2,376 Cybercrime jobs in the United Kingdom

Information Security Analyst – NIST Implementation

Rate - £500 Inside IR35 (Total to umbrella)

Duration – 6 months

Location – twice a week on site into London

Role Description:

As a Senior Information Security Analyst, you will be instrumental in executing the company's Information Security strategies and initiatives, focusing on supporting the Governance, Risk, and Compliance (GRC) function and implementing the NIST Cyber Security Framework (CSF) throughout the organization. You will lead day-to-day GRC activities, including designing security controls, enforcing requirements from the Group Information Security Framework, and proactively managing non-compliance issues and mitigating Information Security risks.

About You :

• You will be developing and implementing an information security controls catalogue, policies, and procedures aligned with the NIST Cyber Security Framework (CSF).
• Conducting assessments to identify material gaps, analyzing potential risks, and monitoring progress on maturity uplifting across security functions.
• Supporting compliance activities with the Group Information Security Framework, Cyber Essentials, and PCI DSS attestation.
• Collaborating with the wider organization to integrate control testing and risk management activities into the existing governance framework.
• Assisting cross-functional teams and business units in integrating security measures into business operations.
• Facilitating regular reviews and updates of control and risk management processes to remain effective and responsive to emerging threats and changes in the organizational landscape.
• Documenting and visualizing reports for governance forums, providing insights and recommendations to inform decision-making and risk management strategy across the business.

Essential Skills:

• Minimum of 4 years of experience in information security with a solid understanding of Information Security control and governance frameworks.
• Practical experience of implementing NIST CSF in the financial services sector is highly desirable.
• Proven track record of security transformation and delivery of security projects, particularly within a federated organisation.
• Strong knowledge of Information Security and compliance frameworks, including NIST CSF, ISO 27001, Cyber Essentials, PCI DSS, and DORA, and the ability to design controls that align with these standards.
• Ability to analyse data and generate reports using tools like Excel and Power BI, and experience with data visualisation and interpretation.
• Skills in creating and maintaining comprehensive documentation, including control matrices, design process flows, and standard operating procedures.
• Strong communication and interpersonal skills, with the ability to convey complex security concepts to non-technical stakeholders.
• Bachelor’s degree in Information Security, Computer Science, or a related field. A Master’s degree is a plus.
• Relevant certifications such as CISSP, CCSP, CRISC, CISM, or ISO 27001 Lead Implementer are highly desirable.

Information Security Analyst | ISO27001, Rapid7, Protecht | Global Trading Platform

• £60–70k base + 10% bonus
• Hybrid in Coventry with monthly travel to London
• Security certification support & career development built-in

Help shape a high-stakes security program as a hands-on GRC Analyst supporting a global financial institution’s banking expansion. You’ll be central to their mission of scaling a modern InfoSec environment, balancing regulatory rigor, ethical standards and BAU resilience.

You’ll focus on third-party security assessments, metrics reporting, and supporting certification frameworks including ISO27001 and SOC2. Expect close collaboration across risk, technology and compliance stakeholders. All while operating at pace, with visibility and trust from the top down.

What you’ll bring:

• 3+ years in an InfoSec or IT security role within a regulated or financial firm
• Security certifications: SSCP, Security+, or equivalent
• Strong GRC foundation: Able to interpret risk frameworks and speak the language of ISO, SOC2, NIST, etc.
• Comfortable with security tooling and metrics-driven reporting
• Confident communicator: Translate acronyms into action, and engage stakeholders with clarity and purpose
• Ethical mindset: understand when to escalate, when to challenge, and how to own your area

What you’ll be doing:

• ISO27001 & SOC2 governance: day-to-day support of the ISMS, remediation tracking, risk reviews
• Third-party risk assessments: conduct supplier security reviews aligned to appetite and regulatory frameworks
• Security awareness training: drive phishing simulations and curate internal content via Proofpoint
• BAU InfoSec operations: ticket triage, KPI reporting, risk dashboards, vulnerability and patch monitoring
• Compliance tooling: operate and report using platforms like Protecht, Panorays, Rapid7, and Armis
• Banking enablement: key InfoSec input into a major new market launch

Tech & tools you’ll use:

• Protecht – Enterprise risk & audit platform
• Panorays – Third-party risk management
• Rapid7, Armis – Vulnerability & asset visibility
• Proofpoint – Phishing simulations and awareness content
• Microsoft Purview – Data governance and policy enforcement
• Azure (beneficial) – Cloud IAM, logging, and security monitoring

Why this role?

• High-impact GRC project work tied to new market expansion
• Strong internal security culture: backed by a collaborative team and engaged InfoSec leadership
• A clear opportunity to stretch across awareness, compliance, and operational domains

Information Security Analyst | ISO27001, Rapid7, Protecht | Global Trading Platform

• Monitor security alerts and events from various security tools (SIEM, IDS/IPS, firewalls).
• Conduct vulnerability assessments and penetration testing to identify security weaknesses.
• Investigate security incidents, perform root cause analysis, and recommend remediation steps.
• Develop and maintain security policies, procedures, and documentation.
• Implement and manage security controls to protect against threats.
• Assist in security awareness training for employees.
• Stay updated on the latest cybersecurity threats, trends, and technologies.
• Collaborate with IT teams to ensure security best practices are integrated into all systems and processes.
• Respond to and manage security breaches effectively.
• Participate in security audits and compliance checks.

• Bachelor's degree in Computer Science, Information Security, or a related field.
• Minimum of 3 years of experience in information security or cybersecurity roles.
• Strong understanding of network security principles, common vulnerabilities, and threat vectors.
• Experience with security monitoring tools (e.g., SIEM, endpoint detection and response).
• Knowledge of security frameworks and standards (e.g., ISO 27001, NIST).
• Excellent analytical and problem-solving skills.
• Strong communication and interpersonal abilities.
• Ability to work independently and collaboratively in a remote environment.
• Relevant certifications such as CompTIA Security+, CEH, or CISSP are highly desirable.
• Familiarity with cloud security concepts is a plus.

• Monitor security alerts and logs from various security tools, including SIEM (Security Information and Event Management), IDS/IPS, and endpoint protection platforms.
• Investigate and respond to security incidents, performing root cause analysis and implementing containment and eradication strategies.
• Conduct vulnerability assessments and penetration testing to identify and remediate security weaknesses.
• Assist in the development and enforcement of information security policies, standards, and procedures.
• Participate in security awareness training programs for employees.
• Manage and maintain security infrastructure, including firewalls, VPNs, and access control systems.
• Stay current with the latest cybersecurity threats, vulnerabilities, and industry trends.
• Collaborate with IT teams to ensure that security is integrated into the system development lifecycle.
• Prepare regular reports on security posture, incident trends, and risk assessments for management.
• Contribute to the development and testing of the organization's Business Continuity and Disaster Recovery plans.

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field, or equivalent work experience.
• Minimum of 3 years of experience in an information security role, such as security operations, incident response, or vulnerability management.
• Strong understanding of cybersecurity principles, frameworks (e.g., NIST, ISO 27001), and best practices.
• Hands-on experience with SIEM tools, intrusion detection/prevention systems, and endpoint security solutions.
• Knowledge of networking protocols, operating systems (Windows, Linux), and common security vulnerabilities.
• Experience with vulnerability scanning tools (e.g., Nessus, Qualys) is desirable.
• Relevant certifications such as CompTIA Security+, CEH, CISSP are highly valued.
• Excellent analytical and problem-solving skills, with the ability to work under pressure.
• Strong communication and collaboration skills, able to articulate technical concepts to both technical and non-technical audiences.
• Ability to work independently and as part of a team in a dynamic environment.

• Monitor security alerts and events, investigate potential security incidents, and respond accordingly.
• Implement, configure, and maintain security technologies such as firewalls, IDS/IPS, SIEM, and endpoint protection.
• Conduct vulnerability assessments and penetration testing, and work with teams to remediate findings.
• Develop and update security policies, procedures, and guidelines.
• Assist in the development and execution of incident response plans.
• Perform security risk assessments and recommend appropriate controls.
• Provide security awareness training to employees.
• Stay current with emerging security threats, vulnerabilities, and technologies.
• Collaborate with IT teams to ensure security is integrated into system design and operations.
• Contribute to compliance efforts with relevant regulations and standards.

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field, or equivalent practical experience.
• Proven experience in information security or a related IT security role.
• Strong understanding of cybersecurity principles, threats, and vulnerabilities.
• Experience with SIEM, IDS/IPS, firewalls, and endpoint security solutions.
• Knowledge of network security, system security, and application security.
• Familiarity with risk assessment methodologies and incident response frameworks.
• Excellent analytical and problem-solving skills.
• Strong communication and documentation skills.
• Relevant security certifications (e.g., CompTIA Security+, CISSP, CEH) are a plus.
• Ability to work effectively in a hybrid team environment.