be reported to HS2.
It is an SCSJV requirement that all employees, Design House, and Supply Chains must implement and comply with the requirements of ISO 9001:2015 Quality Management System, ISO 14001:2015 Environmental Management System with guidance for use”, OHSAS 18001:2017 Occupational Health and Safety Management Systems and ISO/IEC 27001:2013 Information Security Management System, Policies, Plans, Procedures and Processes, and statutory requirements as they affect the Joint Venture ‘s operations and ensure that the requirements, as applicable within their discipline, are effectively implemented on the project. Develop a culture of safety on the project through the absolute commitment to the Zero Accidents target and ethos, and develops a wider awareness of quality, environmental issues and demonstrates commitment to achieve continual improvement and Zero tolerance.
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.