Information Security Analyst
Location: Edinburgh Hybrid
Type: Full-time | Permanent
Sector: Financial Services / Regulated Industry
How do we protect information at the organisational level? If this is a question you like to answer then this could be the role for you. We're working with a forward-thinking financial services organisation that’s expanding its Information Security team with a new Information Security Analyst role. This is a fantastic opportunity to make a real impact in a collaborative, fast-paced environment where security is a top priority.
The Role
As an Information Security Analyst, you’ll play a key role in enhancing the organisation’s security posture. You’ll work across departments and with third-party partners to support risk management strategies, improve security maturity, and contribute to the development of policies, training, and awareness programs.
This is a hands-on role where you’ll lead initiatives, support audits and regulatory engagements, and help shape how security is assessed and reported using frameworks like NIST CSF, CIS CSAT, ISO27001, and Cyber Essentials+.
Key Responsibilities
1. Assess and document security control designs and operational effectiveness
2. Lead tabletop exercises and threat modelling sessions
3. Support and mentor other security team members
4. Develop and deliver security training and awareness initiatives
5. Assist with vendor risk assessments and intra-group risk reporting
6. Maintain structured reporting and audit trails
7. Engage with auditors, regulators, and internal stakeholders
8. Contribute to policy development and oversight of critical outsource partners
9. Collaborate with Security Operations and Application Security teams
About You
You’re a detail-oriented, proactive professional who thrives in a collaborative environment. You’re inquisitive, analytical, and comfortable translating technical insights into clear, actionable outcomes. You enjoy mentoring others and are confident working independently while knowing when to escalate or collaborate.
Skills & Experience
10. Strong understanding of information security risk management and ISMS principles
11. Experience with security controls in software development lifecycles
12. Familiarity with NIST CSF, CIS CSAT, ISO27001, or Cyber Essentials+
13. Skilled in threat modelling and maturity assessments
14. Experience supporting audits and regulatory reviews
15. Knowledge of vendor risk management and supply chain security
16. Excellent communication and documentation skills
17. Proficiency with tools like Jira, Confluence, and Microsoft 365
18. Experience in financial services or regulated environments is a plus
Why Apply?
19. Join a growing team in a newly created role
20. Work in a collaborative, forward-thinking environment
21. Influence key security initiatives and frameworks
22. Opportunity to grow and develop your career in a regulated industry