Enable job alerts via email!
Information Security Analyst
JR United Kingdom
Leicester
On-site
GBP 40,000 - 60,000
Full time
Job summary
A leading security consulting firm is seeking a GRC Analyst based in Hybrid roles in Coventry with travel to London. The candidate will play a key role in supporting ISO27001 and SOC2 governance while engaging in third-party risk assessments and compliance tooling operations. Essential qualifications include 3+ years in an InfoSec role and relevant security certifications. This role offers significant impact in a collaborative team environment.
Benefits
Qualifications
- 3+ years in an InfoSec or IT security role within a regulated or financial firm.
- Able to interpret risk frameworks and engage stakeholders.
- Comfortable with security tooling and metrics-driven reporting.
Responsibilities
- Support ISO27001 & SOC2 governance and remediation tracking.
- Conduct third-party risk assessments aligned to regulatory frameworks.
- Drive phishing simulations and curate internal content.
Skills
Tools
Social network you want to login/join with:
- Hybrid in Coventry with monthly travel to London
- Security certification support & career development built-in
Help shape a high-stakes security program as a hands-on GRC Analyst supporting a global financial institution’s banking expansion. You’ll be central to their mission of scaling a modern InfoSec environment, balancing regulatory rigor, ethical standards and BAU resilience.
You’ll focus on third-party security assessments, metrics reporting, and supporting certification frameworks including ISO27001 and SOC2. Expect close collaboration across risk, technology and compliance stakeholders. All while operating at pace, with visibility and trust from the top down.
What you’ll bring:
- 3+ years in an InfoSec or IT security role within a regulated or financial firm
- Security certifications: SSCP, Security+, or equivalent
- Strong GRC foundation: Able to interpret risk frameworks and speak the language of ISO, SOC2, NIST, etc.
- Comfortable with security tooling and metrics-driven reporting
- Confident communicator: Translate acronyms into action, and engage stakeholders with clarity and purpose
- Ethical mindset: understand when to escalate, when to challenge, and how to own your area
What you’ll be doing:
- ISO27001 & SOC2 governance: day-to-day support of the ISMS, remediation tracking, risk reviews
- Third-party risk assessments: conduct supplier security reviews aligned to appetite and regulatory frameworks
- Security awareness training: drive phishing simulations and curate internal content via Proofpoint
- BAU InfoSec operations: ticket triage, KPI reporting, risk dashboards, vulnerability and patch monitoring
- Compliance tooling: operate and report using platforms like Protecht, Panorays, Rapid7, and Armis
- Banking enablement: keyInfoSec input into a major new market launch
- Panorays – Third-party risk management
- Rapid7, Armis – Vulnerability & asset visibility
- Proofpoint – Phishing simulations and awareness content
- Microsoft Purview – Data governance and policy enforcement
- Azure (beneficial) – Cloud IAM, logging, and security monitoring
Why this role?
- High-impact GRC project work tied to new market expansion
- Strong internal security culture: backed by a collaborative team and engaged InfoSec leadership
- A clear opportunity to stretch across awareness, compliance, and operational domains
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
