Information Security Compliance Analyst
Location: Worcester (hybrid 3 days in) First Six Months in office.
This role does not offer sponsorship so you need full right to work within the UK.
About the Role
We are seeking an Information Security Compliance Analyst to support the execution and enhancement of a global information security compliance programme. This role ensures that operations across multiple business units adhere to internal policies, international regulations, and recognised industry frameworks. It offers the opportunity to work cross-functionally with stakeholders worldwide and contribute to maintaining a strong security and compliance culture.
Key Responsibilities
* Support the design, implementation, and continuous improvement of the information security compliance framework (e.g. ISO 27001, NIST, SOC 2, CMMC, HITRUST).
* Conduct and coordinate internal audits, evaluate security controls, and document findings with recommended actions.
* Track remediation activities for audit findings and compliance gaps in collaboration with IT and business stakeholders.
* Monitor and support adherence to global data protection and privacy regulations such as GDPR, CCPA, and LGPD.
* Assist in maintaining security policies, standards, and procedures, ensuring audit readiness and compliance reporting.
* Contribute to third-party risk management reviews and due diligence activities.
* Collaborate with global teams to drive best practice and support security awareness initiatives.
* International travel will be part of this role
Skills and Experience
* Bachelor's degree in Information Security, Risk Management, Computer Science, or related field.
* 3+ years' experience in information security compliance, auditing, or IT risk management.
* Strong knowledge of security frameworks (ISO 27001, NIST, SOC 2, COBIT) and data protection laws (GDPR, CCPA, etc).
* Experience conducting security audits and assessments with strong analytical and organisational skills.
* Ability to communicate effectively with technical and non-technical stakeholders across multiple regions.
* Professional certifications such as CISA, CISSP, ISO 27001 Lead Auditor, or CRISC are advantageous.
What\'s in it for You?
* Competitive salary and benefits package.
* Opportunity to work in a global environment with exposure to diverse regulatory landscapes.
* Involvement in high-impact security and compliance initiatives.
* Support for professional development, including security training and certifications.
* Flexible and collaborative working environment with scope to make a meaningful impact.
#J-18808-Ljbffr