Remote information security analyst (cyber essentials+/iso27001) contract

Gigged AI is an open talent marketplace specialising in the IT and technology sector. We
have an opportunity live at the moment for a InfoSec Analyst with experience of Cyber Essentials and ISO27001.

This role is preferably hybrid, with 2 days per week in Glasgow City Centre Office. However flexibility will be considered for any applicants outwith Glasgow.

Location: UK-based
Duration: Initial 3-month contract (expected extension up to 12 months with rolling break clauses)
Start Date: ASAP
Day Rate: £400
IR35 Status: Inside IR35

All applicant proposals will be reviewed directly on the Gigged AI platform by the hiring manager.

In order to send a proposal please follow the below steps:

• head to and create a free talent profile
• once signed in, follow this link to the project -
• you will now see a 'submit proposal' button
• please fill this in (intro, relevant experience, and attach CV to this)

Overview

We are searching for an experienced Information Security Analyst to join our security function on a long-term contract basis.

This role will focus heavily on Cyber Essentials+, ISO27001, information security governance, risk management, and internal security assessments across a large enterprise environment.

Key Responsibilities

• Identify, analyse, and support the management of information security and IT risks across the business
• Work closely with stakeholders, vendors, and internal teams to assess security controls and risk exposure
• Support compliance activities aligned to Cyber Essentials+ and ISO27001 standards
• Create and maintain information security policies, standards, procedures, and wider GRC documentation
• Conduct internal security assessments and reviews, clearly documenting findings and recommendations
• Maintain key security knowledge resources including process documentation, RACIs, training materials, and contract information
• Collaborate with risk owners to identify, manage, and mitigate vulnerabilities and threats effectively

Key Experience Required

• Strong experience within Information Security / GRC environments
• Proven experience working with:
• Cyber Essentials+
• ISO27001
• Experience conducting security risk and controls assessments
• Strong documentation and stakeholder management skills
• Experience producing and maintaining security policies, standards, and procedures
• Ability to communicate security findings clearly to both technical and non-technical stakeholders

Nice to Have

• Broader vulnerability management exposure
• Experience working within enterprise-scale or regulated environments