Information Security: Threat and Vulnerability

There has never been a better time to join our organisation as we build towards a greener future, tackling climate change, minimising our environmental impact, and reducing our carbon footprint! This is an exciting opportunity to work in a varied role with an ever-changing landscape, where you will be challenged and given the opportunity to learn and thrive. **You must be eligible to work and reside in the UK** Job Overview This role will be working closely with our CISO in our Durrington offices, on a hybrid basis (flexibility to be on site as required is essential), you will be working both reactively and proactively while Southern Water goes through a huge Digital Transformation, where we are introducing new technology often. You will be working with cutting edge practices, and some of the best tools on the market with full support from the top down. On a day-to-day basis, you will be: * Scoping and organising Pen Tests * Managing scheduled and Ad Hoc scanning and other testing * Converting findings into actions and tracking resolutions * Using comprehensive Threat Intelligence feeds to map environments and take necessary actions * Threat hunting * Document and update, as appropriate information security policies, standards and processes: ensuring they stay up to date * Supporting response to incidents * Supporting the ongoing refinement of CMDB in IT and OT environments for mapping of Threat Intelligence * Working closely with physical and personnel security, particularly in connection with CNI * Responding to regulator queries * Liaising with NCSC and other bodies * Shaping and refining the Threat and Vulnerability Management approach and strategy * Working with the project community to educate and plan testing, scanning and other considerations * Advising and supporting executive leadership and other colleagues About You The most important thing is the right attitude; we want someone who can work flexibly, and be open to learn and grow with this role. We are not looking for any specific qualifications for this position, however if you have got proven history of learning and growing; investing in yourself, that’s going to give you a strong advantage. You will have experience in: * Threat and vulnerability management in a complex organisation * Monitoring threat levels and assessing potential impact * Reviewing threat reports and making decisions on the best course of action; following through the issue through to resolution * Prioritising threats and taking action accordingly You will also have: * Expertise in industry standard scanning tools and Threat Intelligence feeds * Knowledge of ISO27001/ISO27002 * Excellent documentation and reporting skills * Attention to detail * Ability to work effectively within a team * Good communication skills * Ability to manage situations of complexity with positive outcomes * Ability to clearly communicate actionable insights and complex findings * Positive problem-solving ‘can-do’ attitude * Innovative ways of working * Ability to translate technically complex findings into layman’s terms * An understanding of the differences between Corporate and ICS/OT environments