Information Security Analyst

Information Security Analyst

6 Month contract role

Remote

Pay: up to 600 a day

Inside IR35

Key Skills: Vendor assessment

Main duties/responsibilities:

1. Perform comprehensive third-party supplier information security due diligence assessments in a timely manner, report on results and recommend remediation actions
2. Perform information security risk assessment and management activities
3. Support corporate compliance with the General Data Protection Regulation (GDPR) from an Information Security Perspective.
4. Support the audit and gap analysis of existing IT and business policies, processes and procedures for compliance with GDPR requirements and IT/Information Security Control framework
5. Support the creation, implementation and maintenance of IT/Information Security standards, policies, processes and procedures in accordance with the IT/Information Security Control framework
6. Develop and execute Information Security remediation plans in conjunction with relevant internal and external stakeholders/groups to agreed timescales.
7. Monitoring, analysing and reporting on information security-based management metrics.
8. Support information security audit processes.
9. Maintain awareness of new and changed security threats through review of specialist sites such as NCSC, CERT, etc
10. Managing the Information Security Awareness Training Program to ensure all employees develop and maintain an awareness about and comply will all applicable Information Security policies, procedures, laws and regulations.
11. Key member of EIT Incident & GDPR Breach response teams.
12. Provide Information Security advice and guidance for EMEA business activities and projects
13. Collaborate with Global and Regional Compliance and Information Security team on Information Security and Data Privacy initiatives and events as required.
14. Any other IT/Information Security tasks as requested by Manager or Director.

Experience required:

• Demonstrated experience in an IT Security / Governance, Risk and Compliance based role.
• Demonstrated experience of information security management
• Experience of working to, implementing and maintaining compliance with ISO/IEC-27001 and other relevant frameworks (e.g. Cyber essentials, NIST).
• Knowledge & experience of developing and conducting risk assessments/business impact assessments.
• Knowledge & experience of developing and performing information security due diligence assessments of third-party organisations based on IT control frameworks such as ISO 27001.
• Practical experience of developing and executing remediation plans to address vulnerabilities/security risks and to achieve compliance with Information Security standards/IT control frameworks such as ISO 27001.
• Experience of audit work to achieve compliance with Information Security standards.
• Experience in implementing and managing effective ISMS controls such as incident response and business continuity
• Experience of working with external service providers within an Information Security role.
• Good knowledge of a broad range of IT technology platforms, products, services.
• Stakeholder management experience at both a technical and non-technical level
• Business/customer facing experience.
• Proven track record of working both in a team and independently.

If you are interested please apply or send your CV to