Information Security Analyst

An exciting opportunity within the General Counsel & Risk team as part of our global Information Security team.

The individual will work closely with the UK, Australia and US-based teams in the following primary areas of responsibility, focusing on the UK and EMEA offices.

• Client information requests (security questionnaires, contract terms etc.)
• External certification audits
• Client site audits

• Preparing new and existing business units for certification/audit.
• Collating metrics in support of governance and continual improvement.
• Risk assessing new ways of working, alongside the Risk and IT teams.
• Assessing compliance with client-specific security requirements within the legal teams.
• Managing the ISMS tools, documentation and trackers.
• Supporting internal security audit activities.

• Investigate and manage DLP alerts and user behaviour anomalies, escalating as needed.
• Support incident response for phishing, impersonation scams, and other security events.
• Assist with API integration projects to enhance security workflows (e.g., ServiceNow integrations).

• Deliver and monitor phishing simulation campaigns, producing reports and insights.
• Contribute to security communications and awareness programs across the firm.

• Participate in onboarding new security technologies such as Data Security Posture Management (DSPM).
• Engage with AI Risk and Governance discussions to support emerging technology adoption.

• Build strong relationships with IT, Risk, HR, and legal teams to embed security into business processes
• Provide practical security advice to internal stakeholders.

Please note this role is concerned with governance, risk and compliance elements of general information security; it is not a technical IT/Cyber Security role albeit a strong appreciation of IT and IT/Cyber Security concepts is required for this role to be successful.

• Degree educated (technical degree or similar).
• We would expect the successful candidate to have around three years' experience in information security but may consider those with less experience providing they can demonstrate they meet the required competencies.
• Strong knowledge of ISO 27001 implementation and certification.
• Power BI analytics and reporting.
• One or more of the following desired - MSc in security or similar; CISSP; CISA/CISM; ISO 27001 Lead Auditor.
• Professional Services experience preferable.
• Adaptable, diligent and works with initiative.
• Strong relationship builder - internal and external.
• Familiarity with security tools and systems would be advantageous (e.g., Email DLP, UEBA, phishing simulation).
• Experience working as part of a global team.

General Counsel and Risk

Full time

London

Permanent Contract

We are committed to attracting people from all backgrounds and creating a respectful and inclusive culture where everyone thrives. We see this as essential to our success, including our ability to innovate and achieve sustained high performance. This is a key part of our Values-Human, Bold, and Outstanding.