4,502 Security Specialists jobs in the United Kingdom

Information Security Analyst – NIST Implementation

Rate - £500 Inside IR35 (Total to umbrella)

Duration – 6 months

Location – twice a week on site into London

Role Description:

As a Senior Information Security Analyst, you will be instrumental in executing the company's Information Security strategies and initiatives, focusing on supporting the Governance, Risk, and Compliance (GRC) function and implementing the NIST Cyber Security Framework (CSF) throughout the organization. You will lead day-to-day GRC activities, including designing security controls, enforcing requirements from the Group Information Security Framework, and proactively managing non-compliance issues and mitigating Information Security risks.

About You :

• You will be developing and implementing an information security controls catalogue, policies, and procedures aligned with the NIST Cyber Security Framework (CSF).
• Conducting assessments to identify material gaps, analyzing potential risks, and monitoring progress on maturity uplifting across security functions.
• Supporting compliance activities with the Group Information Security Framework, Cyber Essentials, and PCI DSS attestation.
• Collaborating with the wider organization to integrate control testing and risk management activities into the existing governance framework.
• Assisting cross-functional teams and business units in integrating security measures into business operations.
• Facilitating regular reviews and updates of control and risk management processes to remain effective and responsive to emerging threats and changes in the organizational landscape.
• Documenting and visualizing reports for governance forums, providing insights and recommendations to inform decision-making and risk management strategy across the business.

Essential Skills:

• Minimum of 4 years of experience in information security with a solid understanding of Information Security control and governance frameworks.
• Practical experience of implementing NIST CSF in the financial services sector is highly desirable.
• Proven track record of security transformation and delivery of security projects, particularly within a federated organisation.
• Strong knowledge of Information Security and compliance frameworks, including NIST CSF, ISO 27001, Cyber Essentials, PCI DSS, and DORA, and the ability to design controls that align with these standards.
• Ability to analyse data and generate reports using tools like Excel and Power BI, and experience with data visualisation and interpretation.
• Skills in creating and maintaining comprehensive documentation, including control matrices, design process flows, and standard operating procedures.
• Strong communication and interpersonal skills, with the ability to convey complex security concepts to non-technical stakeholders.
• Bachelor’s degree in Information Security, Computer Science, or a related field. A Master’s degree is a plus.
• Relevant certifications such as CISSP, CCSP, CRISC, CISM, or ISO 27001 Lead Implementer are highly desirable.

Information Security Analyst | ISO27001, Rapid7, Protecht | Global Trading Platform

• £60–70k base + 10% bonus
• Hybrid in Coventry with monthly travel to London
• Security certification support & career development built-in

Help shape a high-stakes security program as a hands-on GRC Analyst supporting a global financial institution’s banking expansion. You’ll be central to their mission of scaling a modern InfoSec environment, balancing regulatory rigor, ethical standards and BAU resilience.

You’ll focus on third-party security assessments, metrics reporting, and supporting certification frameworks including ISO27001 and SOC2. Expect close collaboration across risk, technology and compliance stakeholders. All while operating at pace, with visibility and trust from the top down.

What you’ll bring:

• 3+ years in an InfoSec or IT security role within a regulated or financial firm
• Security certifications: SSCP, Security+, or equivalent
• Strong GRC foundation: Able to interpret risk frameworks and speak the language of ISO, SOC2, NIST, etc.
• Comfortable with security tooling and metrics-driven reporting
• Confident communicator: Translate acronyms into action, and engage stakeholders with clarity and purpose
• Ethical mindset: understand when to escalate, when to challenge, and how to own your area

What you’ll be doing:

• ISO27001 & SOC2 governance: day-to-day support of the ISMS, remediation tracking, risk reviews
• Third-party risk assessments: conduct supplier security reviews aligned to appetite and regulatory frameworks
• Security awareness training: drive phishing simulations and curate internal content via Proofpoint
• BAU InfoSec operations: ticket triage, KPI reporting, risk dashboards, vulnerability and patch monitoring
• Compliance tooling: operate and report using platforms like Protecht, Panorays, Rapid7, and Armis
• Banking enablement: key InfoSec input into a major new market launch

Tech & tools you’ll use:

• Protecht – Enterprise risk & audit platform
• Panorays – Third-party risk management
• Rapid7, Armis – Vulnerability & asset visibility
• Proofpoint – Phishing simulations and awareness content
• Microsoft Purview – Data governance and policy enforcement
• Azure (beneficial) – Cloud IAM, logging, and security monitoring

Why this role?

• High-impact GRC project work tied to new market expansion
• Strong internal security culture: backed by a collaborative team and engaged InfoSec leadership
• A clear opportunity to stretch across awareness, compliance, and operational domains

Information Security Analyst | ISO27001, Rapid7, Protecht | Global Trading Platform

• Monitor security alerts and events from various security tools (SIEM, IDS/IPS, firewalls, etc.) and investigate potential security incidents.
• Conduct vulnerability assessments and penetration testing to identify weaknesses in systems and applications.
• Assist in the development and implementation of security policies, procedures, and standards.
• Respond to and manage security incidents, including containment, eradication, and recovery efforts.
• Provide security awareness training to employees and promote a security-conscious culture.
• Configure and maintain security technologies, such as firewalls, endpoint protection, and intrusion detection systems.
• Perform regular security audits and compliance checks against relevant frameworks (e.g., ISO 27001, GDPR).
• Collaborate with IT teams to implement security best practices across infrastructure and applications.
• Stay up-to-date with the latest cybersecurity threats, trends, and technologies.
• Assist in the development and maintenance of incident response plans and disaster recovery strategies.
• Analyze security metrics and provide reports on the organization's security posture.
• Manage user access controls and permissions to ensure data confidentiality and integrity.
• Participate in security reviews of new systems and applications.

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field, or equivalent practical experience.
• Proven experience as an Information Security Analyst or in a similar cybersecurity role.
• Strong understanding of network security principles, common vulnerabilities, and attack vectors.
• Experience with SIEM tools, firewalls, IDS/IPS, and endpoint security solutions.
• Knowledge of cybersecurity frameworks and compliance standards.
• Excellent analytical and problem-solving skills, with the ability to think critically under pressure.
• Strong communication and interpersonal skills, with the ability to explain technical concepts to non-technical audiences.
• Relevant industry certifications such as CompTIA Security+, CISSP, CEH are highly desirable.
• Ability to work independently and as part of a team in a hybrid environment.
• Familiarity with cloud security concepts is a plus.
• Experience with scripting or programming languages is beneficial.

• Monitor security alerts and events from various security tools (SIEM, IDS/IPS, firewalls, etc.).
• Investigate and respond to security incidents, performing root cause analysis.
• Implement and manage security controls and technologies to protect against cyber threats.
• Conduct vulnerability assessments and penetration testing.
• Develop and maintain security policies, standards, and procedures.
• Assist in security awareness training for employees.
• Review and analyze system logs for suspicious activities.
• Collaborate with IT teams to ensure secure system configurations and deployments.
• Stay current with emerging security threats, vulnerabilities, and technologies.
• Participate in security audits and compliance activities.
• Contribute to incident response planning and execution.
• Provide expert advice on information security best practices.

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Minimum of 3-5 years of experience in information security or cybersecurity roles.
• Strong knowledge of security principles, networking protocols, and common attack vectors.
• Experience with SIEM tools, intrusion detection/prevention systems, and firewalls.
• Familiarity with vulnerability management and penetration testing methodologies.
• Understanding of relevant security frameworks (e.g., ISO 27001, NIST).
• Relevant security certifications such as CISSP, CompTIA Security+, CEH are a plus.
• Excellent analytical and problem-solving skills.
• Strong communication and interpersonal skills, with the ability to explain technical concepts to non-technical audiences.
• This is a hybrid role, requiring presence at our Edinburgh, Scotland, UK office on a regular basis.

• Monitor security alerts and events from various security tools (SIEM, IDS/IPS, firewalls).
• Conduct vulnerability assessments and penetration testing to identify security weaknesses.
• Investigate security incidents, perform root cause analysis, and recommend remediation steps.
• Develop and maintain security policies, procedures, and documentation.
• Implement and manage security controls to protect against threats.
• Assist in security awareness training for employees.
• Stay updated on the latest cybersecurity threats, trends, and technologies.
• Collaborate with IT teams to ensure security best practices are integrated into all systems and processes.
• Respond to and manage security breaches effectively.
• Participate in security audits and compliance checks.

• Bachelor's degree in Computer Science, Information Security, or a related field.
• Minimum of 3 years of experience in information security or cybersecurity roles.
• Strong understanding of network security principles, common vulnerabilities, and threat vectors.
• Experience with security monitoring tools (e.g., SIEM, endpoint detection and response).
• Knowledge of security frameworks and standards (e.g., ISO 27001, NIST).
• Excellent analytical and problem-solving skills.
• Strong communication and interpersonal abilities.
• Ability to work independently and collaboratively in a remote environment.
• Relevant certifications such as CompTIA Security+, CEH, or CISSP are highly desirable.
• Familiarity with cloud security concepts is a plus.

• Monitor security alerts and logs from various security tools, including SIEM (Security Information and Event Management), IDS/IPS, and endpoint protection platforms.
• Investigate and respond to security incidents, performing root cause analysis and implementing containment and eradication strategies.
• Conduct vulnerability assessments and penetration testing to identify and remediate security weaknesses.
• Assist in the development and enforcement of information security policies, standards, and procedures.
• Participate in security awareness training programs for employees.
• Manage and maintain security infrastructure, including firewalls, VPNs, and access control systems.
• Stay current with the latest cybersecurity threats, vulnerabilities, and industry trends.
• Collaborate with IT teams to ensure that security is integrated into the system development lifecycle.
• Prepare regular reports on security posture, incident trends, and risk assessments for management.
• Contribute to the development and testing of the organization's Business Continuity and Disaster Recovery plans.

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field, or equivalent work experience.
• Minimum of 3 years of experience in an information security role, such as security operations, incident response, or vulnerability management.
• Strong understanding of cybersecurity principles, frameworks (e.g., NIST, ISO 27001), and best practices.
• Hands-on experience with SIEM tools, intrusion detection/prevention systems, and endpoint security solutions.
• Knowledge of networking protocols, operating systems (Windows, Linux), and common security vulnerabilities.
• Experience with vulnerability scanning tools (e.g., Nessus, Qualys) is desirable.
• Relevant certifications such as CompTIA Security+, CEH, CISSP are highly valued.
• Excellent analytical and problem-solving skills, with the ability to work under pressure.
• Strong communication and collaboration skills, able to articulate technical concepts to both technical and non-technical audiences.
• Ability to work independently and as part of a team in a dynamic environment.