IT Security & Compliance Analyst

We invite applications for an IT Security & Compliance Analyst to be based in the UK/Europe area to support Bristow Operations in Ireland and the Netherlands.

We are seeking individuals with experience, energy and motivation who will work positively to impact our business and be able to adapt to changes in the workplace and be committed to the successful transition of this contract and safe delivery of operations.

Reporting to the IT Security and Compliance Manager, the IT Security and Compliance Analyst is responsible for supporting the implementation and oversight of cybersecurity programs and incident management, IT audit controls and discovery related to investigations. 

The position is also responsible for supporting the IT emergency response program, disaster recovery and business continuity planning.

Supporting the company ISMS policy the incumbent will provide advice and guidance to peers within the IT organization around all topics related to IT security and will collaborate with both internal and external stakeholders to ensure cybersecurity standards are met and the company’s systems remain secure from both internal and external threats.

PRINCIPAL RESPONSIBILITIES:

• Implement, maintain, and support an Information Security Management System (ISMS) including all applicable policies and procedures.

• Monitor and analyse security events and incidents, investigate, and respond to security incidents, and conduct investigations to determine the root cause and extent of security breaches.

• Develop and implement incident response plans and procedures to minimize the impact of security incidents.

• Conduct risk assessments to identify vulnerabilities and weaknesses in IT systems, networks, and applications. Evaluate risks and work with IT teams to implement appropriate security controls and safeguards to mitigate risks and protect critical assets.

• Manage and maintain on-prem / cloud-based directory services, identity, and access management (IAM) systems, and related technologies to ensure efficient and secure user authentication, authorization, and directory services operations.

• Ensure compliance with relevant laws, regulations, and industry standards, such as EASA, UK Cyber Essentials Plus, GDPR, and ISO 27001. Develop existing policies, procedures, and controls to meet regulatory requirements and maintain compliance posture.

• Conduct security awareness training programs for employees to educate them on security best practices, policies, and procedures. Provide guidance and support to IT teams and business units on security-related matters.

• Coordinate and participate in security audits and assessments, both internal and external, to evaluate the effectiveness of security controls and ensure compliance with policies, procedures, and standards.

• Prepare reports on security incidents, investigations, risk assessments, and compliance status. Maintain documentation of security controls, policies, procedures, and standards for auditing and reporting purposes.

• Coordinate with other IT centrally managed functions including Infrastructure, Applications and Service Delivery teams to ensure that appropriate cyber security controls and procedures are appropriately incorporated into architectural and solution designs.

PERSON SPECIFICATION: (minimum education requirements, key skills and experience)

Qualifications:

• Bachelor’s degree in computer science or related field.

Experience:

• Strong experience working within a similar role.
• Direct and recent working experience with at least two of the following compliance programs: UK Cyber Essentials Plus, EASA regulations 2023/203 & 2022/1645, ISO 27001, PCI, IRAP, MTCS, SSAE18, and/or SOC2.
• CISM and/or CISSP certification preferred.
• Strong knowledge of Sarbanes Oxley (SOX) General IT Controls.
• Knowledge of ITIL and Change Management concepts.
• Demonstrated experience participating in cross-functional project teams.
• Experience with managing third party technology and outsourced service providers.

Skills:

• Critical thinking – ability to use logic and reasoning to identify the strengths and weaknesses of alternative solutions or approaches to resolving problems.
• Ability to adjust and set priorities to meet project deadlines.
• Strong written and verbal communication skills.
• Ability to work effectively in a professional manner with technology staff, business stakeholders, end users, management, and others outside the organization, including OEMs and technology service providers.

Please note: As part of the Role, you will be expected to travel to our Bristow Operations based within Ireland and the Netherlands as and when required to do so.

All applicants must be currently eligible to work and live in the UK/Europe. All applications should submit a CV and a Cover Letter.