67 Security Analyst jobs in the United Kingdom

Information Security Analyst – NIST Implementation

Rate - £500 Inside IR35 (Total to umbrella)

Duration – 6 months

Location – twice a week on site into London

Role Description:

As a Senior Information Security Analyst, you will be instrumental in executing the company's Information Security strategies and initiatives, focusing on supporting the Governance, Risk, and Compliance (GRC) function and implementing the NIST Cyber Security Framework (CSF) throughout the organization. You will lead day-to-day GRC activities, including designing security controls, enforcing requirements from the Group Information Security Framework, and proactively managing non-compliance issues and mitigating Information Security risks.

About You :

• You will be developing and implementing an information security controls catalogue, policies, and procedures aligned with the NIST Cyber Security Framework (CSF).
• Conducting assessments to identify material gaps, analyzing potential risks, and monitoring progress on maturity uplifting across security functions.
• Supporting compliance activities with the Group Information Security Framework, Cyber Essentials, and PCI DSS attestation.
• Collaborating with the wider organization to integrate control testing and risk management activities into the existing governance framework.
• Assisting cross-functional teams and business units in integrating security measures into business operations.
• Facilitating regular reviews and updates of control and risk management processes to remain effective and responsive to emerging threats and changes in the organizational landscape.
• Documenting and visualizing reports for governance forums, providing insights and recommendations to inform decision-making and risk management strategy across the business.

Essential Skills:

• Minimum of 4 years of experience in information security with a solid understanding of Information Security control and governance frameworks.
• Practical experience of implementing NIST CSF in the financial services sector is highly desirable.
• Proven track record of security transformation and delivery of security projects, particularly within a federated organisation.
• Strong knowledge of Information Security and compliance frameworks, including NIST CSF, ISO 27001, Cyber Essentials, PCI DSS, and DORA, and the ability to design controls that align with these standards.
• Ability to analyse data and generate reports using tools like Excel and Power BI, and experience with data visualisation and interpretation.
• Skills in creating and maintaining comprehensive documentation, including control matrices, design process flows, and standard operating procedures.
• Strong communication and interpersonal skills, with the ability to convey complex security concepts to non-technical stakeholders.
• Bachelor’s degree in Information Security, Computer Science, or a related field. A Master’s degree is a plus.
• Relevant certifications such as CISSP, CCSP, CRISC, CISM, or ISO 27001 Lead Implementer are highly desirable.

Information Security Analyst | ISO27001, Rapid7, Protecht | Global Trading Platform

• £60–70k base + 10% bonus
• Hybrid in Coventry with monthly travel to London
• Security certification support & career development built-in

Help shape a high-stakes security program as a hands-on GRC Analyst supporting a global financial institution’s banking expansion. You’ll be central to their mission of scaling a modern InfoSec environment, balancing regulatory rigor, ethical standards and BAU resilience.

You’ll focus on third-party security assessments, metrics reporting, and supporting certification frameworks including ISO27001 and SOC2. Expect close collaboration across risk, technology and compliance stakeholders. All while operating at pace, with visibility and trust from the top down.

What you’ll bring:

• 3+ years in an InfoSec or IT security role within a regulated or financial firm
• Security certifications: SSCP, Security+, or equivalent
• Strong GRC foundation: Able to interpret risk frameworks and speak the language of ISO, SOC2, NIST, etc.
• Comfortable with security tooling and metrics-driven reporting
• Confident communicator: Translate acronyms into action, and engage stakeholders with clarity and purpose
• Ethical mindset: understand when to escalate, when to challenge, and how to own your area

What you’ll be doing:

• ISO27001 & SOC2 governance: day-to-day support of the ISMS, remediation tracking, risk reviews
• Third-party risk assessments: conduct supplier security reviews aligned to appetite and regulatory frameworks
• Security awareness training: drive phishing simulations and curate internal content via Proofpoint
• BAU InfoSec operations: ticket triage, KPI reporting, risk dashboards, vulnerability and patch monitoring
• Compliance tooling: operate and report using platforms like Protecht, Panorays, Rapid7, and Armis
• Banking enablement: key InfoSec input into a major new market launch

Tech & tools you’ll use:

• Protecht – Enterprise risk & audit platform
• Panorays – Third-party risk management
• Rapid7, Armis – Vulnerability & asset visibility
• Proofpoint – Phishing simulations and awareness content
• Microsoft Purview – Data governance and policy enforcement
• Azure (beneficial) – Cloud IAM, logging, and security monitoring

Why this role?

• High-impact GRC project work tied to new market expansion
• Strong internal security culture: backed by a collaborative team and engaged InfoSec leadership
• A clear opportunity to stretch across awareness, compliance, and operational domains

Information Security Analyst | ISO27001, Rapid7, Protecht | Global Trading Platform

The Information Security Analyst will be responsible for assuring information security and managing risks related to the use, processing, storage, and transmission of information and the systems and processes used for those purposes. They will be responsible for the collection, processing, preservation, analysis, and presentation of evidence in support of information security activities.

Main tasks:

 Maintains and improves information security solutions for organization systems and products that comply with all applicable security policies, standards, and regulatory framework

Establishes, implements, and maintains information assurance programs, requirements, and standards based on the analysis of user, policy, regulatory, and resource demands

uthors and updates security documentation to include, but not limited to, standards, policy, system security plans, contingency plans, standard operating procedures, and configuration management plans

nalyzes information assurance-related technical problems and provides engineering and technical support for solving these problems

dentifies, reports, and resolves security violations while also proactively seeks to uncover indicators of compromise

acilitates, performs analysis, and stores appropriate artifacts to respond to audits to comply with regulatory frameworks

nsures employees and third parties understand, acknowledge, and fulfill all applicable information security policies

onducts computer forensic analysis, data recovery, eDiscovery, and other IT investigative work while collaborating with fraud examiners, legal counsel, human resources (HR), and other IT technical personnel in investigations

ompiles and analyzes data for management reporting and metrics

nalyzes potential impact of new threats and communicates risks to relevant business units by monitoring information security related websites to stay up to date on current attacks and trends

Requirements

1. Bachelor's degree or relevant professional certification with less than 1 year relevant work experience OR 1 year relevant work experience

2. Self-motivated and possessing of a high sense of urgency and personal integrity

3. Instinctive and creative with the highest ethical standards and values

4. Excellent investigative skills, problem-solving, insatiable curiosity, and an innate drive to win

5. Technical knowledge of system security vulnerabilities and remediation techniques for identity, authentication, authorization, data, and access controls

6. An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business

7. An ability to identify and assesses the severity and potential impact of risks and communicate to risk owners outside Information Security in a way that consistently drives objective, fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance

8. Technical expertise in following industry best practices and standards in digital evidence acquisition, handling, and documentation

Benefits

• Competitive salary and bonus scheme
• Hybrid working
• Rentokil Initial Reward Scheme
• 23 days holiday, plus 8

We are seeking proactive and detail-oriented Information Security Analyst to help safeguard our clients’ digital assets and IT infrastructure. The ideal candidate will be responsible for monitoring security events , responding to incidents , and supporting continuous security risk management , compliance initiatives , and vulnerability assessments .

This is a hands-on role for professionals with strong experience in threat detection , SIEM tools , cyber risk analysis , and security best practices . You will work closely with security teams to prevent breaches , enhance cyber resilience, and ensure policy enforcement across the enterprise.

Job Responsibilities

9. Desired Skills

Job Benefits

Company description:

Water Utility Company based in Yorkshire region of England.

Job description:

Cyber & Information Security Analyst

Hello! Thanks for stopping by. Let us tell you about all the great reasons to join us here at Yorkshire Water:

• We offer a competitive salary, depending on experience (£36,538 - £5,673)
• Annual incentive related bonus ( 000 maximum bonus opportunity for the performance.

WHJS1_UKTJ

Excited to grow your career?

Our purpose is to make it easy for people to save and invest for a better future. We are looking for great people to join us, so please come and invest in YOUR future at HL.

We know that sometimes people can be put off applying for a job if they don't tick every box. If you're excited about working for us and have most of the skills or experience we're looking for, pleas.

Job title: Cyber security Analyst

Location : UK (Remote)

Type: Contract

Client: Wipro

Mandatory Skills: Forgerock Access Manager

Experience: 5-8 Years

Job Summary:

We are seeking a highly skilled ForgeRock Architect / Technical Lead with extensive experience in SSO integration, Identity & Access Management (IAM), and ForgeRock AM & DS.

The ideal candidate will lead IAM technical integrations, provide architectural guidance, and drive security implementations aligned with business requirements.

Key Responsibilities:

- Design, develop, and implement ForgeRock Access Management solutions.

- Lead IAM technical integrations including Federation, SSO (Single Sign-On), connectors, and security protocols.

- Knowledge on Creating and Configuring Trees, Multi-Factor Authentication (MFA)

- Work with LDAP-related technologies like Active Directory (AD) and Directory Services.

- Ensure strong foundational understanding and implementation of SAML, OAuth 2.0, OpenID Connect.

- Develop and manage REST APIs for seamless identity and authentication integrations.

- Analyze client requirements and propose customized IAM solutions.

- Evaluate, design, and develop IAM technical requirements within the ForgeRock suite.

- Collaborate with cross-functional teams to support IAM roadmap development and execution.

- Work on external identity management, including B2B and B2C solutions.

- Troubleshoot issues, perform root cause analysis, and provide timely resolutions.

- Knowledge of Cloud Authentication Services and Cloud hosting environments (AWS, Azure).

- Familiarity with CI/CD pipelines and DevOps methodologies is a plus.

- Ensure compliance with security policies, best practices, and governance standards.

- Provide hands-on development and support while managing multiple tasks effectively.

Required Skills & Qualifications:

- 8+ years of relevant experience in IAM and SSO integration.

- Strong expertise in ForgeRock Access Management (AM) and other ForgeRock components.

- Hands-on experience with LDAP technologies (Active Directory, Directory Services, etc.).

- Proficiency in SSO, OAuth 2.0, OpenID Connect, and SAML authentication mechanisms.

- Strong background in REST API development and integration.

- Ability to design IAM solutions, customize existing infrastructure, and propose improvements.

- Experience working in a collaborative team environment.

- Knowledge of CI/CD pipelines, DevOps tools, and automation frameworks.

- Experience handling Cloud Authentication Services and cloud-hosted solutions (AWS, Azure).

- Excellent problem-solving, analytical, and communication skills.

- Certifications in ForgeRock