Information Security Analyst

Job Title: Information Security Analyst

Location: Nottingham

Contract: Perm

Recruiter: Noaman Hussain

About the role

We are looking for an experienced and proactive Information Security Analyst to join our growing IT2A InfoSec team. You will serve as a critical liaison between Information Security and internal business units, ensuring the implementation of security strategies and the management of information security risks across the organisation. Reporting to the Senior Manager, the Security Analyst will join the Project Advisory team.

Key responsibilities

• Provide high quality security advice to mitigate identified risks and ensure compliance with internal standards and industry best practices.
• Guide the implementation and operation of physical, procedural, and technical security controls.
• Conduct security risk assessments, NFR reviews and business impact analyses for complex systems
• Identify risks in proposed technical architectures and design alternative solutions or countermeasures.
• Contribute to the development and continuous improvement of security policies, standards, and guidelines along with internal processes
• Implement and document new or enhanced security controls and system/process changes.
• Advise on and support penetration testing and vulnerability assessments across applications, systems, and networks.
• Conduct in-depth reviews of legacy systems to identify and remediate security gaps.
• Represent Information Security in project teams, ensuring alignment with security requirements throughout the project lifecycle.
• Support project delivery by ensuring security acceptance criteria and documentation are completed in accordance with internal processes.
• Accurately track and report time spent on projects, escalating issues and ensure project utilization (recovery targets) are met.

What you'll need to have

• Awareness of Information Security policies, standards, and frameworks
• Familiarity with project management methodologies (e.g., Agile, Waterfall).
• Experience in one or more of the following areas: Security Engineering, Threat Response, Security Operations, IT Compliance, IT Governance, Cloud Security, Application Security, or related domains.
• Strong grasp of core information security principles and best practices.
• Analytical, problem-solving, and stakeholder management skills.
• Effective written and verbal communication abilities.
• Self-motivated with a proactive mindset and a continuous improvement approach.
• Ability to work independently and collaboratively within cross-functional teams.

It would be great if you also have

These are desirable skills or experience and are not essential, so we would welcome applications from candidates that don't match this additional criteria.

• Industry-recognized certifications such as CISSP, CISM, CompTIA Security+, CEH, or vendor-specific credentials (e.g., AWS Security, Microsoft SC-200).
• Experience with security tools and platforms (e.g., SIEM, DLP, vulnerability scanners).
• Familiarity with regulatory and compliance frameworks (e.g., ISO 27001, NIST, GDPR).

Our benefits

• Boots Retirement Savings Plan
• Discretionary annual bonus
• Generous employee discounts
• Enhanced maternity/paternity/adoption leave pay and gift card for anyone expecting or adopting a child
• Flexible benefits scheme including option to buy additional holiday, discounted gym membership, life assurance, activity passes and much more.
• Access to free, 24/7 counselling and support through TELUS Health, our Employee Assistance Programme.

We have a great range of benefits in addition to the above that offer flexibility to suit you - find out more at boots.jobs/rewards. Exclusions may apply, eligible roles only. Please note, any salary estimates given on third-party sites are not provided or endorsed by Boots and may not be accurate.

Why Boots

At Boots, we foster a working environment where consideration and inclusivity help everyone to be themselves and reach their full potential. We are proud to be an equal opportunity employer, passionate about embracing the diversity of our colleagues and providing a positive and inclusive working environment for all. As the heart of everything we do at Boots, with you, we change for the better.

What's next

Where a role is advertised as full-time, we are open to discussing part-time and job share options during the application process. If you require additional support as part of the application and interview process, we are happy to provide reasonable adjustments to help you to be at your best.

This role requires the successful candidate to complete a Pre-employment check after receiving an offer. Depending on your location you will be asked to submit either a DBS (Disclosure & Barring Service), PVG (Protection of Vulnerable groups) or an Access NI Check.

Boots is a Ban the Box employer and will consider the suitability of applicants with criminal convictions on a case-by-case basis.

#LI-Onsite