The Information Security & Governance Analyst works with colleagues across and outside the Etex organisation, including both IT and non-IT functions, to manage and counter information security threats to Etex Group. This is a challenging task given the size and profile of Etex Group, as well as the geographical spread of our sites and workforce for which we are increasingly adopting mobile working practices.
The Information Security & Governance Analyst is an important member of the IT Governance Team and reports to the Security & IT Risk Manager. This new role will be responsible for activities that enhance Etex’ security exposure including, but not limited to delivering the Etex Security Awareness Program, Monitoring and continuous improvement of the Security Incident Response Process, Business Continuity Testing, Security KPI reporting and IT Risk Management. You will work closely with Senior members of Etex departments and our main service providers in completing these tasks, with increased focus on the security posture of our emerging digital and Operational Technology environment.
GENERAL DUTIES AND RESPONSIBILITIES
Independently advises the different internal and external IT Teams during security incident response.
Contribute to the Etex Security Awareness program and independently deliver this awareness program according to planning.
Gather and analyse (cyber) security intelligence and prepare (internal) recommendations accordingly.
Collaborate closely with the Digital team to further strengthen security capabilities in this emerging and high-risk environment.
Collaborate with the Manufacturing and Engineering organisation to support the IT-OT convergence and to ensure appropriate application of IT standards in the plants.
Review the result of vulnerability scans and related mitigation recommendations. Follow-up on status of mitigation plans with remediation owners.
Support Disaster Recovery Processes and periodic testing.
Support Governance, Risk, and Compliance Processes.
Assist in reviewing 3rd party security risk questionnaires and coordinate responses involved Etex stakeholders.
Assist in performing a recurring third-party vendor risk assessment (for security & IT risks).
Assist in monitoring security alers and detections from Etex's information security solutions and escalate critical alers to Senior Team Members. Assist in response and investigation efforts for security events. Independently perform analysis tasks asf assigned and report findings to senior team members.
Assist in monitoring security platforms' health for errors, misconfigurations, or performance alerts.
Provide inputs for Key Performance Indicators (KPIs) to help determine the effectiveness of security controls.
Perform all of the above in a cloud-based and service-oriented environment.
MINIMUM QUALIFICATIONS AND REQUIREMENTS
Minimum 3 years of experience in information security relevant disciplines.
Has a broad knowledge of and interest in new technologies and is able to understand the related benefits and risks.
Experience with at least one, but preferably more of the following : digital solutions, cloud technology and operational (plant) technologies.
Good working knowledge of O365 office solutions.
Good communication skills, both verbal and written. Ability to interact with both technical and non-technical staff.
Confidence to ask for assistance when necessary.
A positive attitude towards communication within the organisation.
Acts with integrity and takes personal responsibility for outcomes. Asks for feedback and actively listens.
Excellent problem solving skills.
Ability to work independently and in teams.
Driven to continually improve skills and abilities. Have a 'learn-it-all' mentality.
Relevant industry certification (related to security / IT Governance / risk management) is a plus.
The applicant should have an excellent level of English.
Etex Values and Competencies
Connect and CarePassion for ExcellencePioneer to Lead