2,041 Cyber Threats jobs in the United Kingdom

Information Security Analyst – NIST Implementation

Rate - £500 Inside IR35 (Total to umbrella)

Duration – 6 months

Location – twice a week on site into London

Role Description:

As a Senior Information Security Analyst, you will be instrumental in executing the company's Information Security strategies and initiatives, focusing on supporting the Governance, Risk, and Compliance (GRC) function and implementing the NIST Cyber Security Framework (CSF) throughout the organization. You will lead day-to-day GRC activities, including designing security controls, enforcing requirements from the Group Information Security Framework, and proactively managing non-compliance issues and mitigating Information Security risks.

About You :

• You will be developing and implementing an information security controls catalogue, policies, and procedures aligned with the NIST Cyber Security Framework (CSF).
• Conducting assessments to identify material gaps, analyzing potential risks, and monitoring progress on maturity uplifting across security functions.
• Supporting compliance activities with the Group Information Security Framework, Cyber Essentials, and PCI DSS attestation.
• Collaborating with the wider organization to integrate control testing and risk management activities into the existing governance framework.
• Assisting cross-functional teams and business units in integrating security measures into business operations.
• Facilitating regular reviews and updates of control and risk management processes to remain effective and responsive to emerging threats and changes in the organizational landscape.
• Documenting and visualizing reports for governance forums, providing insights and recommendations to inform decision-making and risk management strategy across the business.

Essential Skills:

• Minimum of 4 years of experience in information security with a solid understanding of Information Security control and governance frameworks.
• Practical experience of implementing NIST CSF in the financial services sector is highly desirable.
• Proven track record of security transformation and delivery of security projects, particularly within a federated organisation.
• Strong knowledge of Information Security and compliance frameworks, including NIST CSF, ISO 27001, Cyber Essentials, PCI DSS, and DORA, and the ability to design controls that align with these standards.
• Ability to analyse data and generate reports using tools like Excel and Power BI, and experience with data visualisation and interpretation.
• Skills in creating and maintaining comprehensive documentation, including control matrices, design process flows, and standard operating procedures.
• Strong communication and interpersonal skills, with the ability to convey complex security concepts to non-technical stakeholders.
• Bachelor’s degree in Information Security, Computer Science, or a related field. A Master’s degree is a plus.
• Relevant certifications such as CISSP, CCSP, CRISC, CISM, or ISO 27001 Lead Implementer are highly desirable.

Information Security Analyst | ISO27001, Rapid7, Protecht | Global Trading Platform

• £60–70k base + 10% bonus
• Hybrid in Coventry with monthly travel to London
• Security certification support & career development built-in

Help shape a high-stakes security program as a hands-on GRC Analyst supporting a global financial institution’s banking expansion. You’ll be central to their mission of scaling a modern InfoSec environment, balancing regulatory rigor, ethical standards and BAU resilience.

You’ll focus on third-party security assessments, metrics reporting, and supporting certification frameworks including ISO27001 and SOC2. Expect close collaboration across risk, technology and compliance stakeholders. All while operating at pace, with visibility and trust from the top down.

What you’ll bring:

• 3+ years in an InfoSec or IT security role within a regulated or financial firm
• Security certifications: SSCP, Security+, or equivalent
• Strong GRC foundation: Able to interpret risk frameworks and speak the language of ISO, SOC2, NIST, etc.
• Comfortable with security tooling and metrics-driven reporting
• Confident communicator: Translate acronyms into action, and engage stakeholders with clarity and purpose
• Ethical mindset: understand when to escalate, when to challenge, and how to own your area

What you’ll be doing:

• ISO27001 & SOC2 governance: day-to-day support of the ISMS, remediation tracking, risk reviews
• Third-party risk assessments: conduct supplier security reviews aligned to appetite and regulatory frameworks
• Security awareness training: drive phishing simulations and curate internal content via Proofpoint
• BAU InfoSec operations: ticket triage, KPI reporting, risk dashboards, vulnerability and patch monitoring
• Compliance tooling: operate and report using platforms like Protecht, Panorays, Rapid7, and Armis
• Banking enablement: key InfoSec input into a major new market launch

Tech & tools you’ll use:

• Protecht – Enterprise risk & audit platform
• Panorays – Third-party risk management
• Rapid7, Armis – Vulnerability & asset visibility
• Proofpoint – Phishing simulations and awareness content
• Microsoft Purview – Data governance and policy enforcement
• Azure (beneficial) – Cloud IAM, logging, and security monitoring

Why this role?

• High-impact GRC project work tied to new market expansion
• Strong internal security culture: backed by a collaborative team and engaged InfoSec leadership
• A clear opportunity to stretch across awareness, compliance, and operational domains

Information Security Analyst | ISO27001, Rapid7, Protecht | Global Trading Platform

• Monitor security alerts and events, investigate potential security incidents, and respond accordingly.
• Implement, configure, and maintain security technologies such as firewalls, IDS/IPS, SIEM, and endpoint protection.
• Conduct vulnerability assessments and penetration testing, and work with teams to remediate findings.
• Develop and update security policies, procedures, and guidelines.
• Assist in the development and execution of incident response plans.
• Perform security risk assessments and recommend appropriate controls.
• Provide security awareness training to employees.
• Stay current with emerging security threats, vulnerabilities, and technologies.
• Collaborate with IT teams to ensure security is integrated into system design and operations.
• Contribute to compliance efforts with relevant regulations and standards.

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field, or equivalent practical experience.
• Proven experience in information security or a related IT security role.
• Strong understanding of cybersecurity principles, threats, and vulnerabilities.
• Experience with SIEM, IDS/IPS, firewalls, and endpoint security solutions.
• Knowledge of network security, system security, and application security.
• Familiarity with risk assessment methodologies and incident response frameworks.
• Excellent analytical and problem-solving skills.
• Strong communication and documentation skills.
• Relevant security certifications (e.g., CompTIA Security+, CISSP, CEH) are a plus.
• Ability to work effectively in a hybrid team environment.

• Monitoring security alerts and events using SIEM tools.
• Conducting vulnerability assessments and penetration testing.
• Implementing and managing security controls and technologies.
• Developing and enforcing security policies and procedures.
• Responding to security incidents and performing forensic analysis.
• Providing security awareness training to employees.
• Collaborating with IT teams to ensure secure system configurations.
• Staying updated on the latest security threats and mitigation strategies.
• Assisting with security audits and compliance requirements.

• Monitor security systems and analyze security alerts for potential threats.
• Investigate and respond to security incidents and breaches.
• Conduct vulnerability assessments and penetration testing.
• Implement and manage security controls and technologies.
• Develop and maintain security policies, procedures, and documentation.
• Conduct security awareness training for employees.
• Analyze security logs and events to identify suspicious activities.
• Stay updated on cybersecurity trends, threats, and best practices.
• Collaborate with IT teams to ensure secure system configurations.
• Contribute to the development and refinement of the incident response plan.

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Minimum of 4 years of experience in information security or cybersecurity.
• Proficiency in security monitoring tools (SIEM, IDPS, EDR).
• Strong understanding of network security, cryptography, and risk management.
• Experience with vulnerability assessment and penetration testing methodologies.
• CompTIA Security+, CISSP, CEH, or GIAC certifications are highly desirable.
• Excellent analytical and problem-solving skills.
• Strong communication and collaboration abilities.
• Ability to work independently and manage tasks effectively in a remote environment.
• Detail-oriented with a strong sense of responsibility.

• Monitor security systems and identify potential threats.
• Conduct vulnerability assessments and penetration testing.
• Develop and implement information security policies and procedures.
• Respond to and investigate security incidents.
• Manage and maintain security technologies (firewalls, IDS/IPS, SIEM).
• Ensure compliance with data protection regulations (e.g., GDPR).
• Provide security awareness training to employees.
• Collaborate with IT teams to implement security controls.
• Analyze security logs and alerts.
• Develop security reports for management.