Information Security Analyst – Malta

­Job Title: Information Security Analyst                                   Start Date: ASAP

Department: Operational Support                                            Location: Zejtun-Mt

Reports To: Senior Operational Support Manager                Employment: Full-time Perm

 

Summary

This role is primarily responsible for

  • Supporting compliance against ISO27001, GDPR, NIST, CIS as well as other industry specific standards and regulations such as electronic Identification, Authentication and trust Services (eIDAS), European Telecommunications Standards Institute (ETSI)
  • Performing business processes, operational and regulatory gap analysis and risk assessments, ensuring proper audit evidence collection
  • Assist in the development, implementation, and periodic review of information security policies, standards, procedures, and guidelines to ensure compliance and best practices.
  • Monitor and analyze security logs and alerts from the Security Information and Event Management (SIEM) system to detect and respond to potential threats.
  • Review and interpret results from infrastructure and application vulnerability assessments and penetration tests, recommending appropriate remediation actions.
  • Operate, maintain, and optimize various cybersecurity tools and technologies to support the organization’s security operations.
  • Advising the support teams on IT and Information Security matters, and contributing to solution design, information security control effectiveness evaluations and recommendations.
  • Supporting the operation of the systems from an Information Security perspective performing the security officer role within the data centers (secure zone and high secure zone) ensuring information security is maintained and the policies/procedures are followed.

 

Duties and Responsibilities include but are not limited to the following:

 

Threat Detection & Incident Response

  • Manage and monitor security incidents throughout their lifecycle using the service management tool, ensuring timely resolution and documentation.
  • Analyze and maintain data integrity within the SIEM, ensuring comprehensive threat detection and response.
  • Identify, implement, operate, and continuously improve security tools and technologies.
  • Conduct regular vulnerability and compliance scans, and support remediation efforts.

Risk Management & Compliance

  • Generate and present security metrics, risk assessments, executive summaries, and remediation plans for internal and external stakeholders.
  • Conduct third-party risk assessments and support remediation planning.
  • Travel domestically and internationally to conduct or support audits and inspections as required.
  • Develop, maintain, and enforce security policies, standards, procedures, and guidelines across all environments.
  • Manage and oversee the document management system and specific contractual requirements.
  • Continuously assess and mitigate IT and information security risks.
  • Lead internal audits and support external audits (e.g., eIDAS, ISO27001), ensuring readiness and compliance.
  • Ensure proper collection and control of audit and assurance evidence.
  • Monitor compliance with security policies among employees, contractors, and third parties, taking corrective action when necessary.

Training & Awareness

  • Promote information security awareness across the organization through training and engagement initiatives.
  • Serve as a Subject Matter Expert (SME) in Public Key Infrastructure (PKI) and eIDAS compliance.

Solution Security Support & Operations

  • Fulfill the duties of a Security Officer Trusted Role, including credential management and participation in key ceremonies. This may consist of up to 50% of the time.
  • Track and report on emerging security threats, coordinating response and remediation with internal teams.
  • Manage and report remedial actions implementations and status, monitoring new requirements and tracking established processes using registers, automated scripts etc.
  • Lead with the DRP planning and associated testing, ensuring in the event of a disaster rebuild and recovery of the system/services can be met within the contracted timeframes.
  • Provide expert advice to operations teams on IT and information security matters, contributing to secure solution design.
  • Participate in the Release, Control, and Validation process for new software and hardware via formal change management.

 

  • Other duties as assigned

 

Qualifications and Experience

  • Higher level education in IT or a related degree. Or in the absence of a relevant degree an additional 5 years’ experience in addition to the years of proven experience listed below.
  • 3+ years of experience in information security risk and compliance, or a hands-on role within an IT infrastructure background.
  • Familiarity with Information Security Management Systems, control frameworks (ISO 27001, NIST CSF) and related risk assessment methodologies
  • General knowledge of enterprise network and systems architecture concepts and technologies, including but not limited to enterprise directory, enterprise integration architecture, identity and access management
  • CISM / CISA / CISSP Qualifications desirable

 

Expectations

  • Depth of knowledge and ability to be able to withstand technical challenges on views and understanding regarding IT security and infrastructure design, but also able to incorporate others’ views and ideas to improve their own understanding and solutions proposed.
  • Maintaining a strong understanding of relevant IT platforms, software, network design, and hardware.
  • Demonstrates integrity, professionalism, and diligence in all tasks.
  • Strong team player with excellent interpersonal and organizational skills.
  • Communicates effectively and collaborates well in distributed team environments.
  • Maintains a positive attitude and a willingness to share knowledge and support others.
  • Open to continuous learning and personal growth.
  • Comfortable making informed decisions in ambiguous or evolving situations.
  • Adopts a flexible approach to location and working hours.

 

Work Environment

  • The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
  • Work is split between data centre(s) and an office environment, within a well-ventilated area, and is exposed to moderate noise levels.

 

Work Requirements

  • Compliance with all relevant Toppan Security policies and procedures related to Quality, Security, Safety, Business Continuity, and Environmental systems.
  • Uphold company values and policies, including those related to ethics, safety, and conduct
  • Requires MCCAA clearance (Clearance requires a candidate to be an EU Citizen or has been regularly working within the EU for the past 5 years).
  • Travel for work in Data Centers or customer sites will be required also to support operations within the required timeframes as per customer Service Level Agreements (SLAs).
  • Should be able to accommodate slight changes in working hours with occasional planned work over weekends for specific high priority project deliverables, or major incident support.
  • Occasional International travel may be required. Therefore, employees should have valid travel documents and be able to acquire a valid US VISA.
Job Category: IT
Job Type: Full Time
Job Location: Malta

Apply for this position

Allowed Type(s): .pdf, .doc, .docx