Information Security Analyst

Information Security Analyst Join to apply for the Information Security Analyst role at Lancashire Insurance Group Application Deadline: 21 November 2025 Department: IT Location: London Information security is an essential function at Lancashire and is committed to continuous improvement. The addition of this role is an important element in achieving its security objectives during Lancashire’s time of digital transformation and growth. Reporting to the Information Security Manager, the post holder will be responsible for evaluating cyber security controls, conducting risk assessments and collaborating with cross‑functional teams. The post holder will support the Information Security Manager in maintaining all aspects of information security risk management, including responding to security inquiries and incidents, maintaining cyber security governance, and ensuring compliance with relevant regulatory requirements. Specific Responsibilities Support the Information Security Manager in delivering the Information Security Management System and drive continuous improvement for information security. Evaluate and assess cyber security controls across the business and its third‑party vendors to ensure compliance with the NIST Cyber Security Framework (CSF). Conduct comprehensive risk assessments using the NIST CSF. Use risk management techniques to identify cyber threats, risks and issues in a timely manner. Support, develop and conduct third‑party vendor security assurance activities. Collaborate with cross‑functional teams to develop and implement risk management activities. Respond to security support tickets and other enquiries; provide information security support and escalation. Support the creation and collection of metrics, validate security control performance and identify emerging cyber risks. Collaborate with the Enterprise Risk Management (ERM) team to maintain, develop and deliver cyber risk reporting and appetite statements. Maintain Information Security policy and procedure ensuring content is relevant to the current cyber threat landscape. Maintain, develop and test the Cyber Incident Response Plan, ensuring content is relevant to the current cyber threat landscape. Monitor, maintain and manage Lancashire compliance with its relevant cyber security regulation obligations. Manage actions and output generated by stakeholder engagements; for example customers, regulators, internal and external auditors. Maintain currency with emerging security trends, threat intelligence, industry standards and good practice, and security‑enhancing technologies. Essential Skills, Knowledge