Information Security Analyst
  • United Kingdom London
  • Jobs via eFinancialCareers
1 year before
31.12.2023
Protect and Defend
Cyber Defense Analysis
Job Description

About the job
About Columbia Threadneedle Investments

You'll find the promise we make to our clients is the same one we make to our employees: Your success is our priority.

Here, you'll find growth and career opportunities across all our businesses. We're intentionally built to help you succeed. Our reach is expansive with a global team of 2,000 people working together. Our expertise is diverse with more than 450 investment professionals sharing global perspectives across all major asset classes and markets. Our clients have access to a broad array of investment strategies and we have the capability to create bespoke solutions matched to clients' specific requirements.

Columbia Threadneedle is a people business and we recognise that our success is due to our talented people, who bring diversity of thought, complementary skills and capabilities. We are committed to providing an inclusive workplace that supports the diversity of our employees and reflects our broader communities and client-base. We welcome applications from returners to the industry.

We appreciate that work-life balance is an important factor for many when considering their next move so please discuss any flexible working requirements directly with your recruiter.

Job Purpose Statement

Part of Ameriprise Technology, Asset Management Technology is a dynamic service-focused organisation dedicated to ensuring great outcomes for our partners in Columbia Threadneedle Investments. You will be part of the Chief Information Security Officer's organisation, working with a great team of multi-talented security professionals where you will be valued and rewarded for your skills and can develop yourself even further.

We will bring you into the team support structure, building your knowledge through training and guidance to increase your awareness and capability. Once you are able, you will not only deal with Incident Management but also feed into the day-to-day process used by the team for operational activity and incident triage.

Your position will require you to work with technical and user teams within the local team structure. You will be leveraging our global team to reduce risk, ensure compliance with business policy and provide a regional view to the business leadership whilst gaining exposure across all Information Security domains.

Role Responsibilities

How you'll spend your time....

Coordinated analysis of identified vulnerabilities and patch releases to ensure a risk-based approach is taken for remediation.
Collaboration with technical teams for issue remediation in a timely manner
Oversight of user access reviews to ensure appropriate ownership; ensuring all reviews are completed on time, liaising with reviewers and review owners as required, and escalating where necessary
Oversight of the Joiners, Leavers and Transfer processes
Risk identification and remediation within the technical infrastructure through knowledge of Information Security and awareness of business policies
Monthly trend reports on Key Risk and Performance Indicators and (KRI's/KPI's)
Extending the UK team presence for the global Cybersecurity team
Responding to identified Indicators of Compromise (IOC) events which effect the European and Asia regions
Proactive monitoring and analysis of information security system logs

Key Capabilities

To be successful in this role you will have....

A basic understanding of infrastructure and application technology
You must have a desire to develop skills in all areas of IT security.
Able to persuade and influence people
Good communication skills
This is a security job, so sometimes you'll have to work under pressure and show flexibility to meet tight deadlines
Worked in a technology environment
Have Information Security background knowledge through either experience or self-study

Desired Capabilities

If you also had this, it would be great....

A continuous improvement mindset
A broad range of technology experience would be good (infrastructure, application, etc.)
Evidence of a recognised Information Security qualification (Security+, CISSP or similar).

Quick response
Required Knowledge
  • K0001   Knowledge of computer networking concepts and protocols, and network security methodologies.
  • K0004   Knowledge of cybersecurity and privacy principles.
  • K0005   Knowledge of cyber threats an`d vulnerabilities.
  • K0007   Knowledge of authentication, authorization, and access control methods.
  • K0013   Knowledge of cyber defense and vulnerability assessment tools and their capabilities.
  • K0044   Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • K0049   Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
  • K0058   Knowledge of network traffic analysis methods.
  • K0059   Knowledge of new and emerging information technology (IT) and cybersecurity technologies.
  • K0060   Knowledge of operating systems.
  • K0061   Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
  • K0070   Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
  • K0074   Knowledge of key concepts in security management (e.g., Release Management, Patch Management).
  • K0075   Knowledge of security system design tools, methods, and techniques.
  • K0179   Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
  • K0221   Knowledge of OSI model and underlying network protocols (e.g., TCP/IP).
  • K0624   Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
Required Skills
  • S0027   Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
  • S0036   Skill in evaluating the adequacy of security designs.
  • S0078   Skill in recognizing and categorizing types of vulnerabilities and associated attacks.
  • S0147   Skill in assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.).
  • S0169   Skill in conducting trend analysis.
  • S0367   Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
Required Abilities
  • A0123  Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • A0159  Ability to interpret the information collected by network tools (e.g. Nslookup, Ping, and Traceroute).