Social network you want to login/join with:
Information Security Analyst, Preston, Lancashire
Client: Cloud Decisions
Location: Preston, Lancashire, United Kingdom
Job Category: Other
-
EU work permit required: Yes
Job Views:
9
Posted:
04.06.2025
Expiry Date:
19.07.2025
Job Description:
Upto £57,500 + Enterprise Benefits (Life Ins/Medical/Pension)
Fully Remote (UK only)
***Please Note: NOT A CYBER SEC TECHNICAL ROLE***
Be part of their high growth Information Security plans as they build the team to x4
Cloud Decisions has partnered with one of the UK’s most exciting enterprise technology transformations: a £multi-billion, employee-owned group, one of the top 10 largest employee-owned businesses in the UK, and one of the largest global players in insurance across 100+ countries.
Following a wave of acquisitions and continued digital modernisation and compliance, they’re hiring an Information Security Assurance Analyst who understands Controls & Compliance with security regulations and standards. The role involves working in a small, high-trust team, working autonomously to build their InfoSec capability, ensuring regulatory compliance, information security maturity, and readiness for audits, tenders, or risk reviews.
Control/Compliance Assessment Duties:
* Schedule and Coordinate Assessments: Schedule and coordinate control assessments with control owners, asset custodians, and third parties.
* Evaluate Controls: Assess the design and effectiveness of security controls against policies, standards, and procedures.
* Documentation Maintenance: Keep documentation of assessments and remediation activities up-to-date.
* Organise Control Evidence: Ensure control evidence is well-organised and accessible.
* Notify Deviations: Notify relevant parties of deviations in processes and procedures.
* Risk Analysis Reports: Write reports on the impact of control gaps on risks.
* Communicate Findings: Share findings with Security leadership, clearly describing issues.
* Dashboard and Reporting Input: Contribute to dashboards and reporting databases.
* System Security Plans (SSPs): Support documentation of security requirements for systems and services, assisting with controls and ongoing monitoring.
Compliance/Control Improvement Duties:
* Update Processes: Coordinate updates to business process gaps.
* Enhance Procedures: Assist in documenting and designing procedures, and develop testing methods.
* Propose Enhancements: Suggest improvements to controls and procedures.
* Reporting Support: Support monthly and quarterly reporting on control assessments.
Audit/Assessment Duties:
* Third-Party Due Diligence: Manage third-party assessments and responses, documenting deficiencies.
* Audit Preparation and Support: Prepare evidence and respond to audit requests and findings.
InfoSec effectiveness - collaboration/continuous improvement:
* Continuous Improvement: Identify and implement process improvements.
* Training and Development: Assist in training team members and stakeholders.
* Vendor Management: Ensure vendors have robust BCDR plans and conduct assessments.
Knowledge of DORA, PCDSS, SARBOX is beneficial but not essential.
#J-18808-Ljbffr