Information Security Analyst

Social network you want to login/join with:

Client: Cloud Decisions

Location: Newcastle-upon-Tyne, Tyne and Wear, United Kingdom

Job Category: Other

EU work permit required: Yes

Job Views: 9

Posted: 06.06.2025

Expiry Date: 21.07.2025

Upto £57,500 + Enterprise Benefits (Life Insurance, Medical, Pension)

Fully Remote (UK only)

***Please Note: NOT A CYBER SECURITY TECHNICAL ROLE***

Join their high-growth Information Security team as they expand to four times its current size.

Cloud Decisions has partnered with one of the UK’s most exciting enterprise technology transformations: a multi-billion-pound, employee-owned group, one of the top 10 largest employee-owned businesses in the UK, and a major global player in insurance across over 100 countries.

Following a wave of acquisitions and ongoing digital modernization and compliance efforts, they’re hiring an Information Security Assurance Analyst. The ideal candidate understands controls and compliance with security regulations and standards, can work autonomously within a high-trust team, and is capable of building their InfoSec capabilities to ensure regulatory compliance, information security maturity, and readiness for audits, tenders, or risk reviews.

• Schedule and Coordinate Assessments: Organize control assessments with control owners, asset custodians, and third parties.
• Evaluate Controls: Assess the design and effectiveness of security controls against policies, standards, and procedures.
• Documentation Maintenance: Keep documentation of assessments and remediation activities up to date.
• Organize Control Evidence: Ensure all evidence is well-organized and accessible.
• Notify Deviations: Notify relevant parties of any deviations from processes or procedures.
• Risk Analysis Reports: Write reports on the impact of control gaps on risks.
• Communicate Findings: Clearly communicate issues to security leadership.
• Dashboard and Reporting: Provide data for dashboards and reports.
• System Security Plans (SSPs): Support documentation of security requirements for information systems, including controls testing and ongoing monitoring.

• Update Processes: Coordinate updates for identified process gaps.
• Enhance Procedures: Assist in documenting and designing improved procedures.
• Propose Enhancements: Recommend control and procedure improvements.
• Reporting Support: Support monthly and quarterly assessment reports.

• Third-Party Due Diligence: Manage third-party assessments and responses.
• Audit Preparation and Support: Prepare evidence and respond to audit requests.

• Continuous Improvement: Identify and implement process improvements.
• Training and Development: Assist in training team members and stakeholders.
• Vendor Management: Assess vendor BCDR plans and capabilities.

Knowledge of DORA, PCDSS, SARBOX is beneficial but not required.