Information Security Analyst

Job Introduction

The Information Security Analyst – ISO27001, PAS1192-5 will support the information security across the HS2 Main works project. With particular emphasis and experience in ISO27001:2017, PAS 1192 & CE. 

This is a good opportunity person who is looking for a role in which you can grow into a senior Information Security role and further their cyber security career.  You will have the opportunity to drive through security standards, processes and continue to assess any requirements. You will be dealing with Information Security Audits, carrying out regular IT Security Audits and implementing information security policy & guidelines following best professional and industry practice. You will report to the Head of Cybersecurity and resilience. Ensuring that existing and new systems introduced into the SCSJV Main works project adhere to the security controls mandated by the SCSJV security policies and procedures.

Role Responsibility

• Responsible for supporting the implementation and maintenance of ISO 27001 Cyber Essentials and PAS1192-5.
• Arrange and manage the Pen testing with approved providers  
• Responsible for supporting the implementation and maintenance of an ISO 27001, ISMS.
• Support the implementation of the information security policy, including best practice and processes.
• Provide information and cybersecurity support with regards to statutory and legal requirements, such as GDPR.
• Work with functional departments to ensure the consistent application of information and cybersecurity policies and standards across all technology projects, systems and services
• Foster Information Security awareness to minimise cyber risks and give to SCS JV staff and supply chain in Information security and cybersecurity matters.
• Be able to work with the customer HS2 and relevant SCS JV departments such as physical security, IT internal audit, HR, document management,  enterprise risk management, data privacy protection and respective supply chains on Information Security related topics
• Support threat identification and vulnerability, ensuring that security vulnerabilities are raised to internal teams and 3rd party suppliers and remediated according to agreed timescales.
• Participate in threat and risk assessment of information security assets.
• Liaise with JV Parent Company information security teams to ensure ISMS alignment.
• Understand the Client and Joint Venture Partners' Environment and Sustainability Policies, Processes and statutory requirements as they affect the SCSJV project and ensure information security standards applicable within their discipline are implemented to mitigate CIA triad risks.

The Ideal Candidate

• An Information Security graduate, with at least one year of industrial experience 
• Experience or understanding of security methodologies and industry-standard ISO 27001, PAS 1192-5
• Understanding of GDPR
• Understanding of risk management and risk assessments.
• Understanding of Security policies as they relate to all aspects of a company's operations globally.
• Knowledge of dealing with information security incidents
• Understanding of security principles, including current security issues and trends
• Excellent interpersonal and organisation skills
• Excellent stakeholder management skills
• Experience of working in a security team

About the Company

The role will work on the HS2 project. HS2 is the UK’s new high speed rail network. It will be a catalyst for economic growth across Britain, freeing up space on the existing railways and connecting 8 out of the UK’s 10 biggest cities with fast, reliable and frequent high speed services

The Skanska | Costain | STRABAG (SCS JV) is delivering the HS2 London Tunnels Contract. Scope of works includes twin-bored tunnels (TBM), SCL tunnels, shaft sinking, bridge demolition and reconstruction, services diversions, earthworks and the construction of site compounds.

You’ll be a welcomed member of the wider team, with opportunities to take on additional responsibility, join one of our networks for women, military or LGBT+ staff, and participate in cultural and social events with the local community (e.g. as a STEM ambassador).

Your personal and professional development is important to us. We welcome a discussion about how we can support you with further study, or professional membership or attainment for example.

HS2 – working with Skanska, Costain and STRABAG, closely monitors job applications, to ensure an inclusive recruitment process. To ensure we are able to maintain this, and to recruit a diverse workforce, we require candidates to complete the diversity form as part of their application so we are able to monitor and improve our approach to diversity. Please note, all responses are anonymous and we will not share any of your data with other parties. All data will be held securely, (as stated within the Data Protection Act 1998) and will be reported to HS2. 

It is an SCSJV requirement that all employees, Design House, and Supply Chains must implement and comply with the requirements of ISO 9001:2015 Quality Management System, ISO 14001:2015 Environmental Management System with guidance for use”, OHSAS 18001:2017 Occupational Health and Safety Management Systems and ISO/IEC 27001:2013 Information Security Management System, Policies, Plans, Procedures and Processes, and statutory requirements as they affect the Joint Venture ‘s operations and ensure that the requirements, as applicable within their discipline, are effectively implemented on the project. Develop a culture of safety on the project through the absolute commitment to the Zero Accidents target and ethos, and develops a wider awareness of quality, environmental issues and demonstrates commitment to achieve continual improvement and Zero tolerance.

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

SCS Railways