Information Security and Data Protection Analyst in Manchester

Interact provides enterprise-grade intranet software that connects over three million employees to leading global names like Levi's, Domino’s, Teva Pharmaceuticals, and Technicolor. Our team of customer-focused problem solvers are passionate about helping organizations to communicate better. We do this together by constantly working to improve every service and product we offer. With offices in Manchester, New York, Dubai, Tulsa, Warsaw and Manila, we operate across North America, EMEA, and Australia.

In this role you will be working in a fast-paced agile environment, responsible for supporting the Information Security Risk Manager & Data Protection Officer to maintain a corporate-wide, global information risk management program, information security best practice and data protection regulation compliance. You will be working closely with key stakeholders to understand the business and identify the challenges with current processes, monitor adherence with our compliance programs, and, with the support of your manager and other key business functions, be involved in the development of the business towards continual improvement of our security and compliance positions.

A Little About You

• 2–3 years minimum in an information security or data protection role
• Detailed report writing skills
• Hands-on experience with at least one certification cycle (ISO 27001, SOC 2, etc.) from start to finish
• Demonstratable experience managing or influencing stakeholders at a senior level
• Involvement in penetration testing activities and remediations
• Experience handling real security incidents or data breaches
• Strong awareness of the GDPR, either through training from working within a business that processes personal data or independent learning
• Strong practical understanding of security and compliance frameworks, such as ISO27001, SOC 2 type II and Cyber Essentials Plus
• Practical working knowledge of Defender, Intune, Entra, Purview, AWS and Azure
• Ability to pragmatically balance security risk against business need
• Maintenance and creation of the Risk Register, ROPA & DPIAs
• Curious and proactive
• Approachable and calm
• Excellent communication skills
• Keen to learn
• Technically well rounded
• Can work autonomously
• Commercially aware

Desirable But Not Essential

• Knowledge of GRC tools such as Drata and Safebase
• Knowledge of Security and Awareness training tools, campaign creation etc.
• SaaS background
• Good understanding of Risk Management and continuous improvement practices

About The Role

• Creating, reviewing and improving the security policies
• Implement and maintain Information Security Management System (ISO27001 certification)
• Contribute to activities towards certification/compliance to security standards and regulations (ISO 27001, SOC 2, Cyber Essentials, etc.)
• Experience of undergoing audits
• Support progress on business continuity plans and policy
• Build and maintain relationships with technical and business stakeholders
• Leading regular risk assessments and internal process audits
• Working with internal teams and stakeholders to manage risks, suggest solutions, and resolving issues
• Support and lead with evidence collation for audits
• Conduct vendor/supplier reviews in line with Internal Policy
• Assist with security questionnaires for prospects and/or customers
• Maintain and improve information security awareness within the business
• Conduct monitoring activities as required with the UK GDPR and other data protection laws
• Work with regulator investigations as required in Article 36
• Point of contact to our employees and individuals about data processing activities
• Supporting the business maintaining the Security tickets through prompt follow-up and resolution, in collaboration with teams and other stakeholders
• Management of penetration testing remediations