Cyber Security Analyst

Who we are.

We're DF Capital, a specialist savings and commercial lending bank built to serve the needs of individuals and businesses in the UK. From straightforward savings to practical commercial finance solutions, our aim is to provide first class customer service to help manage and grow businesses or consumer savings.

Our Culture.

At DF Capital we aim to provide an inclusive, progressive and sustainable environment where our employees thrive. Having engaged employees who enjoy what they do is the key ingredient for us to deliver on our strategic ambitions. We believe having great people in our team, who work hard and put our customers’ needs first, is a differentiator and builds depth of relationship, repeat business and customer loyalty. Fostering a positive culture across the firm, making sure our employees feel valued for their contribution and keeping them safe and well are critical to us. We see ourselves as a progressive employer who has clear structures and many opportunities for our employees to build their career.

Responsibilities:

• Responsible for supporting the management and operation of the information security management system, including creating and maintaining security policies, standards, processes and procedures.
• Assessing and managing information security and cyber risks for the business. This will include using threat intelligence sources and other tools to identify risks, designing controls and reporting risk management decisions.
• Reporting on the effectiveness of the ISMS using agreed metrics.
• Developing and operating the vulnerability management process. This will include operating the vulnerability scanner and managing findings through to resolution.
• Using modern cyber security tooling to identify, classify, investigate and resolve information and cyber security incidents across the business.
• Leading the response to information and cyber security incidents. This will include managing all related policies and processes, and responsibility for all logging and reporting of incidents.
• Work with a wide range of stakeholders, including franchisees, you will continue to develop and manage the information security awareness programme across the business. You will raise awareness of threats and good practices throughout the organisation.
• Managing audits, including scoping penetration tests and manging findings through to resolution.
• Managing supply chain security. You will risk assess suppliers and recommend appropriate controls.
• Monitor the external threat landscape to ensure that the company are able to make risk based decisions on relevant information.
• Supporting growth within the business you will work with other areas of the business and franchisees to respond to client requests for information security assurances.

Requirements

• Experience of using modern cyber security tooling such as such as Vulnerability Scanning, SIEM, IPS, IDS and EDR
• Experience of both hybrid on-premises and cloud solutions. Experience of Azure, O365 and AWS is desirable.
• Experience of both on-premise and azure active directory, including modern authentication techniques.
• Experience in managing and influencing multiple stakeholders, globally, and comfortable working across all levels of the company from customers to C-level executives. Interactions with other technical teams from the service desk to data and infrastructure will also play a key part of this role.
• Experience in an information, cyber or IT security role. The ideal candidate will have recognised qualifications in these areas.
• Experience of driving innovation and continuous improvement in information and cyber security.
• Well-developed technical understanding of IT systems, including practical experience using security tools.
• Experience of developing and managing policies, standards, processes, and procedures.
• Familiarity with common information security management standards, such as the ISO 27000 group of standards, Cyber Essentials, NIST and CIS.
• Knowledge of threats and good practices in secure software development.
• Excellent communications skills with the ability to develop sustainable relationships with key stakeholders.
• The ability to translate complex technical concepts to a non-technical audience.
• Experience leading and investigating security incidents.
• Experience and knowledge of data protection legislation and the practical implementation of regulations

• Excellent communication and organisational skills. Ability to present to non-technical audiences
• Experience in Financial Services, preferably with experience in card processing
• PCI-DSS / ISO27001 implementation experience
• Knowledge of data protection legislation

Benefits

• Private medical insurance
• 10% Employer pension contribution
• Life Assurance
• Income Protection
• Generous 30-day annual leave entitlement (not including bank holidays)
• Discretionary bonus
• Free Gym Membership
• Vibrant office location in lively Manchester city centre