Smiths News is the UK’s largest news wholesaler. Our colleagues serve 24,000 retailers every day of the year, operating from 37 distribution centres.
If you share our passion, spirit and can-do attitude, you really could go much further with us.
Service and efficiency put us at the forefront of our industry and with 55% market share we are the leading player in one of the world’s fastest moving supply chains.
Our teams go further, when others stop, striving to meet to the highest standards in all we do.
This role sits within the Technology Department reporting into the Head of Information Security for Smiths News. The Department is responsible for the efficient management of our technology infrastructure, data centre and cloud services, of which security is an essential component.
We manage the security of our systems to ensure that our staff, customers and data are protected from a wide range of threats.
About the role
This is an exciting opportunity for an experienced Senior Security Analyst to join the team, focused on leading day to day security operations, investigation and incident response;
creating new or developing existing security processes, continually driving service improvement within the security function.
The Analyst will be responsible for the following activities on a daily basis :
Monitor and Manage Security Platforms including :
End Point Protection and Anti-virus, Events and Alerts from our 24 / 7 SOC, Secure web and email Gateways and IPS;
Analyse Vulnerability Scans, identifying potential vulnerabilities and providing expert advice and guidance. Working with technical teams to prioritise and remediate issues, tracking progress through to completion.
Security Investigation and Incident Response :
Investigate events of interest detected during monitoring and audit activity;
Develop and maintain the team’s Incident Response Capability;
Review and create processes and playbooks aligned to current threat landscape;
Lead and perform the incident response function;
Provide detailed and summary investigation reports;
Liaise with external third party suppliers and consultants;
Work with the physical security team for site investigations.
Perform Regular Audits of Controls, Including Policy Compliance :
User and Admin access reviews, including system access, user privilege and JML;
System Log Reviews;
Patch Policy Compliance;
Facilitate Pen-test activity, including the review of reports and subsequent remediation activity.
Security Architecture :
Security review of designs, ensuring security best practice is incorporated into business solutions (internal hosted systems and cloud services);
Develop security controls, documenting and presenting recommendations to improve the security of the estate;
Create architectural security blueprints for internal development and for use during 3rd party supplier due diligence;
Formulate recommendations for security investment in line with current and future security trends and industry best practice.
Previous experiences / core competencies key to the role :
Expert Security Analyst with good experience of operational security functions;
Security Assurance and Design;
Use of vulnerability scanning technologies, interpreting results and categorizing severity of risk;
Azure AD and Office 365;
Good experience of Cloud Security;
Strong technical skills;
Holds a current security qualification, such as CISSP, CEH etc.;
Maintains up to date expert knowledge of modern threats and security trends.
What we can offer you
Pension scheme with 5% company contribution;
Life assurance at x2 your annual salary;
25 days holiday (plus bank holidays);
Cycle to work;
Heath cash plan;
Leisure discounts; Gym, holiday, Theme Parks ;
Colleague Assistance Programme.
Inclusion and diversity is a key part of our culture. Through our Everyone In initiative, we’re working together to build a more inclusive and diverse workplace and shape a culture that embraces people from all backgrounds, experiences and orientations.