Requirements
* Hands‑on experience in information security roles spanning technical and assurance responsibilities
* Experience assessing vendors, SaaS platforms, or third parties
* Strong understanding of:
o Cloud and SaaS security
o Identity and access management
o Secrets management and key rotation
o Vulnerability management
* Comfortable working with engineers and delivery teams
* Able to communicate risk clearly, pragmatically, and credibly
* (Desirable) Experience supporting investor‑led, audit, or assurance requirements
* (Desirable) Familiarity with modern delivery tooling (e.g. Azure DevOps)
* (Desirable) Exposure to secure design or architecture reviews
* (Desirable) Comfortable in fast‑moving environments with low tolerance for heavy process
What the job involves
* As an Information Security Analyst, you’ll sit at the point where technology, delivery, and governance meet — embedding pragmatic security assurance into vendor selection, SaaS adoption, and project delivery. Your job is to make sure security risks are identified early, articulated clearly, and driven through to real, implemented controls
* This is a hands‑on, delivery‑focused role. You’ll work closely with engineers, delivery teams, IT operations, and business owners to ensure security commitments translate into action — not just documents
* Vendor & SaaS Security Assurance
o You’ll lead security assessments for new and existing vendors and SaaS platforms, reviewing areas such as:
+ Identity and access controls
+ Data protection
+ Hosting environments
+ Vulnerability management
+ Incident response
o You’ll translate technical findings into clear risk statements, practical mitigations, and informed acceptance options, maintaining evidence suitable for investor, audit, and assurance review
* Secure Project Delivery
o You’ll engage early in projects and technical change, shaping security before designs are finalised. This includes reviewing architectures and delivery approaches, and constructively challenging areas such as:
+ Secrets management and credential handling
+ Access lifecycle and permissions
+ Key rotation and logging expectations
o You’ll work pragmatically with delivery teams (including those using tools like Azure DevOps), integrating security into delivery plans — not adding friction at the end
* You’ll make sure security risks don’t stall after being identified:
o Tracking remediation actions
o Following up on overdue items
o Escalating issues with evidence, impact, and clear options, not abstract theory
* You’ll maintain a decision‑focused risk register, ensuring it reflects real control posture and delivery reality. You’ll help prepare concise risk summaries and evidence packs for senior decision‑makers, and contribute to improving governance processes where they genuinely help clarity, accountability, and delivery
#J-18808-Ljbffr