Information Security Analyst

The Information Security Analyst is a broad and varied role within the firm's CISO function, offering structured exposure across information security governance, regulatory compliance, security awareness and operational support. Working closely with members of the CISO team, the role holder will contribute to a wide range of security activities — including security operations, regulatory framework compliance (ISO 27001, DORA, NYDFS), vendor risk management, security awareness programmes and governance reporting. The role provides direct involvement in how the firm manages its security obligations and responds to an evolving regulatory and threat landscape. The position is designed as a strong foundation for a career in information security, with visibility across the full CISO service catalogue and the opportunity to develop expertise across multiple security disciplines. The role holder will be supported by experienced practitioners across governance, risk, cloud security and security engineering.

Role Responsibilities

• Governance & Reporting
  • Administer ISGF and ORC meeting logistics including preparing agendas, collating papers, recording minutes and tracking actions to completion.
  • Maintain the CISO organisational RACI, ensuring it is kept current as team structure and responsibilities evolve.
  • Compile and distribute the master CISO security reporting pack, collating inputs from all service areas into a consistent, accurate and timely governance view.
  • Maintain and update technology roadmap tracking documents, collating status updates and producing progress summaries for review.
  • Support preparation of Board, ExCo and governance forum presentations and papers.
  • Manage the security policies and standards library, tracking review schedules, chasing approvals and maintaining version control.
  • Maintain the ISO 27001 evidence library, coordinating evidence collection cycles and supporting internal and external audit preparation.
  • Administer DORA compliance tracking, gathering evidence, maintaining registers and flagging gaps for senior review.
  • Support NYDFS Part 500 compliance activities including maintaining evidence packs and tracking annual certification requirements.
  • Own Cyber Essentials and SWIFT CSP evidence gathering and submission processes.
  • Administer the Risk & Controls Register within Vanta and RiskConnect, keeping control status and evidence current.
  • Support Financial Audit and Internal Audit activities through evidence provision, scheduling and action tracking.
• Security Awareness
  • Administer the annual mandatory security training programme, tracking completion rates, chasing non-completions and producing completion reports.
  • Execute phishing simulation campaigns, analysing results, producing reports and coordinating follow‑up training for at‑risk users.
  • Own the security awareness communications calendar, producing and distributing content for firm‑wide awareness campaigns.
  • Coordinate Executive & Board training logistics, scheduling and record‑keeping.
  • Coordinate specialist security training activities, managing scheduling, attendance tracking and training records.
  • Administer vendor onboarding activities, running security questionnaire processes, tracking responses and maintaining the vendor register.
  • Support vendor annual review cycles, coordinating evidence collection, scheduling review meetings and updating vendor risk records.
• Operations Support
  • Assist the Operational Security Engineer with routine security operations tasks including ticket handling, tool administration and evidence gathering.
  • Contribute to automation of routine tasks, helping to identify, document and test repeatable processes suitable for scripting or workflow tooling.

Qualifications

• Degree‑level education or equivalent; a subject with an information security, technology or analytical component is beneficial but not required.
• An interest in pursuing professional security qualifications (e.g. CompTIA Security+, CISMP, BCS Information Security) is expected.

Experience

• 0–2 years of professional experience; prior exposure to an information security, compliance, risk or technology environment is advantageous but not essential.
• Strong organisational skills with the ability to manage multiple parallel tasks, track deadlines and maintain accurate records.
• Proficient in Microsoft 365 (Word, Excel, PowerPoint, SharePoint); familiarity with security or GRC tooling such as Vanta or RiskConnect is a plus.
• Clear written communication skills, with the ability to produce well‑structured reports and documentation.
• Attentive to detail with a methodical approach to evidence gathering, record‑keeping and process execution.
• Genuine interest in information security as a career, with a desire to grow within the CISO function over time.

Additional Information

• Hybrid working (3 days in office)
• Contributory personal pension plan: Minimum: Employee 2% and Employer 7%. Employer matches contributions in 1% increments to a maximum of: Employee 5% and Employer 10%
• Life Assurance – 4 times annual salary
• Group Income Protection
• Private Medical Insurance – this may include cover for partner and or children at company cost. Cover includes Optical, Dental and Audiology