Senior Information Security Analyst

As a Senior Information Security Analyst, you will be a key member of Lhasa's security team, acting as both a technical expert and strategic advisor in protecting Lhasa's information assets, lead complex security initiatives, and mentor team members whilst driving continuous improvement of our security posture.

This broad role covers securing our internal and external infrastructure and cloud platforms, supporting the software development lifecycle of Lhasa's products, performing technology and supplier risk assessments, proactive vulnerability management, penetration tests and incident investigation and response activities.

You will work autonomously whilst collaborating closely with internal stakeholders, IT professionals, Solution Teams, business leaders, and external partners to ensure compliance with security standards and regulations. You will influence security culture across the organisation and contribute to the strategic direction of Lhasa's information security programme.

This position reports to the Head of IT., Governance and Risk Management:

• Develop, maintain, and enforce security policies, ensuring they remain current and fit-for-purpose
• Develop and maintain a comprehensive risk management plan.
• Ensure appropriate cyber security protection in line with established procedures and external standards.
• Work cross-functionally to ensure delivery of our software solutions embeds good regulatory and risk practices (e.g. ISO27001, CSA, NIST).
• Conduct technology and supplier risk assessments

Application Security & SDLC:

• Embed security practices throughout the SDLC, including threat modelling, secure code review, and security testing
• Conduct comprehensive application security assessments and provide expert guidance to development teams
• Lead penetration testing and ethical hacking exercises to evaluate the security posture and resilience of the organization's systems and our products.
• Assess security implications of AI/ML features in Lhasa's products and provide guidance on secure AI implementation

Security Operations

• Monitor and analyse security events and incidents and coordinate the response and recovery actions.
• Drive security automation initiatives to reduce manual effort and improve efficiency
• Research and evaluate new security technologies, tools, and trends, and recommend appropriate solutions to enhance the security capabilities of the organization.

AI Security & Governance

• Assess security risks of AI tools and platforms used across the organisation
• Develop and implement policies for secure AI adoption and usage
• Evaluate AI-powered security tools and their effectiveness in enhancing security capabilities
• Monitor emerging AI security threats and recommend appropriate controls

Stakeholder Engagement & Mentorship

• Build and foster positive relationships with senior stakeholders across the business to identify and address security gaps
• Translate complex technical security risks into business language for non-technical audiences
• Negotiate security requirements and controls with delivery teams and external partners
• Mentor and guide junior security team members
• Lead security awareness initiatives and training programmes

Do you have experience in Software development?, * At least 5 years relevant hands-on information security experience gained in an Sr Information Security Analyst or similar role.

• Proven experience leading security initiatives and projects independently from conception to completion
• Demonstrable experience implementing and maintaining compliance with ISO 27001 and data protection regulations (GDPR, UK data protection laws)
• Hands-on experience managing and optimising security tools and platforms (e.g. SIEM, MDR, DLP, IAM)
• Experience mentoring or leading junior team members

Professional Qualifications

• Holder of industry-recognised Information Security certification (e.g. CompTIA Security+, CEH, CISSP, CISM)

Knowledge & Frameworks:

• Deep understanding of cloud security principles and tools (AWS Security Hub, Azure Security Center, etc)
• Advanced knowledge of the software development lifecycle and understanding of secure development principles and OWASP Top 10.
• Understanding of AI security risks, including prompt injection, data leakage, model security, and emerging AI threat vectors
• Strong working knowledge of security standards, frameworks and best practices, such as NIST, ISO, CSA, GDPR, etc.
• Expertise in security testing methodologies, such as vulnerability scanning, penetration testing, ethical hacking, and red teaming.

Soft Skills:

• Strategic thinking with ability to align security measures with business objectives and contribute to organisational planning
• Excellent communication and stakeholder management skills, with ability to influence at senior levels
• Collaborative approach with willingness to share ideas and feedback to achieve common goals and solve problems.
• Flexibility and adaptability to changing situations, expectations, and needs.
• Strong analytical and problem-solving abilities to investigate complex security incidents and identify root causes
• Self-starter with proactive approach to identifying opportunities for improvement
• Detail-oriented with strong organisational skills, * Experience in regulated industries or with compliance frameworks beyond ISO 27001
• Background in software development or DevSecOps practices

Competitive depending on experience, plus generous benefits package, including: 34 days holiday per year (plus bank holidays) * Health care cash back * Private medical insurance * Discounted gym and retail benefits * 3 x life insurance * annual pay reviews * annual bonuses * free onsite car parking * Employee advice line * Generous pension plan, Purpose-driven mission: Our work contributes to safer chemicals and medicines and your work will have tangible impact on human health globally.

Collaborative environment: Our culture values diverse perspectives and collective problem-solving.

Continuous learning: We invest in your growth because your expertise drives our mission.

Work-life integration: Flexible working arrangements that recognize the importance of sustainable innovation. Great ideas don't come from burned-out minds.

Competitive recognition: Excellent compensation package that reflects the value of your expertise.