Cyber Security Analyst

Detailed job description and main responsibilities

Primary Job Function
• To research, interpret, disseminate, and implement best practice in cyber defence and 
network security including ISO27001, Cyber Assessment Framework (CAF), NCSC 
(National Centre for Cyber Security) guidance and Public Services Network instructions.
• The Security Analyst (SA) will assist in the management of the organizations cyber 
security risks so that the council has a secure platform from which to conduct its 
business. 
• To assist in all aspects of cyber security from planning, operation, monitoring and 
improvement to ensure security is embedded across the estate. 
• To will assist with incidents, investigations, auditing, corrective actions, documentation 
and providing advice to the Head of Cyber Security.
• To work collaboratively across all teams in the IDS department. 
• To ensure the council is meeting its regulatory and legislative responsibilities as defined 
by the PSN, PCI and GDPR.
• To support the organisations, drive to realise the technology roadmap which underpins 
the Council’s strategy.
• To provide expert guidance on security best practices and solutions.
• To conducts risk assessments and develops security strategies.
• To lead on incident response efforts, conduct forensic investigations, and manage 
security incidents.
• To collaborate with cross-functional teams to ensure security requirements are met.
• To lead on cyber security awareness.
• To lead on On-Premises and Cloud Security and best practice.
• To manage the SOC supplier.
• To manage Disaster Recovery runbooks.
• To oversee security testing for existing and new systems/applications.
• To monitor of DDOS/DMARC/DNS services.
• To research and implement the M365 security capabilities.
Research and advice
• To research, review, investigate, develop, and implement new technologies to maintain 
and enhance the technical security of the Council’s network in line with business 
requirements, best practice and regulatory requirements.
• To engage with suppliers, advisers and regulators to review, upgrade and enhance the 
security of the Council’s network, ensuring compliance with mandatory codes of 
connection.
• To advise the business, Architecture team and the Technical Design Authority on security 
architecture, network security, reviewing the network security implications of technical 
designs and implementations.
• To work closely with programme and project managers advising on projects that have 
technical security risks.
• Support the management of cyber security risk across the council taking remedial actions 
to reduce the risk profile.
• To support cyber security planning by incorporating changes from business 
requirements, compliance requirements, technology, processes, people, threats and 
vulnerabilities to ensure the direction of cyber security is kept relevant and continually 
improved.
• To update policies, procedures and processes that support the cyber security framework.
• Produce regular reports on the state of cyber security, assist in metric definition and 
measure cyber security progress and maturity.
• Advise managers running projects that have technical security risks. Perform risk 
assessments where required. Coordinate and lead small works to address security 
concerns.
• To be aware of the emergence of new cyber security threats and vulnerabilities. 
Compliance
• To performance review security controls across the estate to make sure those 
preventative measures are working to protect the organisation and regularly tested. And 
where found to be deficient to report them and rectify.
• To collaborate with cross-directorate teams to promote and implement high security 
standards for all council systems.
• To implement and maintain the daily operation and implementation of IT Cyber Security 
across the Council’s networks.
• To monitor, verify and audit compliance with best practice in network security including 
ISO27001, NCSC guidance and Public Services Network instructions on the Council’s 
network.
• To enforce and improve existing standards across the council, reacting to national 
standards and where applicable write these new standards in to council policy.
• To ensure the technical protection and security of data and technology assets.
• Define and write the policy for 3rd party connection standards to the council network 
and systems. Review and augment the policy regularly.
• To use and be responsible for security event management systems, intrusion prevention 
systems, vulnerability scanning tools and end point security systems.
• To demonstrate compliance to Internal Audit and external regulators, leading on relevant 
audits and technical aspects of the Council’s Public Services Network Code of Connection, 
NHS Information Governance Toolkit and Payment Card Industry (PCI-DSS) submissions.
• Create and distribute Cyber Security awareness and training materials within the council 
using existing distribution methods
• Conduct controlled, targeted, and scheduled Phishing Attack Simulation campaigns. 
Report on this and push out security awareness accordingly.
• Administrate critical systems including antivirus management, mail and communication 
systems, Internet monitoring, infrastructure management tools, storage provisioning, 
directory services and anti-spam. Cloud, hybrid, or on-premises.
Investigations and Forensics
• To coordinate and lead on the response to data security incidents, breaches of security 
controls, investigating events, prioritizing, coordinating, and reporting on impacts, 
ensuring evidence is secured to support further actions by the relevant authorities.
• To present the findings of technical investigations at briefings.
• To provide expert domain knowledge for dealing with security incidents, trigger 
investigations and provide reports to the Head of Cyber Security. 
• To have an exceptional level of discretion and confidentiality to undertake investigations 
involving access to highly sensitive, confidential material which may be damaging to the 
reputation of the council, citizens or employees.
• To provide expert domain knowledge into the response on the technical aspects of data 
security incidents, breaches of security controls, investigating events and reporting on 
impacts, ensuring evidence is secured to support further actions by the relevant 
authorities.
• To support the Head of Cyber Security in any technical aspects of investigations, 
ensuring evidence is secured to support further actions by the relevant authorities.
• To represent the Council in presenting the findings of technical investigations at 
briefings, hearing and in court.
• To be able to withstand cross examination by counsel during tribunals and possible 
prosecutions. Be able to effectively deliver the results of any investigation to the 
examining bench or panel.
• To extract and analyse data from computers, networks, and digital devices to identify 
security breaches or unauthorised activities.
Business Continuity
• To support the implementation of the council’s strategy and policy for technical disaster 
recovery. Provide technical advice to the council on disaster recovery and business 
continuity requirements.
• To provide guidance on practical business continuity of core infrastructure and systems 
during planned maintenance (e.g., during monthly service shutdowns).
Staff
• To support and encourage staff to be creative, flexible, and committed to providing 
solutions to the needs of the business and to relate to their customers in a clear, 
friendly, and prompt manner.
• To occasionally supervise apprentices, trainees, staff undertaking job shadowing, 
secondments, and other forms of work experience.
Meetings
• To participate in meetings with colleagues, customers and suppliers including team 
meetings and service review meetings.
• To represent Islington Council in external forums.
Documentation and Knowledge Sharing
• Create and maintain technical documentation, including system configurations, standard 
operating procedures, and troubleshooting guides.
• Share knowledge and best practices with team members, providing training and 
mentoring to enhance overall technical capabilities.
Other
• To undertake other duties commensurate to the grade of the post.
Additional
• The service operates from Monday to Friday, 8am to 5.30pm, and you will be required to 
work as directed within these hours; and you may be required to carry out essential 
maintenance work at other times out of hours. 
• To use and assist others in the use of information technology systems to perform duties 
in the most efficient and effective manner.
• To achieve agreed service outcomes and outputs, and personal appraisal targets, as 
agreed by the line manager.
• To undertake training and constructively take part in meetings, supervision, seminars,
and other events designed to improve communication and assist with the effective 
development of the post and post holder.
• The post holder is expected to be committed to the Council’s core values of public 
service, quality, equality, and empowerment and to demonstrate this commitment in the
way they carry out their duties.
• Ensure all the services within the area(s) of responsibility are provided in accordance 
with the Council's commitment to high quality service provision to users.
• Ensure that duties are undertaken with due regard and compliance with the Data 
Protection Act and other legislation.
• Carry out duties and responsibilities in accordance with the Council’s Health and Safety 
Policy and relevant Health and Safety legislation.
• At all times carrying out responsibilities/duties within the framework of the Council's 
Dignity for all Policy. (Equal Opportunities Policy).
Budget responsibilities
None
Work style
Flexible/Office-Based. The post-holder is expected to be onsite at 222 Upper Street at least one 
day a week and at other times as directed by their line manager.