Salary: £45,000 - 46,000 per year Requirements: Good understanding of GDPR, the UK Data Protection Act, and information security control requirements Experience conducting supplier assurance, security due diligence or third-party risk assessments Ability to assess technical and organisational security controls Strong analytical skills with excellent attention to detail Clear written and verbal communication skills, able to work with legal, technical and operational teams Experience supporting incident or breach investigations Ability to manage multiple competing priorities and work pragmatically with stakeholders Relevant certifications such as CIPP/E, CIPM, CompTIA Security, or BCS Practitioner Certificate in Data Protection (desirable) Experience working in large, complex or multi-site environments (desirable) Responsibilities: Conduct and coordinate information security and privacy risk assessments for new and existing suppliers Assess supplier controls relating to data protection, information security, data hosting and subcontractor usage Maintain accurate records of organisational data shared with third parties, including purpose of use, classification, sensitivity and processing location Ensure supplier data handling arrangements clearly define retention, archiving and deletion requirements in line with internal policies and regulatory obligations Support Procurement, Vendor Management, Legal and Information Security teams to embed supplier assurance throughout onboarding, renewal and contract processes Track remediation actions with suppliers and internal teams, escalating high-risk issues where appropriate Review how personal data is used across systems, processes and vendor solutions Ensure data classification, sensitivity and lifecycle controls are clearly documented Promote data minimisation by identifying unnecessary collection or retention of personal data and challenging excessive processing Document personal data risks, gaps and recommended actions in line with risk management processes Provide risk-based advice and technical input to business stakeholders on personal data processing Support the review, development and implementation of information security and data protection policies Contribute to information security risk registers and compliance monitoring activities Produce compliance reports, dashboards and metrics for management and senior stakeholders Assist with internal and external audits, including GDPR, PCI DSS and financial audits Maintain compliance tracking across third-party risks, data lifecycle controls and privacy-related risks Track remediation of identified compliance and control issues to ensure timely closure Support incident response activities, particularly those involving third-party access or personal data Document business and supplier processes to support governance, risk and compliance requirements Produce clear, auditable documentation for assessments, risks, decisions and approvals Technologies: Support Security More: We are excited to offer an opportunity for an Information Security Analyst – GRC to join our dynamic technology function in Central Birmingham on a 12-month fixed-term contract. Our team thrives on collaboration and ingenuity, and this position will be instrumental in supporting our governance, risk, and compliance activities, focusing on third-party risk management and data protection assurance. We provide a hybrid working model, which means you will work three days a week on-site with a competitive salary of £45,000. last updated 6 week of 2026