Risk Analyst - Nottingham City
Contract type: Permanent
Hours: Full-time, 35 hours
Location: Head Office, Nottingham (Hybrid working, minimum 2 days per week)
Application process: Please apply via the application button which will direct you to our careers site. If you require any adjustments to assist you in applying, please contact
We are looking for a proactive Information Security Risk Analyst to join our dynamic Information Security Team. In this role, you will play a crucial part in strengthening our governance, risk, and compliance initiatives related to information security. Your efforts will help ensure our organisation meets regulatory standards, effectively manages security risks, and maintains a robust security posture to safeguard our customers and sensitive data. We welcome candidates from all backgrounds to apply and contribute to our diverse and inclusive team.
Here’s a taste of what you will be doing as a Risk Analyst at Nottingham Building Society:
* Framework Development: Develop and maintain the organisation’s information security governance, risk, and compliance framework.
* Risk Assessments: Conduct risk assessments to identify vulnerabilities, focusing on protecting customer data and financial systems.
* Regulatory Compliance: Ensure compliance with regulations and standards like GDPR, ISO 27001, CQuest, SOC 2, and FCA and PRA guidelines.
* Effectiveness Monitoring: Monitor and assess the effectiveness of security controls, policies, and procedures.
* Audit Support : Support audits by preparing documentation and facilitating review processes.
* Vendor Risk Assessments: Perform vendor risk assessments to evaluate third-party security risks.
* Department Collaboration: Collaborate with various departments to implement security policies across all business units and technologies.
* Incident Management: Manage and track security incidents and breaches, ensuring appropriate mitigation and response strategies.
About you:
* Information Security Frameworks: Familiarity with frameworks such as NIST, ISO 27001, SOC 2, and GDPR.
* Financial Sector Requirements: Knowledge of specific information security needs for financial institutions and building societies.
* Security Controls and Risk Management: Strong understanding of security controls, risk management practices, and compliance requirements in the financial sector.
* GRC Software Experience: Experience with platforms like Archer, ServiceNow, LogicGate, and OneTrust is a plus.
* Analytical Skills: Excellent ability to assess security risks and suggest actionable remediation plans.
* Communication Skills: Strong written and verbal communication skills to convey complex security and compliance issues to both technical and non-technical stakeholders.
* Professional Background: Experience in information security, GRC, or related fields, ideally within a financial services environment.
Reward & Benefits -
1. Competitive Package : Fair salary benchmarked against market data, annual discretionary bonus, and 29 days holiday plus