IT Security Analyst

POSITION DESCRIPTION

**Position Title**: IT Security Analyst Business Unit: BAPCOR Department: IT Location: Mount Waverley, VIC Reports to: CISO Date: Developed by: Head of Cyber Security Approved by:
The Position

Business Background Bapcor Limited is Asia Pacific’s leading provider of vehicle parts, accessories, equipment, service, and solutions, owning businesses spanning trade, specialist wholesale, and retail with over 1,100 locations and employing approximately 5,000 team members across Australia, New Zealand, and Asia.

We take takes pride in developing a specialist and knowledgeable team, culture and capability, with an unrelenting focus on excellence in customer service.

**Position Scope Direct reports**: None Indirect reports: None Revenue/ budget: Annual Determination Facilities/ assets: Annual Determination Other: Leadership level: Individual contributor

Key Accountabilities - Role
- The analyst will be the main contributor to the CSIRT (Cyber Security Incident Response Team)Monitor and investigate security events, incidents and breaches, conduct root cause analysis, and report

post-incident.Plan and recommend security measures and controls.Able to research and evaluate emerging cyber security threats and ways to manage them.Keep up-to-date with the latest threats, track common vulnerabilities and exposures (CVE) based security

threats, map to internal controls, provide recommendations and support any remediation plans.Proactively identify security flaws and vulnerabilities, both internal and external.Recommend and enforce corporate security policies.Map security practices to regulatory controls (NIST, Essential 8, PCI DSS Standards).Contribute and support periodic penetration tests cyber audits and conduct other security reviews, with

the security team, vendors and consultants.Evaluation and assessment of production Changes from a security standpoint protecting Bapcor from

threats to data, processes and infrastructure including software and Operational Technology (OT).Support and review protective security controls to cover the company’s Data Loss Prevention (DLP),

Security Information and Event Management (SIEM), Web Application Firewalls (WAF),DAR/DIM protection, Network Access Control (NAC), Identity and Privileged Access Management
- Conduct proactive monitoring, investigation and report mitigation required from security incidentsEnsure compliance with all relevant IT Security and related policies

On offer is a rare opportunity to sharpen your cybersecurity skills across a number of cyber domains while working in a global business that values diversity, creativity, and encourages professional development.

**Key relationships Internal**: External: IT management and team leaders Application Vendors Business Services Stakeholders Infrastructure Vendors Business leaders and power users of systems Penetration test and external auditors

Key challenges of the position
- Ensuring appropriate priority is given to UARs by business and IT stakeholdersFollowing up with business and IT stakeholders to ensure actions are carried outSupport Cybersecurity Incident Response processes and activitiesEnsure preventative security controls are in place to minimise the risk of internal/external security threats

Organisational Chart

The Person

**Qualifications**: Degree Qualified or IT Certifications Experience: 3+ years experience in IT security-related roles 3+ years of experience with vulnerability management, incident detection

and response Experienced with ISO27001, NIST CSF, Essential 8, or similar frameworks Ability to read and write reporting scripts (PowerShell) Experience supporting retail & wholesale environments - Desirable Skills and competencies: (basic/ Identity and Access Management - Intermediate intermediate/ advanced) Security incident response - Intermediate SIEMs - Setting up alerts, Searches and Dashboards - Intermediate Penetration Testing - Intermediate Networking (DNS, DHCP, TCP/IP) - Intermediate Microsoft Exchange - Intermediate Security Tools - such as Zscaler (Proxy), CrowdStrike (endpoint protection),

We are in it Together We get it done

CISO

CTO

IT Security Analyst

We do the Right Thing