We are looking for a Cyber Security Analyst to join the dedicated IT Team in supporting our Cyber Security strategy, leveraging current and future investment in IT Security. Working both strategically and operationally, this is a key, demanding role within the organisation and will complement a committed, confident and self-directed IT professional.

As a valued subject matter expert, you will be given responsibility to influence and shape the overarching security strategy, with opportunities to implement and develop technologies to better safeguard the organisation. This opportunity will see you working closely with colleagues in the IT Team in addition to specialist security partners, ensuring benefit for both the Society and its members.

You'll be actively working towards CIS, NIST and ISO27001 frameworks to establish an exceptional baseline for control, influencing architecture and design of both existing and future systems, in addition to maturing current technologies, workflows and processes.

The successful applicant will have an excellent working knowledge of IT in general, a keen eye for detail and a commitment towards improving all aspects of work. You'll hold real-world experience and a deep working interest in cyber security.

This is a hybrid role, working on site in our Chorley based Head Office, with opportunities to work from home on hybrid terms typically on a 2-day office, 3-day remote basis, subject to Society and role requirements.

Reporting to the Infrastructure Administrator, with daily team touch points, it is essential you hold a positive can-do attitude, a strong desire to improve practices, and autonomy in your daily work.

Key Responsibilities

Vulnerability Management: Full life cycle management including detection and remediation

SOC Management: Maintain third-party 24/7 SOC relationship and workflow approvals.

Threat Intelligence: Proactive threat assessment; act as a Subject Matter Expert using intelligence feeds and network groups, focusing on financial and UK markets.

Tooling & Automation: Develop and maintain security toolsets and automate workflows to drive efficiency.

Incident Handling: Coordinate incident handling, contingency planning, and incorporate “lessons learned” into future procedures.

Program Development: Key developer of the Information Security Program, including mitigation planning and trend analysis.

Reporting: Report on security incidents, risks, and statistics to the Infrastructure Administrator.

Audit & Maintenance: Audit and develop best practices for firewalls, networking, Microsoft 365, MDM, and antivirus to reduce exposure.

Systems Hardening: Maintain infrastructure, server and end-user compute security including firewall configuration changes and reviews.

Data Protection: Development and maintenance of Data Loss Prevention, email security policies and other data controls.

Testing: Organise and oversee infrastructure exposure assessments and penetration testing.

Access Control: Monitor and maintain account security and access rights.

Reviews: Oversee access reviews across all systems, including assessment and continued development.

Frameworks: Drive development in ISO27001, CIS, and NIST type frameworks ensuring industry best practices.

Audit & Gap Analysis: Accountable for regular security audits and gap analysis to ensure industry standard compliance.

Third-Party Risk: Conduct security due diligence on third-party responses and maintain reports.

Policy Development: Collaborate on security policies, hardening guidelines, and departmental procedure guides.

Phishing Management: End to end management of phishing, through design, scheduling and reporting.

Staff Education: Conduct training on areas such as emerging threats, best practices, phishing, and password management.

Service Desk: Provide helpdesk, infrastructure, and application support as required and aligned to the role.

Information Resources: Accountable for the confidentiality, integrity, and availability of information resources.

Rota: Contribute to the Saturday morning support rota (approximately 1 in 6 weeks).

Skills & Experience

Infrastructure & Platform Management: Proficient in Windows 11, Windows Server, Active Directory, InTune/Group Policy and Microsoft 365. Experience with Azure, AWS and Linux is highly valued. Proficient troubleshooting skills to resolve basic general IT issues.

Network & Security Engineering: Advanced understanding of firewalls (Fortinet desirable) and network configuration. You will manage vulnerability mitigation and incident response both independently and in collaboration with our 24/7 SOC. Ability to prioritise and mitigate security threats.

Compliance & Resilience: Excellent knowledge or experience of NIST, CIS, and ISO27001 frameworks. Proven experience in developing cyber resilience and disaster recovery plans (within regulated industries desirable).

Automation & Development: Ability to use PowerShell and Microsoft Graph API to automate security tasks and integrate Microsoft services, elevating efficiencies.

Communication & Training: Capable of translating technical threats into management reports and confident in delivering security best-practice training to staff across the business.

Autonomy: Ability to proactively acquire and apply new technical knowledge to all areas of work. To be able to work independently on daily tasks and objectives, alongside independent, department and Society-wide projects.

Required : Prior cybersecurity experience, Microsoft stack proficiency, strong network/firewall knowledge, excellent communication.

Advantageous: Experience in audited industries, Fortinet expertise, cloud security (Azure/AWS), and basic Linux knowledge.

Role Structure

Department: IT, reporting to the Infrastructure Administrator

Contract Type: Permanent, subject to probation

Salary: £30,000 - £40,000 dependent on skills and experience

Working Arrangements: Based at Key House, Chorley, Lancashire, PR7 1NZ. Hybrid working arrangements are available, typically on a two-day office minimum expectation. Saturday morning rota contribution approximately one in six weeks.

In addition to a competitive salary and benefits package (dependent on relevant experience), you will be working as part of a team where teamwork, respect and integrity are our core values.

Diversity and inclusion are important to us as we strive to represent the communities we serve. We support an inclusive environment for all our people to bring their whole selves to our Society. We encourage applications from individuals of all backgrounds, ethnicity, gender identity, sexual orientation, disability, neurodiversity, age, family or parental status, beliefs, nationalities and religions.  If you have a disability, or if you have a condition that you believe may affect your performance during our selection process, please request any reasonable adjustments you’d like on your application form.