955 Information Security Analyst jobs in the United Kingdom

Information Security Analyst – NIST Implementation

Rate - £500 Inside IR35 (Total to umbrella)

Duration – 6 months

Location – twice a week on site into London

Role Description:

As a Senior Information Security Analyst, you will be instrumental in executing the company's Information Security strategies and initiatives, focusing on supporting the Governance, Risk, and Compliance (GRC) function and implementing the NIST Cyber Security Framework (CSF) throughout the organization. You will lead day-to-day GRC activities, including designing security controls, enforcing requirements from the Group Information Security Framework, and proactively managing non-compliance issues and mitigating Information Security risks.

About You :

• You will be developing and implementing an information security controls catalogue, policies, and procedures aligned with the NIST Cyber Security Framework (CSF).
• Conducting assessments to identify material gaps, analyzing potential risks, and monitoring progress on maturity uplifting across security functions.
• Supporting compliance activities with the Group Information Security Framework, Cyber Essentials, and PCI DSS attestation.
• Collaborating with the wider organization to integrate control testing and risk management activities into the existing governance framework.
• Assisting cross-functional teams and business units in integrating security measures into business operations.
• Facilitating regular reviews and updates of control and risk management processes to remain effective and responsive to emerging threats and changes in the organizational landscape.
• Documenting and visualizing reports for governance forums, providing insights and recommendations to inform decision-making and risk management strategy across the business.

Essential Skills:

• Minimum of 4 years of experience in information security with a solid understanding of Information Security control and governance frameworks.
• Practical experience of implementing NIST CSF in the financial services sector is highly desirable.
• Proven track record of security transformation and delivery of security projects, particularly within a federated organisation.
• Strong knowledge of Information Security and compliance frameworks, including NIST CSF, ISO 27001, Cyber Essentials, PCI DSS, and DORA, and the ability to design controls that align with these standards.
• Ability to analyse data and generate reports using tools like Excel and Power BI, and experience with data visualisation and interpretation.
• Skills in creating and maintaining comprehensive documentation, including control matrices, design process flows, and standard operating procedures.
• Strong communication and interpersonal skills, with the ability to convey complex security concepts to non-technical stakeholders.
• Bachelor’s degree in Information Security, Computer Science, or a related field. A Master’s degree is a plus.
• Relevant certifications such as CISSP, CCSP, CRISC, CISM, or ISO 27001 Lead Implementer are highly desirable.

Information Security Analyst | ISO27001, Rapid7, Protecht | Global Trading Platform

• £60–70k base + 10% bonus
• Hybrid in Coventry with monthly travel to London
• Security certification support & career development built-in

Help shape a high-stakes security program as a hands-on GRC Analyst supporting a global financial institution’s banking expansion. You’ll be central to their mission of scaling a modern InfoSec environment, balancing regulatory rigor, ethical standards and BAU resilience.

You’ll focus on third-party security assessments, metrics reporting, and supporting certification frameworks including ISO27001 and SOC2. Expect close collaboration across risk, technology and compliance stakeholders. All while operating at pace, with visibility and trust from the top down.

What you’ll bring:

• 3+ years in an InfoSec or IT security role within a regulated or financial firm
• Security certifications: SSCP, Security+, or equivalent
• Strong GRC foundation: Able to interpret risk frameworks and speak the language of ISO, SOC2, NIST, etc.
• Comfortable with security tooling and metrics-driven reporting
• Confident communicator: Translate acronyms into action, and engage stakeholders with clarity and purpose
• Ethical mindset: understand when to escalate, when to challenge, and how to own your area

What you’ll be doing:

• ISO27001 & SOC2 governance: day-to-day support of the ISMS, remediation tracking, risk reviews
• Third-party risk assessments: conduct supplier security reviews aligned to appetite and regulatory frameworks
• Security awareness training: drive phishing simulations and curate internal content via Proofpoint
• BAU InfoSec operations: ticket triage, KPI reporting, risk dashboards, vulnerability and patch monitoring
• Compliance tooling: operate and report using platforms like Protecht, Panorays, Rapid7, and Armis
• Banking enablement: key InfoSec input into a major new market launch

Tech & tools you’ll use:

• Protecht – Enterprise risk & audit platform
• Panorays – Third-party risk management
• Rapid7, Armis – Vulnerability & asset visibility
• Proofpoint – Phishing simulations and awareness content
• Microsoft Purview – Data governance and policy enforcement
• Azure (beneficial) – Cloud IAM, logging, and security monitoring

Why this role?

• High-impact GRC project work tied to new market expansion
• Strong internal security culture: backed by a collaborative team and engaged InfoSec leadership
• A clear opportunity to stretch across awareness, compliance, and operational domains

Information Security Analyst | ISO27001, Rapid7, Protecht | Global Trading Platform

• Monitor security systems and networks for potential threats and breaches.
• Conduct vulnerability assessments and penetration testing to identify weaknesses.
• Investigate and respond to security incidents, performing root cause analysis and implementing remediation measures.
• Develop and maintain security policies, standards, and procedures.
• Implement and manage security solutions such as firewalls, intrusion detection systems, and antivirus software.
• Provide security awareness training to employees.
• Stay current with emerging threats, vulnerabilities, and security technologies.
• Collaborate with IT teams to ensure secure system configurations and network designs.
• Participate in security audits and compliance activities.
• Contribute to the development and improvement of the organization's overall security strategy.

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field, or equivalent practical experience.
• Proven experience in information security, cybersecurity operations, or a related role.
• Knowledge of security frameworks (e.g., NIST, ISO 27001).
• Familiarity with various security tools and technologies (SIEM, IDS/IPS, vulnerability scanners).
• Strong analytical and problem-solving skills.
• Excellent communication and report-writing abilities.
• Relevant security certifications (e.g., CompTIA Security+, CISSP, CEH) are highly desirable.
• Ability to work effectively both independently and as part of a team in a hybrid environment.

• Monitoring security alerts and investigating potential incidents.
• Performing vulnerability scans and recommending remediation actions.
• Developing and enforcing security policies and procedures.
• Assisting in the development and maintenance of incident response plans.
• Conducting security risk assessments for new projects and systems.
• Ensuring compliance with relevant regulations (e.g., GDPR, ISO 27001).

• Monitor security alerts and investigate potential security incidents.
• Implement and manage security controls and technologies.
• Conduct vulnerability assessments and penetration testing.
• Develop and maintain information security policies and procedures.
• Respond to security breaches and manage incident response activities.
• Provide security awareness training to employees.
• Perform security audits and compliance checks.
• Stay abreast of emerging security threats and trends.

• Proven experience in information security or a related field.
• Strong understanding of cybersecurity frameworks and best practices (e.g., NIST, ISO 27001).
• Proficiency with security tools and technologies (SIEM, firewalls, IDS/IPS).
• Experience in incident response and vulnerability management.
• Excellent analytical and problem-solving skills.
• Relevant security certifications (e.g., CISSP, CompTIA Security+) are highly desirable.
• Ability to communicate technical concepts to non-technical audiences.
• Bachelor's degree in Computer Science, Information Technology, or a related field.

• Monitor and analyze security alerts and logs.
• Investigate and respond to security incidents.
• Implement and manage security tools and technologies.
• Develop and update security policies and procedures.
• Conduct risk assessments and vulnerability analyses.
• Provide security awareness training to staff.

• Bachelor's degree in Cybersecurity, IT, or related field.
• 3-5 years of experience in information security.
• Knowledge of security frameworks and best practices.
• Experience with SIEM, firewalls, IDS/IPS, and endpoint security solutions.
• Relevant security certifications (e.g., CompTIA Security+, CISSP).
• Strong analytical and problem-solving skills.