Information Security Analyst – NIST Implementation
Duration – 6 months
Location – twice a week on site into London
Role Description:
As a Senior Information Security Analyst, you will be instrumental in executing the company's Information Security strategies and initiatives, focusing on supporting the Governance, Risk, and Compliance (GRC) function and implementing the NIST Cyber Security Framework (CSF) throughout the organization. You will lead day-to-day GRC activities, including designing security controls, enforcing requirements from the Group Information Security Framework, and proactively managing non-compliance issues and mitigating Information Security risks.
About You:
* You will be developing and implementing an information security controls catalogue, policies, and procedures aligned with the NIST Cyber Security Framework (CSF).
* Conducting assessments to identify material gaps, analyzing potential risks, and monitoring progress on maturity uplifting across security functions.
* Supporting compliance activities with the Group Information Security Framework, Cyber Essentials, and PCI DSS attestation.
* Collaborating with the wider organization to integrate control testing and risk management activities into the existing governance framework.
* Assisting cross-functional teams and business units in integrating security measures into business operations.
* Facilitating regular reviews and updates of control and risk management processes to remain effective and responsive to emerging threats and changes in the organizational landscape.
* Documenting and visualizing reports for governance forums, providing insights and recommendations to inform decision-making and risk management strategy across the business.
* Minimum of 4 years of experience in information security with a solid understanding of Information Security control and governance frameworks.
* Practical experience of implementing NIST CSF in the financial services sector is highly desirable.
* Proven track record of security transformation and delivery of security projects, particularly within a federated organisation.
* Strong knowledge of Information Security and compliance frameworks, including NIST CSF, ISO 27001, Cyber Essentials, PCI DSS, and DORA, and the ability to design controls that align with these standards.
* Ability to analyse data and generate reports using tools like Excel and Power BI, and experience with data visualisation and interpretation.
* Skills in creating and maintaining comprehensive documentation, including control matrices, design process flows, and standard operating procedures.
* Strong communication and interpersonal skills, with the ability to convey complex security concepts to non-technical stakeholders.
* Bachelor’s degree in Information Security, Computer Science, or a related field. A Master’s degree is a plus.
* Relevant certifications such as CISSP, CCSP, CRISC, CISM, or ISO 27001 Lead Implementer are highly desirable.
Seniority level
* Seniority level
Mid-Senior level
Employment type
* Employment type
Contract
Job function
* Job function
Analyst
* Industries
Insurance
Referrals increase your chances of interviewing at Sanderson by 2x
Get notified about new Information Security Analyst jobs in London Area, United Kingdom.
Information Security Analyst - Audit, Compliance & Cybersecurity
London, England, United Kingdom 2 weeks ago
Information Security Analyst - Audit, Compliance & Cybersecurity
London, England, United Kingdom 6 days ago
Security Operations Analyst – Detection Engineering & Threat Hunting, Global SOC
London, England, United Kingdom 3 weeks ago
Cyber Security Data and Reporting Analyst
London, England, United Kingdom 3 weeks ago
London, England, United Kingdom 2 weeks ago
Security Analyst - Risk Management & Atmospherics - Balad
London, England, United Kingdom 1 week ago
Greater London, England, United Kingdom 2 weeks ago
London, England, United Kingdom 6 days ago
Information Security Analyst (GRC) - Engine by Starling
London, England, United Kingdom 2 days ago
London, England, United Kingdom 2 weeks ago
Chiswick, England, United Kingdom 2 weeks ago
London, England, United Kingdom 1 week ago
City Of London, England, United Kingdom 5 days ago
London, England, United Kingdom 4 days ago
London, England, United Kingdom 4 days ago
Greater London, England, United Kingdom 5 months ago
Information Security & Cyber Security Analyst - Banking - £60,000-£75,000 + Bonus
London, England, United Kingdom 4 days ago
Cyber Security Analyst, Vulnerability Management
London, England, United Kingdom 2 weeks ago
London, England, United Kingdom 1 week ago
London, England, United Kingdom 13 hours ago
Information Security Officer/ Senior Analyst - GRC
Offensive Security Analyst - Outside IR35
London, England, United Kingdom 2 weeks ago
Information Security Analyst - Audit & Compliance
London, England, United Kingdom 2 months ago
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
#J-18808-Ljbffr