Information Security Analyst
6 Month contract role
Remote
Pay: up to 600 a day
Inside IR35
Key Skills: Vendor assessment
Main duties/responsibilities:
- Perform comprehensive third-party supplier information security due diligence assessments in a timely manner, report on results and recommend remediation actions
- Perform information security risk assessment and management activities
- Support corporate compliance with the General Data Protection Regulation (GDPR) from an Information Security Perspective.
- Support the audit and gap analysis of existing IT and business policies, processes and procedures for compliance with GDPR requirements and IT/Information Security Control framework
- Support the creation, implementation and maintenance of IT/Information Security standards, policies, processes and procedures in accordance with the IT/Information Security Control framework
- Develop and execute Information Security remediation plans in conjunction with relevant internal and external stakeholders/groups to agreed timescales.
- Monitoring, analysing and reporting on information security-based management metrics.
- Support information security audit processes.
- Maintain awareness of new and changed security threats through review of specialist sites such as NCSC, CERT, etc
- Managing the Information Security Awareness Training Program to ensure all employees develop and maintain an awareness about and comply will all applicable Information Security policies, procedures, laws and regulations.
- Key member of EIT Incident & GDPR Breach response teams.
- Provide Information Security advice and guidance for EMEA business activities and projects
- Collaborate with Global and Regional Compliance and Information Security team on Information Security and Data Privacy initiatives and events as required.
- Any other IT/Information Security tasks as requested by Manager or Director.
Experience required:
- Demonstrated experience in an IT Security / Governance, Risk and Compliance based role.
- Demonstrated experience of information security management
- Experience of working to, implementing and maintaining compliance with ISO/IEC-27001 and other relevant frameworks (e.g. Cyber essentials, NIST).
- Knowledge & experience of developing and conducting risk assessments/business impact assessments.
- Knowledge & experience of developing and performing information security due diligence assessments of third-party organisations based on IT control frameworks such as ISO 27001.
- Practical experience of developing and executing remediation plans to address vulnerabilities/security risks and to achieve compliance with Information Security standards/IT control frameworks such as ISO 27001.
- Experience of audit work to achieve compliance with Information Security standards.
- Experience in implementing and managing effective ISMS controls such as incident response and business continuity
- Experience of working with external service providers within an Information Security role.
- Good knowledge of a broad range of IT technology platforms, products, services.
- Stakeholder management experience at both a technical and non-technical level
- Business/customer facing experience.
- Proven track record of working both in a team and independently.
If you are interested please apply or send your CV to