Information Security Analyst

As an Information Security Analyst, you serve as a digital guardian for the organisation, protecting critical information assets and systems from cyber threats. You are part of the Governance, Risk & Compliance team, and report to the Compliance & Information Security Manager. Our team works alongside other parts of the business to carry out audits, compliance continual improvements, investigations and risk assessments. Your role is critical in maintaining security measures that safeguard sensitive data, ensure business continuity, and maintain stakeholder trust. You act as both a strategic advisor and hands-on practitioner, translating complex security concepts into actionable business solutions while staying ahead of an ever-evolving threat landscape.

• Maintain and support the internal audit schedule and requirements for all QC required frameworks using the GRC platform and planning tool to ensure security controls are in place and operating effectively
• Assist in the external audit process and support any development or implementation of remediation required
• Participate in the review, update and validation of our Policies, Procedures and Documentation, ensuring accuracy with current policy and changes in frameworks and regulatory requirements
• Be a trusted point of contact for reported issues, incidents or concerns and document them according to due process (NCL)
• Maintain the data incident reporting log, ensuring each incident is fully investigated and taking the necessary actions when required
• Maintain the TPRM process and Vendor Assurance records in the GRC platform with appropriate risk assessments to highlight any potential risk areas to the business using technical acumen and knowledge relevant to the vendor
• Support the review of our internal vulnerability management lifecycle by monitoring the tools and ensuring KPI's are reported and met
• Be a trusted advisor to Compliance's customers, answering questions that come through the Compliance mailbox and other sources about our current frameworks and certifications as well as best practice, participate in projects as and when required
• Provide Security Awareness Training in line with programs and tooling
• Keep up to date with knowledge of new technologies and their governance as well as legislative changes relevant to data protection in our geographic locations