Security Analyst at KFC

WHAT WILL YOU SPEND YOUR TIME DOING?

Security Operations & Management (30%)

• Contribute to, maintain, and enforce security policies, procedures, and standards.
• Oversee security risk assessments, vulnerability scans, and penetration tests.
• Monitor and triage security alerts from SIEM/EDR tools; investigate events, determine root cause analysis, and coordinate remediation.
• Coordinate with IT teams to implement technical safeguards, including firewalls, encryption, identity and access controls.
• Progress awareness programs to educate employees on security best practices.

Governance, Risk & Compliance (30%)

• Produce periodic risk reports and dashboards for leadership, highlighting trends, key risks, and recommended mitigations.
• Assist in policy/procedure development, secure baselines, and compliance evidence collection for audits.
• Contribute to risk assessments (systems, projects, suppliers), translating technical issues into business risk statements with likelihood/impact.
• Support control design and testing aligned to frameworks (ISO 27001 Annex A, NIST CSF, CIS Controls) and regulatory obligations (e.g., GDPR; PCI DSS if in scope).
• Hold clear authority to challenge priorities, influence sequencing of investment, and recommend funding decisions at enterprise level

Incident Response & Readiness (20%)

• Participate in incident response (IR) lifecycle: detection, analysis, containment, eradication, recovery, lessons learned.
• Maintain IR playbooks and run tabletop exercises; drive post-incident improvements and control tuning.

Vulnerability & Patch Management (20%)

• Own scheduled vulnerability scans; analyze findings, assign risk scores, and produce remediation plans in partnership with Infrastructure/tech teams.
• Track patching SLAs, exceptions, and compensating controls; measure and report progress against risk-based targets.
• Validate remediation through rescanning and regression checks

Working relationships:

• Cross functional teams within technology; this includes making them clear on the security standards in relation to the products they own and making sure any suppliers they managed are clear on expectations.
• Wider business teams: this includes awareness on security posture and best practice, including items such as password behaviour, device control and application screen (onboarding of SaaS solutions etc).
• Global teams; includes working with our Yum! partners to ensure global compliance, trends and alignment, directly with audit but indirectly with strategy and alignment to new process/tools.

WHAT WE LOVE FROM YOU: 

Education/Certifications 

• Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent practical experience).
• Relevant certifications (one or more strongly preferred): CompTIA Security+, CySA+, SSCP, GIAC (e.g., GSEC/GCIH), AZ-500, MS-500, CCSK/CCSP, ISO 27001.

Experience 

• Solid experience in a security analyst or similar role within IT security operations.
• Hands-on experience with vulnerability management (scanning, analysis, and remediation coordination).
• Practical experience with endpoint security/EDR and SIEM alert triage and incident remediation.
• Demonstrated ability to produce risk reports and drive risk mitigation actions with cross-functional teams.
• Exposure to incident response and security testing (e.g., assisting with pen tests, red team findings, or threat modeling).
• Familiarity with industry standards controls and regulations (e.g., NIST, CIS, GDPR, HIPAA).
• Familiarity with Directory Services (Active Directory and Entra ID) with emphasis on security.
• Good communication skills and the ability to collaborate effectively with diverse teams.

Knowledge and Expertise 

• Risk & Compliance: Solid understanding of risk assessment methodologies, control frameworks (ISO 27001, NIST CSF, CIS Controls), and regulatory basics (GDPR; PCI DSS).
• Security Controls: Network, endpoint, identity, data protection, secure configuration, and logging/monitoring fundamentals.
• Cloud & Modern IT: Working knowledge of security in Microsoft 365, Azure (IAM, Conditional Access, Defender suite), and common SaaS platforms.
• Threat Landscape: Awareness of common attack vectors (phishing, ransomware, privilege misuse, misconfiguration) and defense-in-depth strategies.

Skills 

• Analytical & Detail-Oriented: Keen eye for anomalies; precise documentation and follow-through.
• Communication: Clear written and verbal communication—translating technical detail into business-friendly risk insights.
• Collaboration: Works well with Infrastructure, Application, and Business teams; influences without authority.
• Self-Motivation: Proactive ownership; drives tasks to completion with minimal supervision.
• Process Discipline: Organizes workload, meets deadlines, and adheres to SLAs and standards.
• Ethics & Confidentiality: Handles sensitive information with discretion and integrity.