SonicJobs Logo
Login
Left arrow iconBack to search
  1. Home
  2. Maidstone, Kent
  3. Ict security engineer
  4. Information Security Analyst - GRC

Information Security Analyst - GRC

Sanderson
Posted a day ago, valid for a month
Location

Maidstone, Kent ME17 2BE, England

Contract type

Full Time

In order to submit this application, a Reed account will be created for you. As such, in addition to applying for this job, you will be signed up to all Reed’s services as part of the process. By submitting this application, you agree to Reed’s Terms and Conditions and acknowledge that your personal data will be transferred to Reed and processed by them in accordance with their Privacy Policy.

Sonic Summary

info
  • The position is for an Information Security Analyst focused on Governance, Risk, and Compliance (GRC) based mainly in Kent with a salary range of £45,000 to £50,000 plus benefits.
  • The ideal candidate should have proven experience in a similar GRC-focused role and a good understanding of risk management approaches and cyber risk management controls.
  • Key responsibilities include supporting the Cyber Strategic Plan, managing cyber security governance controls, and assisting with compliance activities such as ISO27001 and PCI-DSS audits.
  • The role also involves managing technology access reviews, supporting incident management processes, and providing cyber consultancy services to ensure compliance and risk appetite requirements are met.
  • Candidates should possess strong stakeholder management skills along with excellent written and verbal communication abilities, with a minimum of 3-5 years of relevant experience preferred.

Information Security Analyst - GRC

Kent - Mainly Remote site visits once per month

£45,000 - £50,000 + benefits

Fantastic new permanent opportunity for an experienced GRC focused Information Security Analyst with this market leading financial services business based in Kent.

As an Information Security Analyst, you will join an established team to provide Governance, Risk and Compliance oversight and services to deliver Information Security Strategy and help manage internal and third-party information security risk. You will also support other initiatives, such as the management of the Logical Access Management (LAM) of key technology systems, to meet full compliance requirements and always protecting customers and colleagues.

Main responsibilities:

  • Support the execution of the Cyber Strategic Plan while continuously seeking innovative methods to enhance the cyber security function, reduce risk across the organisation, and improve customer and colleague experiences.
  • Oversee and manage cyber security governance controls in line with the Cyber Assurance Framework, including tracking performance through KPIs and SLAs, supporting vulnerability, management activities and providing relevant management information as needed.
  • Assist with compliance activities such as policy and process assessments / improvements, ISO27001 and PCI-DSS re-certifications and audits.
  • Implement and ensure the efficiency of internal and third-party cyber risk mitigation controls to align with risk appetites. Utilising internal reviews and third-party risk management systems and processes to ensure third parties meet security standards.
  • Stay updated on the external cyber threat landscape through participation in internal/external events and obtaining certifications and share best practices with colleagues.
  • Manage the technology access review process, coordinating with technology teams, broader business functions, and audit teams to ensure proper system access management and review.
  • Assist and support the incident management processes, including handling incidents, performing root cause analysis, documenting lessons learned, creating and ongoing reviews of playbooks.
  • Offer cyber consultancy services to support business initiatives, ensuring compliance and risk appetite requirements are met.
  • Adhere to our Governance and Business Code of Conduct, consistently acting with integrity and due diligence.

Skills Required:

  • You will have proven experience of working within a similar GRC focused Information Security Analyst position.
  • Have a good understanding of risk management approaches and the application of Cyber risk management controls.
  • A broad understanding of the Cyber Security domain and associated compliance requirements such as FCA, GDPR, and PCI/DSS.
  • Experience with 3rd Party Risk Assessments.
  • Broad knowledge and understanding of cyber-attack techniques and vulnerability testing approaches.
  • Experience in undertaking Risk assessments, control testing and reporting in a regulated environment.
  • Proven stakeholder management experience and be able to demonstrate good written and verbal communications skills.
  • Can demonstrate previous experience in the planning, leading and delivering of audits and compliance activities.

For any further queries regarding the role, please contact Danny Palmer at

Apply now in a few quick clicks

In order to submit this application, a Reed account will be created for you. As such, in addition to applying for this job, you will be signed up to all Reed’s services as part of the process. By submitting this application, you agree to Reed’s Terms and Conditions and acknowledge that your personal data will be transferred to Reed and processed by them in accordance with their Privacy Policy.

Logo
SonicJobs
Your next career move. Sorted.
Search jobsbackground image

Contact us

© 2017 - 2025 SonicJobs App Ltd. All rights reserved

Terms & Conditions | Privacy Policy | Browse Jobs