Group Information Security Analyst

Location Birmingham
Contact name: Jonathan Savage

Contact email:
Job ref: 079439
Published: about 1 month ago

The Group Information Security Team is responsible for developing and managing technology solutions, services and processes that apply across all Grafton business units to reduce information security risk. The Group Information Security Analyst is a primary contributor to the design, implementation and maintenance of Grafton Group’s information security and data protection technology solutions, services, and processes, to ensure that information security risks are effectively managed, in line with business objectives, strategy and risk appetite. The role holder will work to improve information security controls in the business, adapting as new security threats emerge and the threat landscape evolves, to reduce the risk of losses to the business.

The role holder will provide security knowledge, and technical input, to projects of varying scale across technology and related process disciplines, with the focus expected to be in following areas:

*         Implementation of security controls. This will include controls which are provided centrally such as phishing simulations and supporting Grafton subsidiaries in implementing and managing controls locally.

*         Handling tickets raised in ITSM and Incident Management Portals and escalating to Information Security Specialists as required.

*         Implementation and operation of information security processes such as incident response, alerting and monitoring, and third-party security assessments.

*         Working with subsidiaries to ensure that security tooling provided by group (for example EDR) is working correctly and implemented fully.

*         Designing and organising security testing, e.g., penetration testing or other technical control testing, working with third parties to execute testing where necessary.

*         Provide consultancy, advice, and support to Grafton subsidiaries on their management of controls and compliance to the information security framework.

*         Administration of security tooling provided as a shared service to subsidiaries.

*         Completion of daily, weekly, and monthly checks to ensure health and optimisation of systems.

The role holder will be a resourceful, self-motivated individual who is comfortable getting things done in matrix structures. They will have the opportunity to both shape and deliver projects and solutions. They will be expected to apply information security and data protection best practices with pragmatism and common sense.

Key Responsibilities

*           Maintenance of information security technical controls across all Grafton subsidiaries, such as EDR, vulnerability scanning, and security event management. This will include innovative technology solutions to enhance Grafton’s security posture against the rapidly evolving cyber threat landscape.

*           Support security reviews of third parties who provide IT solutions and/or process data for Grafton Group.

*           Implementing and overseeing ‘first line of defence’ security operation controls, including access control, security event monitoring, patch management, endpoint threat detection, data leakage prevention.

*           Participate in the information security incident management process, including contributing to process enhancements when needed.

*           Work closely with Group and business unit IT teams to ensure appropriate information security and data protection controls are embedded within projects.

*           Perform technical analysis and compliance reporting against appropriate control frameworks and international standards.

*           Providing information security technical consultancy across all Grafton business units and support them in complying with Grafton security standards and the Information Security Framework.

*           Organise technical security testing including penetration testing.



*         Knowledge of implementing security technology controls, secure configurations, and implementation of security projects.

*         Excellent written and oral communication skills, with the ability to effectively communicate at all levels of the organisation.

*         Build and maintain strong, collaborative relationships with technical and non-technical stakeholders

*         Ability to carry out high-quality data analysis and formal report writing.

*         Practical knowledge of information security risks management, controls and frameworks (e.g. NIST and PCI-DSS).

*         Passion for information security and supporting the business in reducing risk, with a proactive attitude toward maintaining up-to-date knowledge.

*         Knowledge of IT systems, networking principles and associated technology-based security controls.

*         Knowledge of logical access control management and administration.

*         Broad knowledge of GDPR and PCI DSS.

*         High level of personal and professional integrity.


*         Knowledge of data protection and information security standards and processes, and delivery of information security projects.

*         Experience in delivering security projects relating to Microsoft technologies, including Office 365 security, Azure cloud services security

*         Experience of security incident handing and response.

*         Knowledge of technical architecture principles, frameworks, and best practices.

*         Knowledge of cloud computing and the associated security and control considerations.

*         Subject matter expertise across the following technologies:

o   TCP/IP, LAN and WAN networking.

o   Network Security (e.g. firewalling, IPS).

o   Server operating systems and hardening techniques.

o   Endpoint security and EDR

o   Virtualisation and thin-client products.

o   SIEM / SOAR and vulnerability management tools.

o   Data loss protection technology


Key Behaviours

Thinking Things Through

         Problem Solving*: Getting to the root cause of problems and coming up with practical, commercial solutions.

         Business & Customer Focus*: Works consistently in the best interests of customers and the business.

Delivering Results

         Taking responsibility for results*: Making things happen, going the extra mile to drive performance and standards. Proactively intervenes to maintain the integrity of information security practices.

Engaging Others

         Skilful Communication*: Communicating information clearly, openly and persuasively.

         Relationship Building*: Building positive relationships with colleagues and customers through respect, listening and teamwork.

Adapting to Change

         Flexibility*: Updating skills and knowledge by assessing industry best practice, creating and maintaining relationships with colleagues, suppliers and partners, and responding positively to change.

         Resilience*: Demonstrating calmness, confidence and perseverance in demanding situations.


         Creating a virtual Team:* Builds a high performing virtual team working with colleagues across the Group, providing clarity of direction and making the most of the collective strengths of the team.

         Managing change:* Helping others to embrace change and implement it successfully.

Suitable for someone who is‿

*         Happy to work under their own steam and is comfortable working across multiple projects with multiple stakeholders.

*         Resourceful and innovative, and disciplined to get the job done.

*         Comfortable working at all organisational levels to drive real change and improvement.

*         Has a good broad understanding of IT landscapes combined with the ability to manage the human aspects of delivering technology change.

At Grafton, we pride ourselves in our people and put diversity, equality and inclusion at the forefront of our recruitment process. We realise how important and valuable it is to have a diverse workforce and of the benefits that this brings.

We place great importance on the communities that we operate in. We undertake many local community and charitable support projects and have high levels of longevity within our Teams. We are keen to hear from candidates who are proud to work for a socially responsible company.

We also have many sustainability initiatives on our roadmap to ensure we are operating in ways that are environmentally and socially aware.

We are keen to hear from candidates who share in these values, who are keen to build a career that can grow and develop with our support over time and who have a passion for making a difference.

We also realised that no candidate will meet every single desired qualification on our job requirements so even if your experience looks a little different from what we have identified and you think you can bring value to the role, we would love to learn more about you.

Company Overview:

Grafton Group is an international business that distributes building materials to tradespeople in the UK, Ireland, Netherlands and Finland and operates in the DIY, Home and Garden retailing market in Ireland.

We also manufacture dry mortar and staircases in the UK. We are a FTSE 250 listed business and what we do is central to the building, construction and renovation industries across Europe creating the places that we live, work and play and working collaboratively to make this industry more sustainable.