Security Analyst

The Security Analyst will join Brunswick's Information Security team and play a dual‑role function, splitting time between Third Party Risk Management (TPRM) and operational cyber security activities. The role is critical in protecting Brunswick's information assets, supporting client trust, and maintaining our security certifications. The successful candidate will work closely with Legal, Privacy, IT, and client‑facing teams, while also contributing to day‑to‑day cyber security monitoring and incident response. In this role, you will be responsible for supporting Brunswick's information security programme across both third‑party risk and cyber security operations, ensuring risks are identified, assessed, and managed in line with the firm's risk appetite.

• Conducting supplier security assessments and due diligence as part of Brunswick's Third Party Risk Management programme.
• Reviewing and assessing supplier and client security questionnaires, identifying control gaps, and associated risks.
• Supporting client security due diligence requests by completing questionnaires and providing appropriate supporting documentation.
• Collaborating with Legal to review information security and cybersecurity clauses in client contracts and Master Service Agreements.
• Documenting assessment outcomes and communicating clear, risk‑based recommendations to internal stakeholders.
• Supporting the maintenance of ISO27001 and TISAX certifications through supplier‑ and client‑related controls and audit preparation.
• Reviewing and triaging security tickets, alerts, and escalations from security tooling and internal reporting channels.
• Assisting with the investigation of security incidents, including analysis and post‑incident reporting.
• Supporting vulnerability and technical risk assessments aligned with Brunswick's environment and risk appetite.
• Contributing to the continuous improvement of security processes, controls, and security awareness across the firm.

This is a hands‑on role suited to someone with 3‑5 years' experience who is comfortable operating across governance, risk, and technical security domains.

• 3‑5 years' experience in information security, cyber security, third‑party risk management, or a related role.
• Hands‑on experience conducting supplier security assessments, due diligence, or responding to client security questionnaires.
• Experience working in an ISO27001‑compliant organisation, with familiarity of relevant control sets.
• A practical, technical understanding of cyber security concepts, risks, and controls (e.g. SIEM, EDR, vulnerability management, email/web security).
• Strong written and verbal communication skills, with the ability to translate technical risks into clear, business‑focused language.
• High attention to detail, strong analytical skills, and sound judgement in time‑sensitive or high‑pressure situations.
• Confidence collaborating with Legal, IT, Privacy, and client‑facing teams.
• A proactive mindset with a desire to develop skills across both third‑party risk and cyber security operations.

• ISC²: CISSP, CCSP, SSCP
• CompTIA: Security+, CySA+, CASP+

Brunswick is a global advisory firm. We help companies tackle high‑stakes issues, navigate complex stakeholder relationships, and deliver high‑impact outcomes. Our clients value our ability to anticipate, shape, and respond to the key players and forces in the financial and investment arena, regulatory and geopolitical universe, NGO community, workforce and beyond. They rely on us for deep experience, fresh perspectives and original thinking. So, in Brunswick you will find an exceptional range of experience and talent with a rich mix of backgrounds. From the beginning, we have prioritized attracting, developing, and retaining the best professionals in the industry, united by a culture of inclusivity, excellence, and intellectual curiosity. Founded in 1987 in London, the firm has organically grown to 27 offices in 18 countries across the Americas, Europe, Middle East, Africa, Asia and Australia. We operate as a "one‑firm firm" with no individual profit centers. This allows us to assemble fully integrated, bespoke teams for each client, able to draw on the full resources of Brunswick anywhere in the world.