Cyber Security Analyst/Lead

Vacancy No VN991

Cyber Security Analyst/Lead

Join Chambers and Partners as our next Cyber Security Analyst/Lead, a pivotal role at the heart of our commitment to safeguarding information and maintaining trust. You’ll lead the development and delivery of our information security programme, protecting our systems, data, and digital assets from evolving threats. This is an exciting opportunity to drive key security initiatives, oversee cutting‑edge technologies, and ensure compliance with leading industry frameworks within a globally respected organisation.

• Security Strategy & Governance:
  • Develop, implement, and maintain the organisation’s information security strategy, policies, standards, and procedures in alignment with business objectives and regulatory requirements.
  • Lead the development and implementation of an Information Security Management System (ISMS) based on ISO 27001.
  • Conduct regular security risk assessments, identify vulnerabilities, and recommend appropriate mitigation strategies.
  • Stay up‑to‑date with the latest cybersecurity threats, trends, technologies, and best practices.
  • Provide expert advice and guidance on information security matters to various stakeholders across the organisation.
• Security Operations & Incident Response:
  • Oversee the day‑to‑day operation of security systems and tools, including firewalls, intrusion detection/prevention systems (IDS/IPS), antivirus, anti‑malware, SIEM, vulnerability scanners, and data encryption solutions.
  • Manage vulnerability management programmes, including regular scanning, penetration testing, and remediation of identified weaknesses.
  • Lead and manage security incident response, including detection, analysis, containment, eradication, recovery, and post‑incident review.
  • Develop and maintain robust disaster recovery and business continuity plans related to information security.
  • Monitor security alerts, logs, and reports for suspicious activity and potential threats.
• Compliance & Audit:
  • Ensure the organisation’s adherence to relevant information security regulations, laws, and industry standards (e.g. HIPAA, PCI DSS, NIST, CIS, ISO 27001, Cyber Essentials+).
  • Coordinate and participate in internal and external security audits, provide evidence, and ensure timely remediation of audit findings.
  • Develop and implement security awareness training programmes for all employees to foster a security‑conscious culture.
  • Manage third‑party security risk assessments and ensure vendor compliance with security requirements.
• Infrastructure Security:
  • Collaborate with IT Operations and Infrastructure teams to ensure security is embedded in the design, implementation, and maintenance of all IT infrastructure, including cloud environments (e.g., Azure, AWS, GCP), networks, servers, and endpoints.
  • Manage access controls, identity management (e.g., Entra ID/Azure AD), and privileged access management (PAM) systems.
  • Manage access control processes to 3rd‑party applications, and 3rd‑party relations.
  • Oversee the patching and configuration management of all systems and applications to reduce the attack surface.
• Management & Leadership:
  • As the role develops, we expect the need for a dedicated team of security professionals. The position will then be responsible for the team’s service delivery, including leadership, mentoring, and general support of team tasks.
  • Manage relationships with third‑party security vendors and service providers.
  • Prepare and manage the IT security budget, ensuring optimal allocation of resources.
  • Communicate security risks, incidents, and performance metrics to senior management and other stakeholders.
  • Drive continuous improvement initiatives within the information security function.

• Bachelor’s degree in Computer Science, Information Security, or a related field (or equivalent practical experience).
• Demonstrable experience in information security.
• Experience creating Cyber Security roadmaps.
• Strong understanding of information security principles, frameworks (e.g., ISO 27001, NIST, Cyber Essentials), and best practices.
• Hands‑on experience with security technologies such as firewalls, SIEM, IDS/IPS, vulnerability scanners, endpoint detection and response (EDR), and identity management solutions.
• Experience with cloud security (e.g., Azure Security).
• Proven experience in managing security incidents and conducting incident response.
• Familiarity with data privacy regulations (e.g., GDPR).
• Excellent analytical and problem‑solving skills with a keen eye for detail.
• Strong communication, interpersonal, and presentation skills, with the ability to convey complex technical information to non‑technical audiences.
• Ability to work independently and as part of a team in a fast‑paced environment.
• Experience building, developing and managing technology improvement programmes.
• Experience selecting and managing third‑party suppliers and solutions.
• Evidence of setting vision and direction, inspiring and engaging with others to deliver.
• Technically astute, with in‑good knowledge of IT operation and infrastructure.

• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• CompTIA Security+
• CEH (Certified Ethical Hacker)
• Cloud Security certifications (e.g., Azure Security Engineer Associate, AWS Certified Security - Specialty)

• Passionate about technology infrastructure (Cloud), platforms and delivering exceptional service to customers and the business.
• Able to switch between visionary, strategic thinking and business‑as‑usual operations.
• Prioritisation skills to handle fast‑paced dynamic environment.
• Constructively challenges convention and seeks new ways of achieving better results.
• Regularly demonstrates sound and pragmatic judgement, balancing pace, risk and business value to reach decisions that are well‑informed and actionable.
• Proactive self‑starter who continuously seeks ways to improve.
• Excellent communication and interpersonal skills, with ability to communicate complex subjects, sell ideas, and influence business and technology stakeholders at all levels.
• Attention to detail, focused on the finer details that make the difference.
• Provides thought leadership in service and infrastructure domains.

Benefits are not listed in the source information.