Senior Information Security Analyst JM RQ1640948

Location: Remote/Homebased • Pay Rate: £28.49 per hour (PAYE) • Contract Length: 3 months, may be extended • Hours per week: 35 • Basic DBS required prior to starting.

Our client seeks an experienced Senior Information Security Analyst to support their Information Security team. The role blends technical security analysis with governance, risk, and compliance (GRC) activities, ensuring the organization’s security posture and compliance with standards such as Cyber Essentials Plus, ISO 27001, DSPT, GDPR, and NCSC.

• Conduct security risk assessments for systems, projects, and suppliers, documenting findings.
• Review, respond to, and attest security questionnaires and tender submissions from vendors and partners.
• Support and track remediation actions from risk assessments, audits, or incidents.
• Assist with maintenance and review of the Information Security Risk Register and associated controls.
• Support compliance with ISO 27001, Cyber Essentials Plus, and DSPT requirements.
• Provide input to security policies, standards, and process improvements.
• Collaborate with IT and Security partners to review alerts, vulnerabilities, and incidents; provide risk‑based recommendations.
• Review and validate security configurations for technology stack, endpoint protection, DLP, and other key platforms.
• Support teams in vulnerability and patch management; assess the impact of critical vulnerabilities.
• Participate in post‑incident reviews; support lessons‑learned reporting.
• Provide security input to change reviews and technical design discussions.
• Conduct and document third‑party risk assessments for suppliers.
• Evaluate supplier responses and evidence against the organization’s requirements.
• Identify and escalate high‑risk findings; track mitigation progress.
• Support procurement and legal teams with security clauses and data protection considerations in contracts.
• Provide practical, proportionate advice to projects and business teams on information security and data protection.
• Promote good security practice and awareness within the organization.
• Support the Head of Information Security in incident briefings, reporting, and communication with senior stakeholders.

• 5+ years’ experience in Information Security roles combining technical and GRC activities.
• Strong understanding of cloud and network security (preferably Microsoft stack: M365, Azure, Defender, DLP, Conditional Access).
• Experienced reviewing security questionnaires, tenders, and supplier assurance evidence.
• Good knowledge of risk assessment methodologies (ISO 27005, NIST RMF, or equivalent).
• Working familiarity with ISO 27001, Cyber Essentials Plus, DSPT, and GDPR requirements.
• Experience interpreting vulnerability scan results and prioritizing remediation.
• Strong written communication skills for drafting risk reports, supplier reviews, and executive summaries.
• Excellent stakeholder engagement skills – able to explain technical concepts in plain language.

• Relevant certifications such as CISSP, CISM, CRISC, CEH, CompTIA Security+ or equivalent experience.
• Experience working in healthcare, charity, or public sector environments.
• Familiarity with NCSC CAF and NHS DSPT frameworks.
• Experience working with SOCs and incident response partners.