Information Security Compliance Analyst

Robert Half has partnered on an exclusive basis with a growing professional outsourcing organisation in the Greater Bristol area to recruit and Information Security Compliance Analyst on a permanent basis.

Role Responsibilities;

Policy Development and implementation:

• Develop and maintain Information Security policies, procedures, team documents and controls aligned with industry standards and regulations.
• Conduct regular policy reviews to ensure adherence to agreed-upon policies
• Provide guidance and support across the Group on Information Security matter
• Support delivery of the Information Security Awareness For Everyone (SAFE) programme

Risk Management:

• Scope and conduct internal reviews to evaluate the effectiveness of Information Security controls, creating detailed compliance reports and remediation plans.
• Coordinate with internal and external auditors to prepare for, and respond to, Information Security assessments.
• Ensure Group IT and Security risk registers are managed effectively.
• Collaborate with business stakeholders to agree, implement, and manage security controls for key business systems and processes.

Third Party Management:

• Using agreed frameworks, assess and monitor the security of third parties
• Ensure that regular, scheduled security assessments are undertaken

Incident Preparation:

• Collaborate with internal incident response teams to develop and implement preventive measures, based on incident findings.

Compliance Monitoring and Reporting:

• Maintain accurate and up-to-date documentation related to compliance effort
• Generate status reports for management and regulatory bodies

Continuous Improvement:

• Support the continuous improvement and expansion of our Information Security Management System (ISMS).
• Remain up to date with industry best practice, new technologies and emerging threats.

Skills/experience

• Proven experience in performing IT/Cyber security control reviews
• Minimum of 4 years' experience in IT, Information Security or programme management positions, with a preference for those involving Governance, Risk, and Compliance (GRC) programmes.
• Broad ranging analyst skills acquired while working on diverse IT and/or business projects
• Solution management experience including requirements analysis, solution proposition, delivery tracking and benefits analysis.
• Experience working with Information security frameworks and compliance standards (eg ISO27001, Cyber Essentials Plus, NIST, SOC2 and PCI-DSS).

Desirable

• Knowledge of a range of technical security controls and their operation
• Understanding of/experience of PCI-DSS controls and implementation
• Good understanding of the Data Protection Act/General Data Protection Regulation
• Strong interest in Information security and technology, and motivated to learn new technologies.
• A bachelor's degree in Information Security or industry recognised security certifications (eg CISSP, CISM, CISA, CRISC, ISO27001 lead implementor, ISO27001 auditor).

Salary/Logistics

• GBP55,000 - GBP60,000 basic salary + additional benefits
• Hybrid working (2-3 days a week on site)

Robert Half Ltd acts as an employment business for temporary positions and an employment agency for permanent positions. Robert Half is committed to equal opportunity and diversity. Suitable candidates with equivalent qualifications and more or less experience can apply. Rates of pay and salary ranges are dependent upon your experience, qualifications and training. If you wish to apply, please read our Privacy Notice describing how we may process, disclose and store your personal data:

Security alert: scammers are currently targeting jobseekers. Robert Half do not ask candidates for a fee or request candidates to send applications through instant messaging services such as WhatsApp or Telegram. Learn how to protect yourself by visiting our website: