Executes various security programmes including cybersecurity awareness and training, incident response planning, compliance, vulnerability assessments and remediation, information security operations and associated project management. About Canopius Canopius is a global specialty lines (re)insurer. We are one of the leading insurers in the Lloyd's of London insurance market with offices in the UK, US, Singapore, Australia and Bermuda. At Canopius we foster a distinctive, positive culture which enables us to bring our whole selves to work to flourish as people, and build a business which delivers profitable, sustainable results. Based in incredible new offices in the heart of the City of London, Canopius operates a flexible, hybrid working model and is committed to providing an environment that challenges employees to be their best and where everyone's unique contributions are recognised, valued and respected. We are fully committed to equal employment opportunities for all applicants and providing employees with a work environment free of discrimination and harassment. All employment decisions are made regardless of age, sex, gender identity, ethnicity, disability, sexual orientation, socio-economic background, religion or beliefs, marital or caring status, or any other status protected by the laws or regulations in the locations where we operate. We encourage and welcome applicants from all diverse backgrounds. We make reasonable adjustments throughout the recruitment process and during employment. Please let us know if you require any information in an alternate format or any other reasonable adjustments. The Role: The Information Security Analyst is responsible for supporting the effective operation of information security controls, services, and processes across the organisation. Reporting to the Information Security Manager, the role provides hands‑on security analysis, monitoring, assurance, and risk support across on‑premise and cloud environments. The role works closely with Technology teams, third‑party providers, and business stakeholders to help protect the organisation's information assets, reduce cyber risk, and maintain compliance with security policies, standards, and regulatory requirements. Responsibilities will include: Security Operations & Monitoring Support the day‑to‑day operation of information security controls and services. Monitor security tooling, alerts, and dashboards, including SOC and SIEM outputs. Investigate and respond to security events and incidents in line with agreed procedures. Escalate security incidents and risks to the Information Security Manager as appropriate. Security Assurance & Risk Support Perform assurance activities to assess the effectiveness of security controls. Support gap analysis, compliance readiness, and ongoing compliance monitoring. Assist with the identification, assessment, and documentation of security risks. Track remediation actions and follow up with control owners. Incident Response & Problem Support Support security incident response activities, including investigation and evidence gathering. Assist with root cause analysis and documentation of lessons learned. Contribute to improvements in controls, processes, and preventative measures. Policy, Standards & Governance Support the maintenance and operation of information security policies, standards, and procedures. Provide guidance to Technology and business teams on security requirements and best practice. Ensure security activities are documented and auditable. Third‑Party & Audit Support Support third‑party security due diligence, reviews, and assurance activities. Assist with responses to internal and external audits, assessments, and regulatory requests. Gather and provide evidence to demonstrate effective operation of security controls. Security Awareness & Culture Support the delivery of security awareness and training activities. Promote a positive security and compliance culture across the organisation. Contribute to communications and materials that improve security understanding and behaviour. Reporting & Continuous Improvement Produce security reports and metrics for both technical and non‑technical audiences. Assist with analysis of trends, threats, and emerging risks. Contribute ideas and improvements to enhance security processes and controls. Skills and Experience Experience in an information security, IT risk, or IT operations role. Understanding of common cybersecurity risks, threats, and control types. Familiarity with incident management, risk assessment, and assurance activities. Ability to analyse information, identify issues, and document findings clearly. Strong written and verbal communication skills. Ability to manage multiple tasks and priorities with attention to detail. Experience working in regulated or enterprise environments. Exposure to cloud security concepts (e.g. Azure security services). Experience with security tooling such as SIEM, endpoint protection, or vulnerability management tools. Relevant education or certifications (or working towards) in information security.