Information Security Analyst

This range is provided by Cloud Decisions. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.

Direct message the job poster from Cloud Decisions

Upto £57,500 + Enterprise Benefits (Life Insurance, Medical, Pension)

Fully Remote (UK only)

**Part of their high-growth InfoSec plans as they build the team to x4**

Cloud Decisions has partnered with one of the UK’s most exciting enterprise technology transformations: a £multi-billion, employee-owned group, one of the top 10 largest employee-owned businesses in the UK, and a major global player in insurance across 100+ countries.

Following a wave of acquisitions and continued digital modernization and compliance, they’re hiring an Information Security Assurance Analyst who understands Controls & Compliance with security regulations and standards. The candidate should be able to work in a small, high-trust team and operate autonomously while helping build their InfoSec capability to ensure regulatory compliance, information security maturity, and readiness for audits, tenders, or risk reviews.

Control/Compliance Assessment Duties:

• Schedule and Coordinate Assessments: Plan and coordinate control assessments with control owners, asset custodians, and third parties.
• Evaluate Controls: Assess the design and effectiveness of technical and non-technical security controls against internal policies, standards, and procedures.
• Documentation Maintenance: Keep documentation of security control assessments and remediation activities up to date.
• Organize Control Evidence: Ensure all control evidence is well-organized and accessible.
• Notify Deviations: Notify relevant parties of business process and procedure deviations.
• Risk Analysis Reports: Produce analysis reports highlighting the impact of control gaps on risks.
• Communicate Findings: Clearly communicate issues identified from assessments to Security leadership.
• Dashboard and Reporting Input: Provide data to keep dashboards and reports current.
• System Security Plans (SSPs): Support data and process owners in documenting security requirements, testing controls, and establishing ongoing monitoring mechanisms.

Compliance/Control Improvement Duties:

• Update Processes: Lead efforts to address control gaps and process breaks.
• Enhance Procedures: Assist in documenting and designing improved procedures and effectiveness tests.
• Propose Enhancements: Recommend improvements through formal reporting channels.
• Reporting Support: Assist in monthly and quarterly reporting on control assessment outcomes.

Audit/Assessment Duties:

• Third-Party Due Diligence: Manage third-party assessments, ensure timely responses, and document deficiencies.
• Audit Preparation and Support: Prepare evidence and assist during internal and external audits.

InfoSec Effectiveness - Collaboration/Continuous Improvement:

• Continuous Improvement: Identify and implement process enhancements.
• Training and Development: Train team members and stakeholders on assessment methodologies.
• Vendor Management: Ensure vendors have robust BCDR plans and conduct regular assessments.

Knowledge of DORA, PCDSS, SARBOX is advantageous but not essential.

• Mid-Senior level

• Full-time

• Information Technology

• IT Services and IT Consulting
• Information Services
• Computer and Network Security

Referrals increase your chances of interviewing at Cloud Decisions by 2x.