Information Security Compliance Analyst

.A highly regarded and successful Bristol institution is seeking a meticulous Information Security Analyst as part of a wider restructure of their Cyber Security function.
In a role offering hybrid working (requirement of only 2 days per week on site), this role suits a Cyber Security professional who is passionate about the development and implementation of controls, and is passionate about their own career development.
A short summary of the duties involved includes, and is not limited to:

• Establish and maintain internal guidelines for Information Security, ensuring alignment with industry standards and regulations.
• Conduct regular reviews of policies to ensure compliance and offer support on security matters.
• Assist with the Information Security Awareness For Everyone (SAFE) initiative.
• Evaluate internal controls through reviews, produce compliance reports, and develop action plans.
• Coordinate with auditors for assessments and oversee risk registers.
• Collaborate with stakeholders to implement security controls for critical systems.
• Assess and monitor third–party security using established criteria.
• Schedule routine security assessments.
• Work with internal teams to implement preventive measures based on incident findings.
• Maintain accurate compliance records and provide reports to relevant parties.
• Support the improvement of the Information Security Management System (ISMS) and stay abreast of industry developments.

Requirements:

• Demonstrated expertise in conducting evaluations of IT/Cyber security controls.
• At least four years of relevant experience in IT, Information Security, or program management roles, with a focus on Governance, Risk, and Compliance (GRC) initiatives preferred.
• Diverse analytical skills gained from involvement in various IT and/or business projects.
• Proficiency in solution management, encompassing requirements analysis, solution proposal, progress monitoring, and benefits assessment.
• Familiarity with Information security frameworks and adherence to compliance standards such as ISO27001, Cyber Essentials Plus, NIST, SOC2, and PCI–DSS.