Information And Cyber Security Analyst

We are seeking a dedicated and forward-thinking Information and Cyber Security Analyst to join our expanding security team on a permanent, full-time basis. Collaborating closely with our wider team, you will play a vital role in ensuring the protection of our Richmond and Wandsworth communities, as well as our residents' services and digital data. Your expertise will be crucial in driving forward our security capability, implementing best practice solutions, and fostering a culture of security by design.

In this role, you will be responsible for safeguarding the data of our residents and ensuring the security of our councils' systems. Acting as a subject-matter expert, you will focus on areas such as Data Security, M365 and Azure, and Applications Security. Your key responsibilities will include designing and implementing robust security processes, ensuring compliance with industry best practice and regulations, and integrating security principles into our existing processes and systems through effective communication with other teams and suppliers.

As part of the London Boroughs of Richmond upon Thames and Wandsworth, you will have the opportunity to work within a ground-breaking Shared Staffing Arrangement. With a workforce of over 4,000 employees, we are one of the largest and most innovative local government organisations in London. We are committed to sharing business processes and systems while delivering quality, value-for-money services and maintaining individual Council sovereignty.

Joining our growing security team, you will contribute to the development of ISMS frameworks, enhancing our security posture and maturity, and embedding a culture of security by design. Cyber security is a top priority for us, and we are dedicated to protecting our residents' services and data, as well as our online security. This is a fantastic opportunity to expand your knowledge and advance your career, gaining exposure to various systems, applications, projects, and security practices.

The ideal candidate for this role will be a passionate and experienced Information and Cyber Security Analyst with extensive exposure to at least three of the following areas: M365 and Azure Security, Data Security, Identity and Access Management Security, and Applications Security and Vulnerability Assessment. You should possess a thirst for knowledge, great attention to detail, and a determination to deliver quality results. Excellent communication and collaboration skills are essential, as you will be working with cross-functional teams, stakeholders, and suppliers. You should also be actively involved in vulnerability assessment/management, security risk assessment, incident response and analysis, and security awareness assessments.

The closing date for applications is 03/12/2023, with shortlisting taking place in the week commencing 04/12/2023, and interviews scheduled for the week commencing 11/12/2023. If you would like to have an informal conversation about this role, please contact Iman Baba, Information and Cyber Security Manager, via iman.baba@richmondandwandsworth.gov.uk.

Richmond and Wandsworth Councils are committed to promoting equality, diversity, and inclusivity in our recruitment practices. We recognize the value of a diverse workforce and the positive contributions that individuals from different backgrounds can bring to our organization and service delivery. We are proud to be a Disability Confident employer and offer flexible working arrangements to support work-life balance. Additionally, we provide a generous holiday allowance of 40 paid days (pro rata) including bank holidays and various opportunities for learning and development.

• Can you describe your experience in developing security processes and features that are compliant with industry best practices and regulations?
• How would you approach ensuring the safeguarding of our Richmond and Wandsworth communities and residents' services and digital data?
• Can you explain your expertise in data security and how you would apply it to protect the resident's data of the two boroughs?
• What is your experience with M365 and Azure Security, specifically with Defender, Sentinel, and Vulnerability Management?
• How would you approach implementing security by design and creating a culture of security within our organization?
• Can you discuss your experience with identity and access management security and its importance in maintaining system security?
• Describe your experience with applications security and vulnerability assessment. How have you used this expertise to identify and mitigate security risks?
• Can you provide an example of a security risk assessment or incident response you have participated in? How did you contribute to the resolution?
• How would you effectively communicate and collaborate with cross-functional teams and stakeholders to ensure the integration of security principles into existing processes and systems?
• What strategies do you use to stay updated on the latest trends and developments in information and cyber security?

• What are the current security measures in place to protect the residents' data and the council's systems?
• Can you provide more information about the ISMS frameworks that are being developed to enhance the borough's security posture?
• What opportunities are there for career development and progression within the security team?
• How does the organization promote and support a culture of security by design?
• Can you provide examples of specific projects or initiatives that the security team has worked on?