Enable job alerts via email!

Information Security Compliance Analyst

Cpl Life Sciences

Greater London

On-site

GBP 40,000 - 80,000

Full time

30+ days ago

Boost your interview chances

Create a job specific, tailored resume for higher success rate.

Job summary

An established industry player is seeking an Information Security Compliance Analyst to enhance their EMEA information security management system. In this pivotal role, you will drive compliance with global standards and legislation, ensuring the organization meets ISO 27001:2022 certification requirements. Your expertise will guide risk assessments, develop security policies, and manage training initiatives to foster a culture of security awareness. This is an exciting opportunity to contribute to a dynamic team in the pharmaceutical manufacturing sector, where your skills will directly impact the organization's security posture and compliance with vital regulations.

Qualifications

Experience in Information Security and IT Governance roles is essential.
Relevant certifications like CISM or CRISC are highly desirable.

Responsibilities

Conduct risk assessments and recommend treatment actions.
Manage information security awareness training programs.

Skills

Information Security Management

Risk Assessment

Compliance Audits

Stakeholder Management

ISO 27001 Compliance

Data Protection Legislation

Education

Degree level qualification

Tools

ISO 27001

NIST CSF

IEC 62443

CIS

As an Information Security Compliance Analyst, you will support the development and maintenance of the EMEA wide information security management system in accordance with Global EIT strategy, EMEA business requirements and relevant information security legislation, including NIS 2, AI Act and GDPR.

You will ensure the continued certification of the EIT ISO 27001:2022 management system and adherence by the EMEA EIT department to all relevant legislation and regulations, including but not limited to Health and Safety, Financial and Privacy laws.

Key Responsibilities:

Conduct information security, information system, and compliance-based risk assessments, evaluate responses and recommend risk treatment actions.
Develop and execute risk mitigation plans in conjunction with relevant internal and external stakeholders/groups and to agreed timescales, following through to completion.
Support the creation, implementation and maintenance of information security policies and standards, in accordance with ISO 27001 and other relevant frameworks and standards (NIST CSF, IEC 62443, CIS, GDPR etc.).
Maintain the department’s information security procedures, including but not limited to information security incident response and business continuity management, conducting tabletop exercises to evaluate effectiveness.
Manage the information security awareness training program to ensure all employees develop and maintain an awareness about and comply with all applicable information security policies, procedures, laws, and regulations.
Provide information security advice and guidance for EMEA business activities and projects.
Manage information security programs to ensure the company meets its compliance requirements.
Monitor, analyse and report on information security-based management metrics.
Perform comprehensive third-party information security due diligence assessments in a timely manner, report on results, recommend remediation activities and work with the legal team to ensure contractual obligations include security clauses as relevant.
Support information security and compliance audits conducted in the department.

Qualifications and Experience required:

Degree level qualified or equivalent - highly desirable.
CISM and/or CRISC or other relevant certification is highly desirable.
Demonstrable experience in an Information Security, IT Governance, Risk and Compliance based role, including maintaining and continually improving an ISO 27001 compliant management system.
Extensive experience of information security management and/or security awareness.
In-depth expert knowledge of industry standard frameworks and best practices – ISO 27001: 2022, ISO 27002:2022, ISO 27005, ISO 31000, NIST and their practical application in a corporate environment to ensure all elements of integrity, availability and confidentiality are adhered to.
Extensive experience conducting information security risk assessments, reporting risks.
Experience of developing, implementing, managing, and maintaining Information Security policies, controls, standards, guidance, processes & procedures, and auditing compliance.
Experience of developing, implementing, managing, and maintaining risk management framework, policies, processes, and procedures.
Knowledge & experience of developing and performing information security due diligence and risk assessments of third-party organisations based on IT control frameworks such as ISO 27001 and ISO 31000.
Practical experience of conducting gap analysis, testing information security processes, procedures, plans and leading audits to achieve compliance with Information Security standards.
Practical experience of establishing and maintaining data classification standards within a corporate environment.
Experience of project managing Information Security, Data Protection & Compliance initiatives.
Experience in developing and executing an Information Security awareness training across multi-business units.
Experience with ensuring corporate compliance with UK/EMEA data protection legislation such as DPA and GDPR.
Good knowledge of a broad range of IT technology platforms, products, services.
Stakeholder management experience at both a technical and non-technical to Executive level.

If you are interested please apply or send your CV to luke.sandilands@cpl.com

Seniority level

Mid-Senior level

Employment type

Contract

Job function

Information Technology

Industries

Pharmaceutical Manufacturing

Get your free, confidential resume review.

or drag and drop a PDF, DOC, DOCX, ODT, or PAGES file up to 5MB.

Similar jobs