Salary: £45,000 - 55,000 per year Requirements:
* Approximately five years experience in an Information Security Analyst, Cyber Compliance Analyst, or similar InfoSec compliance role.
* Strong working knowledge of ISO 27001, GRC processes, audit cycles, risk management, and documentation control.
* Experience with SIEM, EDR, SDR, and investigative processes.
* Understanding of vulnerability management and penetration testing concepts.
* Confident interpreting and applying standards such as ISO 27001, NIST, and Cyber Essentials.
* Excellent communication skills suited to a professional services environment.
* Highly organised with the ability to maintain accurate compliance evidence, logs, and documentation.
* Able to travel occasionally to client sites.
* ISO 27001 Lead Auditor or Lead Implementer (desirable).
* NIST CSF Practitioner (desirable).
* CRISC (Certified in Risk and Information Systems Control) (desirable).
* CEH (Certified Ethical Hacker) (desirable).
* CompTIA CySA+ (desirable).
* ISO 27701 Practitioner (desirable).
* GIAC certifications (e.g., GSEC, GCIH, GMON) (desirable).
Responsibilities:
* Support and maintain compliance with ISO 27001, contributing to the operation, monitoring, and continual improvement of the ISMS.
* Ensure alignment with wider frameworks such as NIST CSF, Cyber Essentials / Cyber Essentials Plus, and organisational GRC policies.
* Assist with internal and external audits, evidence gathering, non-conformity remediation, and compliance documentation.
* Help ensure compliance with legal, regulatory, and contractual requirements relating to data protection, risk, supplier oversight, and information governance.
* Proactively monitor cyber events using SIEM technologies, initiating investigations where anomalies or threats are detected.
* Support deeper incident reviews, escalating where required to senior InfoSec or the SOC.
* Participate in regular vulnerability scanning and technical compliance checks.
* Deliver security awareness activities across the organisation, supporting ISO 27001 competence and awareness controls.
* Promote a strong security culture, encouraging best-practice behaviours and reporting of risks.
* Support vulnerability management, risk assessments, and maintenance of risk registers.
* Assist technical teams in aligning projects and changes with required compliance controls and security baselines.
Technologies:
* Support
* Security
More:
We are a respected professional services organisation with a strong heritage in delivering expert consultancy across complex, regulated environments. This is a fantastic opportunity for passionate individuals focused on cybersecurity compliance, audit readiness, and maintaining robust security standards across our business. We offer a competitive salary, a fixed-term contract, and the flexibility of a hybrid work model, with some travel to client sites required. Join our team and help shape the future of cybersecurity compliance!
last updated 1 week of 2026