Job Description

finova is the UK\'s largest cloud-based mortgages and savings software provider, supporting over 60 leading lenders, 3000 mortgage brokers and 200 financial institutions. Our suite of award-winning software includes a Core Banking Platform, Broker Platform and finova Connect, a range of solutions that connect lenders, intermediaries and the consumer. Fast implementation and open architecture are at the centre of our technology, giving our customers the flexibility to integrate into their existing system or configure solutions to meet the needs of their business.

About the role As a finova Senior Security Analyst, you will play a crucial role in supporting the IT teams with day-to-day security incidents, projects, monitoring, investigations, and supplier security questionnaires. Your expertise will be instrumental in maintaining the integrity and confidentiality of finova\'s data and our clients\' data. You will also be looked upon to provide technical leadership to peers and offer support and guidance where needed. About You In terms of your experience, your attitude is everything, but we\'d particularly love to see:

• In depth knowledge of Core Infrastructure, AWS, Azure / Office 365 cloud platform
• Knowledge of information security standards and regulations.
• Strong analytical and problem-solving skills.
• Excellent communication and interpersonal skills.
• AZ-500, SC100/200/300 (Desired)
• CCSP/SSCP (Desired)
• Previous experience in Cybersecurity

Accountabilities

• Assist in the maintenance of finova\'s information security policies and procedures.
• Monitor the finova\'s and customer networks and systems for security breaches and investigate any incidents.
• Investigate reported security incidents.
• Work with IT teams to ensure that patching for vulnerabilities is carried out regularly and effectively.
• Conduct regular vulnerability assessments and internal penetration testing assessments.
• Producing test reports to the company standards
• Ensure compliance with industry standards and regulations such as ISO 27001, Cyber Essentials Plus, etc.
• Assist in the management of global InfoSec tools and services.
• Monitor Freshservice information security que and act on assigned calls.
• Manage the data incident process/es to investigate any potential breaches highlighted by DLP technologies.
• Organise Information Security Education and Awareness campaigns including phishing simulations and producing regular and ad-hoc group metrics.
• Work with IT to optimise security controls and improve the firm\'s external cyber posture to reflect the continually changing threat environment.
• Prepare and deliver Management Information relating to the Risk & Control programme.
• Create and update Knowledge Base articles to promote shift left and self-service within the operational teams.
• Create high quality supporting documentation of the cyber security controls and platforms in place and assist in tracking any agreed exceptions.
• Be the SME for all Cyber security platforms, engaging with relevant 3rd party Technology partners where required.
• Participate and assist in new infosec initiatives as directed.
  Internally, our roles are aligned across the Group to ensure consistency and to make sure everyone is clear of their role and its responsibilities.

Equal Opportunity Statement Diverse teams really are the best teams, we promote a working environment in which diversity is recognised, valued and encouraged. We acknowledge the multi-cultural and diverse nature of the UK workforce and society in general. We are committed to principles of fairness and mutual respect where everyone accepts the concept of individual responsibility. Our policy seeks to ensure job applicants and employees are treated fairly and without favour or prejudice. We are committed to applying this throughout the entire employee lifecycle. We know that some candidates (and, from the research we\'ve seen, especially women) may feel less inclined to apply for a role if they don\'t quite meet every requirement of the role. If you like the look of a role but you\'re not 100% sure if your skillset will meet our requirements, please reach out and we will be happy to talk through your experiences. Personal Data finova retains applicants\' personal data on our HR System for the purpose of reviewing and evaluating applications and contacting candidates to discuss job opportunities. For unsuccessful candidates, finova will retain your personal data and CV for the duration of 12 months for any future roles. If you object to this please email the People Team and we will remove you from our systems.