Information Security Analyst – GRC
Salary: £45,000
Contract: 12-month Fixed Term Contract (FTC)
Location: Central Birmingham (Hybrid – 3 days per week on site)
The Role
We have an exciting opportunity for an Information Security Analyst – GRC to join a busy and collaborative technology function on a 12-month fixed term contract. This role will play a key part in supporting governance, risk and compliance (GRC) activities, with a strong focus on third-party risk management and data protection assurance across the organisation.
Based in Central Birmingham, the role operates on a hybrid working model, requiring three days per week on site.
Key Responsibilities
Third-Party Risk Management
Conduct and coordinate information security and privacy risk assessments for new and existing suppliers.
Assess supplier controls relating to data protection, information security, data hosting and subcontractor usage.
Maintain accurate records of organisational data shared with third parties, including purpose of use, classification, sensitivity and processing location.
Ensure supplier data handling arrangements clearly define retention, archiving and deletion requirements in line with internal policies and regulatory obligations.
Support Procurement, Vendor Management, Legal and Information Security teams to embed supplier assurance throughout onboarding, renewal and contract processes.
Track remediation actions with suppliers and internal teams, escalating high-risk issues where appropriate.
Data Protection & GDPR Support
Review how personal data is used across systems, processes and vendor solutions.
Ensure data classification, sensitivity and lifecycle controls are clearly documented.
Promote data minimisation by identifying unnecessary collection or retention of personal data and challenging excessive processing.
Document personal data risks, gaps and recommended actions in line with risk management processes.
Provide risk-based advice and technical input to business stakeholders on personal data processing.
Governance, Risk & Compliance
Support the review, development and implementation of information security and data protection policies.
Contribute to information security risk registers and compliance monitoring activities.
Produce compliance reports, dashboards and metrics for management and senior stakeholders.
Assist with internal and external audits, including GDPR, PCI DSS and financial audits.
Maintain compliance tracking across third-party risks, data lifecycle controls and privacy-related risks.
Security & Privacy Operations
Track remediation of identified compliance and control issues to ensure timely closure.
Support incident response activities, particularly those involving third-party access or personal data.
Document business and supplier processes to support governance, risk and compliance requirements.
Produce clear, auditable documentation for assessments, risks, decisions and approvals.
About You
You will bring a strong understanding of information security, privacy and risk management, with the confidence to engage and challenge stakeholders constructively.
Essential experience and skills:
Good understanding of GDPR, the UK Data Protection Act, and information security control requirements.
Experience conducting supplier assurance, security due diligence or third-party risk assessments.
Ability to assess technical and organisational security controls.
Strong analytical skills with excellent attention to detail.
Clear written and verbal communication skills, able to work with legal, technical and operational teams.
Experience supporting incident or breach investigations.
Ability to manage multiple competing priorities and work pragmatically with stakeholders.
Desirable:
Experience working in large, complex or multi-site environments.
Relevant certifications such as CIPP/E, CIPM, CompTIA Security+, or BCS Practitioner Certificate in Data Protection