Information Security Analyst

Upto £57,500 + Enterprise Benefits (Life Ins/Medical/Pension)

Fully Remote (UK only)

***Please Note: NOT A CYBER SEC TECHNICAL ROLE***

Be part of their high-growth Information Security plans as they build the team to x4.

Cloud Decisions has partnered with one of the UK’s most exciting enterprise technology transformations: a £multi-billion, employee-owned group, one of the top 10 largest employee-owned businesses in the UK, and a major global player in insurance across 100+ countries.

Following acquisitions and ongoing digital modernization and compliance efforts, they’re hiring an Information Security Assurance Analyst who understands Controls & Compliance with security regulations and standards. The role involves working in a small, high-trust team, working autonomously to build their InfoSec capability to ensure regulatory compliance, information security maturity, and readiness for audits, tenders, or risk reviews.

Control/Compliance Assessment Duties:

• Schedule and Coordinate Assessments: Organize control assessments with control owners, asset custodians, and third parties.
• Evaluate Controls: Assess the design and effectiveness of security controls against policies, standards, and procedures.
• Documentation Maintenance: Keep documentation of assessments and remediation activities up to date.
• Organise Control Evidence: Ensure control evidence is well-organized and accessible.
• Notify Deviations: Notify relevant parties of process deviations to inform the Security team.
• Risk Analysis Reports: Write reports on the impact of control deficiencies on risks.
• Communicate Findings: Share issues with Security leadership clearly.
• Dashboard and Reporting Input: Update dashboards and reporting databases.
• System Security Plans (SSPs): Support documentation of security requirements for systems, including controls testing and ongoing monitoring.

Compliance/Control Improvement Duties:

• Update Processes: Coordinate updates for business process gaps.
• Enhance Procedures: Help document and improve procedures, including testing controls.
• Propose Enhancements: Recommend improvements to controls and procedures.
• Reporting Support: Assist with control assessment reports.

Audit/Assessment Duties:

• Third-Party Due Diligence: Manage due diligence requests and document deficiencies.
• Audit Preparation and Support: Prepare for audits by collecting evidence and addressing findings.

InfoSec Effectiveness - Collaboration/Continuous Improvement:

• Continuous Improvement: Identify and implement process improvements.
• Training and Development: Support training on assessment methodologies.
• Vendor Management: Ensure vendors have BCDR plans and conduct assessments.

Knowledge of DORA, PCDSS, SARBOX is beneficial but not essential.