Information Security Analyst

Comtecs Ltd
50000.00 - 60000.00 GBP Annual
21 Jun 2024
12 Jul 2024
Employer Sector
Technology, IT & Telecoms
Contract Type
Full Time

Information Security Analyst / Client & Supplier InfoSec Compliance Analyst – Governance, Risk & Compliance (GRC), Supplier Assurance (InfoSec), 3rd Party Risk Management, Supplier Due Diligence, Client Liaison, Process Implementation, Incident Analysis and Reporting. CISM, CISSP, CySA+, CASP+ etc; ISO 27001, NIST, Cyber Essentials Plus. 12 Month FTC. London / Remote (Hybrid 3 Days Per Week In Office). GBP50k – GBP60k +Benefits Prestigious Global Law Firm seeks an Information Security Analyst / Client & Supplier InfoSec to act as the lead for responsibilities surrounding supplier assurance, client liaison and incident analysis and reporting.

The successful Information Security Analyst / Client & Supplier InfoSec will conduct and manage all due diligence processed in relation to InfoSec compliance with regulatory authority requirements for all suppliers, assessing responses to RFI and advising on amendments to suppliers' security and infosec configurations and provision. You will liaise with internal procurement and other business teams and provide guidance where necessary to suppliers themselves to ensure a high standard of supplier compliance with the firm's wider obligations.

Secondly; you will act as the point of contact for clients who require information from the firm in terms of its compliance stance throughout its own supply chain, completing client questionnaires and providing analysis as required. This will again require both internal stakeholder liaison along with client facing engagement where you will provide a reliable service to new, prospective and existing clients relaying the appropriate information with a deep understanding of the requirements implemented to ensure compliance and the technologies deployed to ensure a high level of security across the piece.

Finally, you will be responsible for Assisting with the running of the firm's Information Security Management System by driving forward corrective actions from audits, documenting lessons identified from incidents and near misses and producing management reporting. You will streamline processes by using generative AI tools to help suggest/automate the firm's responses and by leveraging the GRC platform employed within the department. You will work closely with, and report to, the Information Security Manager and Head of Information Security tohelp manage, maintain and improve the firm's information security risk position. This is a mid–level Information Security Officer / InfoSec Compliance Analyst role which will require an individual to both work under their own initiative. You will evaluate compliance with key security policies and ISO requirements, document variations for remediation and generate actionable metrics for leadership review. Follow this the successful candidate will identify and support creation of policies and procedures to improve compliance processes.

We are searching for an Information Security Officer / Information Security Analyst / Supplier Assurance Analyst / InfoSec Officer / IT Auditor / CyberSec Compliance Analyst who can bring both procedural security knowledge, experience of audits and the implementation of security procedures and controls within best practice frameworks with specific focus on 3rd party risk management, the supply chain and supplier compliance. You will have also acted as a point of contact for clients when either onboarding new and prospective clients or providing information to existing clientele. You will possess an analytical mind and approach and be able to conduct risk assessments and analysis and implement corrective actions through a solid technical understanding of a variety of technical and CyberSec environments (Perimeter Defence, Application Layer Security, Data Encryption, TLS/SSL, Data at Rest, Cloud Based Security Azure/AWS etc) and configurations.

You will be an information security professional who holds certifications ranging from CySA+, CASP+, CISSP, Security+, CISA, CISM, and may have some exposure to frameworks such as ISO 27001 or NIST. You will be familiar with state of the art GRC controls packages, the development of application of GRC controls themselves and also a range of tools such as SailPoint, Tenable, MS Security Suite / Windows Defender / Windows Defender for Cloud and others. You may have been working within a Law Firm, Legal Practice or Solicitor's firm, Banking, Accountancy (Big four – Deloitte, KPMG, PwC, EY etc) or for a consultancy firm focussed on InfoSec/CyberSec. Excellent organisation and communication skills are pre–requisite. Degree level education preferable but non–essential. Excellent opportunity to join a well renowned, international Law Firm during a time of exciting growth and corporate development. 12 month FTC with potential for extension / permanent engagement.