GRC Information Security Analyst

identifi Global Resources
Greater London
1 month ago
Create job alert

GRC - Information Security Analyst

Permanent role offering £50,000 - £60,000 + Excellent Benefits

Hybrid working, with 2 days onsite in the office per week in Hatfield

About the company

Great opportunity to join this unique employer on their journey to transform the future of transport & logistics through innovation and automation. They are establishing as one of the leaders in the UK, producing robotics and IoT, cloud platforms, big data, machine learning, software development, and AI technologies.

They are a fast-growing company with 7 development centres across the UK & Europe.

What you will be doing

As the Information Security Analyst, you will be joining an 8-person Information Security team covering all aspects of information security across the whole organisation, including overall information security governance, compliance programs, third-party vendor risk management, education, and Vendor Risk Management tool administration. You will be conducting risk assessments and producing documentation in line with PCI DSS, ISO27001, and SSAE18/SOC2.

What will you do?

  1. Creating and regularly revising information security documents, policies, processes, and procedures as required.
  2. Working closely with business stakeholders and project teams to understand, scope, and define security requirements.
  3. Developing control testing strategies to ensure our security controls are meeting their objectives.
  4. Performing internal security and vendor risk assessments.
  5. Supporting Data Protection activities as required.
  6. Assisting the Information Security teams and Business functions in maintaining security certification which include PCI DSS, ISO27001, and SSAE18/SOC2 attestation.
  7. Providing effective reporting to the Group Information Security Manager of trends, audit findings, and risk ratings.
  8. Supporting operational aspects of GRC.

What we are looking for:

  1. Experience of working in an Information Security role dealing specifically with governance, risk, and compliance areas.
  2. Prior experience writing Information Security related Policies, Processes, and Procedures.
  3. Experience managing internal and third-party vendor risk assessments and writing risk assessment reports.
  4. A track record of effectively analysing security controls, while understanding the risk of certain controls not being in place.
  5. Knowledge of Vendor Risk Management tools such as OneTrust.
  6. Knowledge of current information security standards, frameworks, and regulations such as ISO27001, NIST, SSAE16/18/SOC 2, PCI-DSS, GDPR.
  7. Experience in software operational security or working in a SaaS environment.
  8. Working towards (or already have) any of CISA, CRISC, or CISM certifications.

Not required, but nice to have:

Any of the following: CISA, CRISC, or CISM certifications.

Role comes with a great benefit package, some to mention:

  • ‘Work from anywhere’ policy + Remote working for the month of August.
  • 25 days annual leave, rising to 27 days after 5 years service (plus optional holiday purchase).
  • Pension scheme with employer contribution matching up to 7% + Private Medical Insurance.
  • Opportunity to participate in Share save and Buy as You Earn share schemes.
  • Income Protection (can be up to 50% of salary for 3 years) and Life Assurance (3 x annual salary).

Seniority level:Mid-Senior level

Employment type:Full-time

Job function:Information Technology, Strategy/Planning, and Other

Industries:Technology, Information and Media, Security and Investigations, and IT Services and IT Consulting.

#J-18808-Ljbffr

Related Jobs

View all jobs

Principal Cyber Security Engineer

Security Engineer - Governance, Risk and Compliance (GRC), London New London

Senior Cloud Application Security Engineer London

Incident Response Manager

Cyber Security Engineer - Acron EAM/PAM

Cybersecurity Architect / Security Architect

Get the latest insights and jobs direct. Sign up for our newsletter.

By subscribing you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Jobs

Job-Hunting During Economic Uncertainty: Cyber Security Edition

The cybe rsecurity sector sits at the forefront of today’s digital landscape, defending businesses and governments alike from increasingly sophisticated threats. From incident response and network security to cloud protections and zero-trust architectures, cyber security professionals tackle an ever-evolving array of challenges. Yet, even this mission-critical field is not immune to economic turbulence. When broader financial markets experience uncertainty—whether through global recessions, regional downturns, or unexpected macro events—the hiring climate can shift, making roles more selective and budgets tighter. For job seekers in cyber security, this can be disconcerting. You might discover that once-abundant vacancies have become scarce, competition for the remaining positions is fiercer, or company priorities pivot away from large-scale expansions toward essential, cost-justified security projects. At the same time, data breaches and cyberattacks don’t pause during economic slowdowns—if anything, they may escalate as bad actors exploit organizational vulnerabilities. This paradox means that while the market feels tough, demand for cyber security expertise remains robust. In this article, we’ll look at: Why economic uncertainty affects cyber security hiring trends. Strategies for staying competitive, even if the number of open roles shrinks. Methods to highlight your skills, adapt to shifting priorities, and network effectively. Approaches for preserving mental well-being during prolonged searches or uncertain feedback loops. How www.cybersecurityjobs.tech can help you find the ideal security-focused role. By proactively sharpening your skill set, tailoring your professional profile, and engaging with a focused community, you can secure a rewarding cyber security job—even when the broader market feels volatile.

Careers

How to Achieve Work-Life Balance in Cyber Security Jobs: Realistic Strategies and Mental Health Tips

Cyber security is one of today’s most vital and rapidly expanding sectors. As data breaches, ransomware, and other cyber threats continue to evolve, the demand for skilled professionals is surging across industries—from finance and healthcare to government and e-commerce. Whether you’re a penetration tester, security analyst, or threat intelligence expert, you play a key role in safeguarding digital infrastructure and sensitive information. This high-stakes environment, however, often comes with intense pressure. Long hours, constant vigilance, and an ever-changing threat landscape can make it challenging to find time for personal well-being. Many cyber security specialists report difficulty striking a sustainable work-life balance, unsure if it’s even possible in a field that never truly sleeps. Yet, as concerns about mental health and burnout become more pressing, professionals and employers alike are seeking better ways to combine career advancement with a fulfilling personal life. In this comprehensive article, we’ll explore how to achieve a work-life balance in cyber security. You’ll discover strategies for managing 24/7 threat alerts, the importance of realistic expectations, ways to maintain mental health in high-intensity roles, and tips for setting boundaries without compromising your professional growth. Whether you’re new to this dynamic arena or already an established specialist, these insights can help you thrive personally and professionally in the fast-paced world of cyber security.

Careers

Transitioning from Academia to the Cyber Security Industry: How Researchers Can Harness Their Skills to Protect Commercial Environments

Cyber security has become a mission-critical field in an era where data breaches, ransomware attacks, and sophisticated hacking techniques threaten businesses and public institutions alike. As digital transformation touches nearly every facet of modern life, the need for highly skilled individuals capable of defending systems and networks continues to grow. For PhDs and academic researchers with expertise in areas like cryptography, network security, or threat intelligence, this presents an exciting opportunity to deploy your analytical prowess in a high-impact, fast-paced commercial setting. In this guide we’ll explore how academics can successfully pivot from the research lab to the cyber security industry. Learn how to apply rigorous, theory-driven approaches to real-world challenges, from designing secure software architectures to neutralising advanced persistent threats. By embracing the industry’s urgency and end-to-end mindset, you can transform your scholarly insights into robust, market-facing security solutions that protect companies and users on a global scale.

🍪 We use cookies to enhance your browsing experience on our website. By continuing to use this site, you consent to the use of cookies as described in our Cookie Policy. You can review our Cookie Policy for more information.