Address
Form of work
Salary.A highly regarded and successful Bristol institution is seeking a meticulous Information Security Analyst as part of a wider restructure of their Cyber Security function.In a role offering hybrid working (requirement of only 2 days per week on site), this role suits a Cyber Security professional who is passionate about the development and implementation of controls, and is passionate about their own career development.A short summary of the duties involved includes, and is not limited to:
- Establish and maintain internal guidelines for Information Security, ensuring alignment with industry standards and regulations.
- Conduct regular reviews of policies to ensure compliance and offer support on security matters.
- Assist with the Information Security Awareness For Everyone (SAFE) initiative.
- Evaluate internal controls through reviews, produce compliance reports, and develop action plans.
- Coordinate with auditors for assessments and oversee risk registers.
- Collaborate with stakeholders to implement security controls for critical systems.
- Assess and monitor third–party security using established criteria.
- Schedule routine security assessments.
- Work with internal teams to implement preventive measures based on incident findings.
- Maintain accurate compliance records and provide reports to relevant parties.
- Support the improvement of the Information Security Management System (ISMS) and stay abreast of industry developments.
Requirements:
- Demonstrated expertise in conducting evaluations of IT/Cyber security controls.
- At least four years of relevant experience in IT, Information Security, or program management roles, with a focus on Governance, Risk, and Compliance (GRC) initiatives preferred.
- Diverse analytical skills gained from involvement in various IT and/or business projects.
- Proficiency in solution management, encompassing requirements analysis, solution proposal, progress monitoring, and benefits assessment.
- Familiarity with Information security frameworks and adherence to compliance standards such as ISO27001, Cyber Essentials Plus, NIST, SOC2, and PCI–DSS.
