Information Security Compliance Analyst

60000.00 - 70000.00 GBP Annual
26 Mar 2024
23 Apr 2024
Employer Sector
Technology, IT & Telecoms
Contract Type
Full Time

.A highly regarded and successful Bristol institution is seeking a meticulous Information Security Analyst as part of a wider restructure of their Cyber Security function.
In a role offering hybrid working (requirement of only 2 days per week on site), this role suits a Cyber Security professional who is passionate about the development and implementation of controls, and is passionate about their own career development.
A short summary of the duties involved includes, and is not limited to:

  • Establish and maintain internal guidelines for information security, ensuring alignment with industry standards and regulations.
  • Conduct regular reviews of policies to ensure compliance and offer support on security matters.
  • Assist with the Information Security Awareness For Everyone (SAFE) initiative.
  • Evaluate internal controls through reviews, produce compliance reports, and develop action plans.
  • Coordinate with auditors for assessments and oversee risk registers.
  • Collaborate with stakeholders to implement security controls for critical systems.
  • Assess and monitor third–party security using established criteria.
  • Schedule routine security assessments.
  • Work with internal teams to implement preventive measures based on incident findings.
  • Maintain accurate compliance records and provide reports to relevant parties.
  • Support the improvement of the Information Security Management System (ISMS) and stay abreast of industry developments.


  • Demonstrated expertise in conducting evaluations of IT/Cyber security controls.
  • At least four years of relevant experience in IT, information security, or program management roles, with a focus on Governance, Risk, and Compliance (GRC) initiatives preferred.
  • Diverse analytical skills gained from involvement in various IT and/or business projects.
  • Proficiency in solution management, encompassing requirements analysis, solution proposal, progress monitoring, and benefits assessment.
  • Familiarity with Information security frameworks and adherence to compliance standards such as ISO27001, Cyber Essentials Plus, NIST, SOC2, and PCI–DSS.