Cyber Security Analyst, Vulnerability Management

We’re looking for a Cyber Security Analyst – Vulnerability Management to play a vital role in protecting our organisation’s IT environments. Reporting to the Cyber Security Manager – Vulnerability Management, you’ll be responsible for identifying, assessing, and driving the remediation of security vulnerabilities across our technology estate. Your work will be essential in helping the organisation maintain a strong and resilient security posture.

This role is key to proactively managing cyber risk, ensuring alignment with regulatory requirements, and supporting overall business continuity. You’ll work across teams to help prioritise and reduce vulnerabilities, making a real contribution to enterprise-wide security.

UAR Accountabilities:

• Understand and maintain the ISP-025 User Access Review procedure Create and maintain a plan, action logs, schedule regular review meetings and ensure actions are closed for user access reviews 
• Conduct and/ or facilitate regular User Access Reviews with key stakeholders and complete a quality check activity Repeat the review exercise as per the Control Calendar published by the Cyber assurance team at the minimum of every six months
• Create regular reporting of progress to the Company cyber assurance team in accordance with the Control Calendar and team KPIs Create and maintain effective user management of access controls to the team SharePoint including performing regular access reviews
• Complete user access related activities as required by the control calendars Maintenance of engagement and communication with company assurance team, system SMEs and, where necessary, third-party suppliers’ SMEs  

CAR Accountabilities

• Understand, analyse, and deliver business requirements in context of business intelligence related to the CAR Create regular reviews and progress of the CAR
• Understand the CAR data, analyse previous and current data and spot key performance indicators to support and meet CAR objectives Use the CAR to transform Heathrow’s business requirements into technical publication.
• Document all aspects of the CAR, from algorithms, parameters, models, all definitions, and configurations into well-defined documentation such as procedures and manuals Improve and enhance the CAR to meet Heathrow technical and strategic requirements and future changes Support the team with regulatory and compliance activities such as but not limited to Aviation regulations, UK legislation and compliance such as PCI-DSS 
• Support development and contribute to fit-for-purpose security policies and maintain baseline standards and patterns, frameworks and roadmaps with the team’ that deliver the strategic goals, business priorities and comply with technical and industry/regulatory standards Support and development of plans and roadmaps for the Cyber Security Team

• Proficiency or familiarity with data science, business intelligence, and data analytics, aware of data integration and modelling, along with presentation tactics and concepts 
• Experience of working with BI tools. Experience completed in working with BI systems, with ability to create and build rich dashboards
• Demonstrates experience of building, maintaining, and influencing relationships with a range of internal and external stakeholders
• Good facilitation and negotiation skills – ability to influence teams, stakeholders and individuals and motivate them 
• Innovative thinking, self-starter and drive to be successful and complete is a key requirement for this position; needs to probe and follow through
• Ability to extract and summarise information such as learnings from exercises and incidents for Senior Stakeholders and other colleagues 
• Ability to attain Security Clearance at CTC or higher (e.g., SC, DV) Experience of working with Operational Technology (OT) Security and understanding of the 
  challenges and opportunities in linking with OT Security with a compliance regime

Ideally, you'll also have:

• Experience of Cyber Security and/or Security within Critical National Infrastructure
• Experience of airport processes, systems, and information and/or experience of cyber security within Critical National Infrastructure Knowledge of Microsoft Technology stacks (including Active Directory, Sentinel/Defender, and SharePoint Experience of working with Operational Technology (OT) Security and understanding of the challenges and opportunities in an incident involving OT Knowledge or awareness of Microsoft BI stack like Power Pivot, SSRS, SSAS

#LI-RH1

#LI-Hybrid

There’s something so special about working at the world’s most iconic airport. Its sights. Its sounds. Its constant air of excitement. Heathrow is an amazing backdrop to a career filled with unique opportunities.

Every day, you’ll discover a world full of fresh possibilities and end the day buzzing with stories to tell, as you encounter people from all cultures, nationalities and experiences. A world full of pride for what we do and no end of exciting career prospects to explore.

It brings out the best in all of us. And inspires everyone to deliver on our ambitious plans. Together, we’re working to welcome millions more passengers while ensuring aviation can continue to be a force for good by leading global efforts in sustainability.

Join us on that journey and we'll help you achieve your ambitions too. Supporting you to learn, encouraging you to be yourself, backing you to achieve more than you might ever have imagined. Because there’s no place like Heathrow. 

Our rewards

We offer competitive salaries and excellent benefits that will support you now and in the future. As well as performance-based annual bonuses and our longer-term Share in Success Bonus plans, we also offer generous annual leave allowances and market-leading pensions. With family friendly policies, access to private health insurance and a wide range of wellbeing tools, we’ll support you to be at your best inside and outside work. And of course, we’ll provide varied learning and development opportunities too. Here you’ll find everything you need for a fulfilling career journey that can take you in exciting directions. 

Working Location

Our Hybrid working approach offers the opportunity for colleagues in some roles to work from home for an average of two days a week, providing the flexibility to work in an agile way whilst ensuring we deliver for the operational needs of Heathrow.  Working arrangements vary from team to team and will be confirmed during the recruitment process. You’ll need to be based in the UK and within a commutable distance to Heathrow. 

Sustainable Travel to work

Heathrow’s Sustainable Travel Guide sets out easy and sustainable travel options that everyone can access.
 
Equal Opportunities

As an equal opportunities employer, we encourage applications from all. We believe that diverse talent makes us stronger – not least because we welcome passengers from all corners of the globe, every single day. Heathrow is an accessible place to work. With five diversity networks, we champion inclusivity and celebrate individuality.