Data Security Analyst

Job Purpose

The Data Security Analyst is responsible for protecting the organisation’s digital assets by ensuring that data handling and processing are secure and compliant with internal policies, applicable regulations, and industry best practices. This role is pivotal in identifying and mitigating security threats, enforcing adherence to security standards, and maintaining a robust cybersecurity infrastructure. The Analyst will work closely with the IT Security & Governance Manager, the Group Information Technology and various departments to implement security controls, monitor network activity for potential threats, and respond to security incidents. Key responsibilities also include developing and refining security protocols, conducting regular assessments, and providing actionable recommendations to strengthen the organisation’s overall security posture.
The specialist will collaborate with cross-functional teams, provide insights to senior management, and foster a culture of security awareness throughout the organisation.

Job Responsibilities

Technical Responsibilities

• Vulnerability Assessment and Penetration Testing: Conduct comprehensive VA/PT across IT infrastructure, including servers, web applications, APIs, and mobile applications.
• Security Incident Response: Investigate and respond to security incidents, including preparing incident reports and documentation.
• Security Configuration Management: Monitor and maintain security configurations in cloud platforms (AWS, Azure, Microsoft 365, Microsoft Fabric) and administer technical controls like firewalls, WAF, NAC, PAM, etc.
• Secure Coding Practices: Identify vulnerabilities in application code and provide technical guidance to development teams on secure coding practices.
• Data Protection Tools Management: Monitor and maintain data protection tools such as DLP, Data Classification, Privacy Management, SWG, SEG, EDR, MDM, and SOC dashboards.
• Technical Due Diligence: Conduct technical due diligence on new applications, assessing their architecture, performance, scalability, and compliance with security standards.
• Security Technology Research: Actively research, evaluate, and drive next-generation security technologies and solutions to meet organizational requirements.
• Network Traffic Analysis: Analyse network traffic, intrusion attempts, activity logs, and system alerts for trends, anomalies, and potential security breaches.
• Business Responsibilities
• Audit Coordination and Remediation: Support the coordination of internal and external audits, track security audit findings, and report remediation efforts.
• Governance Policy Management: Support the development, maintenance, and regular review of governance policies, procedures, and frameworks.
• Risk Assessment and Management: Conduct Data Protection Impact Assessments, implement robust data privacy controls, and identify, analyse, and mitigate data privacy risks and ensure compliance with regulatory requirements.
• Security Training and Awareness: Assist in developing and delivering security training programs and awareness campaigns for employees.
• Compliance Monitoring: Monitor adherence to IT and security governance frameworks and recommend improvements.
• Vendor Liaison: Liaise with vendors for POCs and demos of new IT security requirements.
• Security Requirements Analysis: Analyse business requirements and provide objective advice on IT security needs.
• Employee Support: Address employee concerns or questions on various aspects of security and compliance and gather feedback to improve systems.

Job Requirements

• Bachelor's degree or higher in a relevant field.
• Security certifications such as Certified Ethical Hacker (CEH) or CompTIA Security+ are preferred.
• Proven experience (typically 3+ years) in information security.
• Strong knowledge of cloud security, cybersecurity frameworks, standards, and best practices.
• Strong understanding of data governance frameworks, regulatory requirements, and industry standards
• Excellent communication and interpersonal skills.
• Demonstrated ability to influence and collaborate with cross-functional teams.
• In-depth understanding of risk management, compliance, and governance principles