A fantastic opportunity to be part of establishing a new continuous control monitoring capability in the Information Security Team. The Information Security Data Analyst will help design and implement continuous controls monitoring across the spectrum of security controls. You will then analyse and report on insights to present to various stakeholders including the wider security team, Chief Information Officer, and stakeholders in other parts of the organisation. You will support decision making, compliance, performance improvement and stakeholder reporting. This role offers a great opportunity to understand the spectrum of security controls and contribute to the proactive improvement of security controls. Success in this role can open career pathways into other areas of information security.
At Centrica we embrace diversity and actively seek to attract individuals with unique backgrounds and perspectives. To build a more sustainable future, we need the best team – a team with a diverse mix of people and skills, where everyone feels welcome and able to succeed. We are not looking for you to fit our culture, we want you to add to it and feel like you can bring your whole self to work!
Package: Competitive base salary, annual bonus, private healthcare, pension and 25 days annual leave.
This role can be based anywhere in the UK. We are happy to discuss
flexible working arrangements during the interview process.
* To manage and execute the delivery of advanced data analysis across the suite of information security controls, to provide assurance and insights to stakeholders
* To understand information security risks, processes and be able to design and execute complex data tests to evaluate the effectiveness of controls
* Conduct analysis of controls data to identify risks, deficiencies, and opportunities for proactive improvement of controls
* Design and implement automated controls to test and measure effectiveness of information security controls
* Interface into other Centrica teams and systems to collect data and provide input into MI systems
* Ongoing management of the automated controls, identifying false positives, tuning, etc.
* Produce reporting and MI that demonstrates coverage of security controls and their effectiveness
* Manage the technical implementation and co
nfiguration of toolsets
* Develop Dashboards and presentations for reporting of control effectiveness
* Produce communication material and reporting suitable for senior leaders
* Utilise the Information Security Risk Management process to report control failures.
Competencies, Experience and Qualifications:
* Experience in implementing automated controls
* Knowledge of Data analysis tools (e.g. SQL/R/Python) and Data Visualisation tools (e.g. Power BI/Tableau) – able to analyse data using a variety of tools available and interpret the results. Analytical with attention to detail but able to propose practical actions
* Robust and independent mindset with the confidence to raise issues appropriately
* Able to work effectively as part of a team to deliver to tight deadlines
* Ambitious and proactive with a genuine passion for broadening their knowledge of information security controls
* API programming experience preferable
* Technical experience of programming skills, data lake and data analysis techniques
* Strong presentation, visualisation and reporting skills to various levels of stakeholders