Information Security and Data Protection Analyst
Department: Engineering
Employment Type: Full Time
Location: Manchester, UK
Description
Interact provides enterprise-grade intranet software that connects over three million employees to leading global names like Levi's, Domino’s, Teva Pharmaceuticals, and Technicolor.
Our team of customer-focused problem solvers are passionate about helping organizations to communicate better. We do this together by constantly working to improve every service and product we offer. With offices in Manchester, New York, Dubai, Tulsa, Warsaw and Manila, we operate across North America, EMEA, and Australia.
Click on any of our vacancies and you’ll see one thing in common – they all begin with this message. Why? Because at Interact we treat everyone with the same respect and honesty. Whether you’re a developer fresh out of college or a seasoned salesperson, we live the motto that we uphold for our customers: our people are our most valuable assets.
We are looking for an Information Security and Data Protection Analyst, in this role you will be working in a fast-paced agile environment, responsible for supporting the Information Security Risk Manager & Data Protection Officer to maintain a corporate-wide, global information risk management program, information security best practice and data protection regulation compliance.
You will be working closely with key stakeholders to understand the business and identify the challenges with current processes, you will monitor adherence with our compliance programs, and with the support of your manager and other key business functions, you will be involved in the development of the business towards continual improvement of our security and compliance positions.
A little about you...
* 2–3 years minimum in an information security or data protection role
Detailed report writing skills
* Hands‑on experience with at least one certification cycle (ISO 27001, SOC 2, etc.) from start to finish.
* Demonstratable experience managing or influencing stakeholders at a senior level.
* Involvement in penetration testing activities and remediations.
* Experience handling real security incidents or data breaches.
* Strong awareness of the GDPR, either through training from working within a business that processes personal data or independent learning.
* Strong practical understanding of security and compliance frameworks, such as ISO27001, SOC 2 type II and Cyber Essentials Plus.
* Practical working knowledge of Defender, Intune, Entra, Purview, AWS and Azure
* Ability to pragmatically balance security risk against business need
* Maintenance and creation of the Risk Register, ROPA & DPIAs
* Curious and proactive
* Approachable and calm
* Excellent communication skills
* Keen to learn
* Technically well rounded
* Can work autonomously
* Commercially aware
* Ability to pragmatically balance security risk against business need
Desirable but not essential
* Knowledge of GRC tools such as Drata and Safebase.
* Knowledge of Security and Awareness training tools, campaign creation etc.
* SaaS background
* Good understanding of Risk Management and continuous improvement practices.
About the role...
* Creating, reviewing and improving the security policies. § Implement and maintain Information Security Management System (ISO27001 certification)
* Contribute to activities towards certification/compliance to security. standards and regulations (ISO 27001, SOC 2, Cyber Essentials, etc.)
* Experience of undergoing audits
* Support progress on business continuity plans and policy
* Build and maintain relationships with technical and business stakeholders.
* Leading regular risk assessments and internal process audits.
* Working with internal teams and stakeholders to manage risks, suggest solutions, and resolving issues.
* Support and lead with evidence collation for audits.
* Conduct vendor/supplier reviews in line with Internal Policy.
* Assist with security questionnaires for prospects and/or customers
* Maintain and improve information security awareness within the business.
* Conduct monitoring activities as required with the UK GDPR and other data protection laws, again our data protection policies
* Work with regulator investigations as required in Article 36
* Point of contact to our employees and individuals about data processing activities.
* Supporting the business maintaining the Security tickets through prompt follow-up and resolution, in collaboration with teams and other stakeholders.
* Management of penetration testing remediations.
Benefits
* 25 days annual leave (with the option to buy and sell additional days)
* Cycle to work scheme
* Access to Learning & Development platform
* Life Insurance
* Auto Enrolment Pensions
* Healthshield (Cashback on dental check‑ups and fillings, eye tests, physiotherapy, prescriptions and much more
* Reimburse for usage of personal mobile phone
* Free Gym membership and Free Friday lunch for office based staff
#J-18808-Ljbffr