IT Security Analyst

The Role

• Own and manage responses to customer security questionnaires (SIG, CAIQ, bespoke).
• Work cross-functionally with Legal, Compliance, Procurement, Product and Security teams.
• Maintain the security assurance matrix in line with ISO 27001, Cyber Essentials, and SOC 2.
• Act as the key point of contact for security assurance queries.
• Conduct vendor risk assessments against ISO 27001, NIST, and CIS Controls.
• Manage the third-party due diligence programme, including onboarding and periodic reviews.
• Track and publish key security metrics such as risk severity, SLA adherence, and turnaround times.
• Provide audit artefacts and support internal/external audits.
• Contribute to broader security initiatives and continuous improvement within the organisation.

• 3+ years' experience in Information Security, GRC, or Vendor Risk Management.
• Strong experience issuing or responding to security questionnaires.
• Knowledge of ISO 27001 Annex A, SOC 2, and GDPR/CCPA.
• Excellent communication skills, able to translate technical risk to non-technical stakeholders.
• Eligible to work in the UK and able to pass background checks.

Desirable:

• Certifications such as CRISC, CISSP, CISA, or ISO 27001 Lead Auditor.
• Familiarity with SaaS/cloud platforms (AWS, Azure, GCP).
• Understanding of secure software supply chains (SBOM, SLSA).

• £50,000 - £55,000 base salary
• 25 days annual leave + public holidays (increasing with service)
• Matched pension scheme
• Private medical insurance & life assurance
• Fitness allowance
• Paid study leave & volunteering days
• Flexible hybrid working
• Excellent career development and training opportunities