- A highly regarded and successful Bristol institution is seeking a meticulous Information Security Analyst as part of a wider restructure of their Cyber Security function.
In a role offering hybrid working (requirement of only 2 days per week on site), this role suits a Cyber Security professional who is passionate about the development and implementation of controls, and is passionate about their own career development.
A short summary of the duties involved includes, and is not limited to:
- Establish and maintain internal guidelines for information security, ensuring alignment with industry standards and regulations.
- Conduct regular reviews of policies to ensure compliance and offer support on security matters.
- Assist with the Information Security Awareness For Everyone (SAFE) initiative.
- Evaluate internal controls through reviews, produce compliance reports, and develop action plans.
- Coordinate with auditors for assessments and oversee risk registers.
- Collaborate with stakeholders to implement security controls for critical systems.
- Assess and monitor third-party security using established criteria.
- Schedule routine security assessments.
- Work with internal teams to implement preventive measures based on incident findings.
- Maintain accurate compliance records and provide reports to relevant parties.
- Support the improvement of the Information Security Management System (ISMS) and stay abreast of industry developments.
Requirements:
- Demonstrated expertise in conducting evaluations of IT/Cyber security controls.
- At least four years of relevant experience in IT, information security, or program management roles, with a focus on Governance, Risk, and Compliance (GRC) initiatives preferred.
- Diverse analytical skills gained from involvement in various IT and/or business projects.
- Proficiency in solution management, encompassing requirements analysis, solution proposal, progress monitoring, and benefits assessment.
- Familiarity with Information security frameworks and adherence to compliance standards such as ISO27001, Cyber Essentials Plus, NIST, SOC2, and PCI-DSS.