Information Security Analyst

We are looking for an Information Security Analyst to join Nucleus Financial in a new role adding to the team.

As an Information Security Analyst, you'll play a pivotal role in strengthening Nucleus Group information security posture. You'll support the development and execution of risk management strategies, collaborate across departments & group entities as well as third-party partners, and contribute to the continuous improvement of our security capabilities. While not a people leader, you'll collaborate across all levels to achieve a common goal taking ownership of key initiatives that demonstrate our commitment to being a trusted partner.

You'll help shape how we assess, report, and improve our security maturity, using frameworks like NIST CSF, CIS CSAT, ISO27001, or Cyber Essentials+. You'll also support audit and regulatory engagements, lead tabletop exercises, and contribute to the development, testing and reporting of security policies and training.

• Collaborate with teams to document and assess security control designs and effectiveness in operation
• Lead tabletop exercises and threat modelling sessions
• Support and guide other information security colleagues in day-to-day tasks and development
• Contribute to the development and delivery of security training and awareness programs
• Assist in managing intra-group risks and reporting, vendor risk assessments and due diligence
• Maintain and improve structured reporting and audit trails
• Support the development of continuous improvement plans
• Engage with auditors, regulators, and internal stakeholders to demonstrate security capabilities
• Help maintain the information security policy suite
• Contribute to the oversight of critical outsource partners
• Work with Security Operations and Application Security to define and refine security management standards

You're a detail-oriented, proactive professional who thrives in a collaborative environment. You will be inquisitive by nature and be familiar with the need to trust but verify. You enjoy mentoring others, solving complex problems, and turning technical insights into clear, actionable outcomes. You're comfortable working independently but also know when to escalate or collaborate.

• Strong understanding of information security risk management and ISMS principles
• Strong understanding of information security controls management within software development lifecycles
• Experience with NIST CSF, CIS CSAT, ISO27001, or Cyber Essentials+
• Ability to conduct threat modelling and maturity assessments
• Experience supporting audits and regulatory reviews
• Familiarity with vendor risk management and supply chain security
• Excellent communication and documentation skills
• Comfortable using tools like Jira, Confluence, and Microsoft 365
• Experience in financial services or other regulated environments preferred
• Demonstrated ability to effectively communicate security concepts and educate key stakeholders
• Strong organisational skills and attention to detail

A little about us
Our purpose at Nucleus is to help make retirement more rewarding, with a vision to build the best retirement-focused platform in the UK. It is this purpose that drives everything we do. Whether you are working in a role that is customer-facing or not, you'll need to be service-obsessed to work here.

It's a fast paced and exciting environment, and one where we believe you will get the chance to fulfil your potential and do work that really matters, to you and our customers. We believe in you having your own chunk of responsibility and being trusted to make things happen.

Nucleus' culture is something our people believe sets us apart from other places they've worked. This short film gives you an insight into what it is like to work with us.

Inclusion and diversity at Nucleus

As with most things in life, who cares, wins. We really care about inclusion.

For us this is not a box-ticking thing, it's a commercial imperative. It isn't about being PC. It's about being future-relevant and durable. Find out more on our inclusion page.

We offer a generous blend of benefits for the things that really matter to our people, including pension, bonus, enhanced parental leave, paid time off for emergencies, health and wellbeing initiatives and flexible working options.