Start Hiring Start Applying
Start Applying

StudySmarter Job Board

Information Security Compliance Analyst
Job Board
Companies
LinkedIn
Information Security Compliance Analyst

Information Security Compliance Analyst

Full-Time 36000 - 60000 £ / year (est.) No home office possible
Go Premium
LinkedIn

At a Glance

  • Tasks: Support and maintain information security compliance across EMEA, ensuring adherence to regulations.
  • Company: Join a leading company focused on information security management and compliance.
  • Benefits: Enjoy a hybrid work model with flexible hours and competitive salary.
  • Other info: 12-month fixed-term contract with opportunities for professional growth.
  • Why this job: Make a real impact in security compliance while developing your skills in a dynamic environment.
  • Qualifications: Degree level or equivalent; ISO 27001 certification is essential; experience in security compliance preferred.

The predicted salary is between 36000 - 60000 £ per year.

12 Month Fixed Term Contract

Salary: Negotiable

Hybrid - Hertfordshire

As an Information Security Compliance Analyst, you will support the development and maintenance of the EMEA wide information security management system in accordance with Global EIT strategy, EMEA business requirements and relevant information security legislation, including NIS 2, AI Act and GDPR. You will ensure the continued certification of the EIT ISO 27001:2022 management system and adherence by the EMEA EIT department to all relevant legislation and regulations, including but not limited to Health and Safety, Financial and Privacy laws.

Main duties/responsibilities:

  • Conduct information security, information system, and compliance-based risk assessments, evaluate responses and recommend risk treatment actions.
  • Develop and execute risk mitigation plans in conjunction with relevant internal and external stakeholders/groups and to agreed timescales, following through to completion.
  • Support the creation, implementation and maintenance of information security policies and standards, in accordance with ISO 27001 other relevant frameworks and standards (NIST CSF, IEC 62443, CIS, GDPR etc.).
  • Maintain the department’s information security procedures, including but not limited to information security incident response and business continuity management, conducting tabletop exercises to evaluate effectiveness.
  • Manage the information security awareness training program to ensure all employees develop and maintain an awareness about and comply with all applicable information security policies, procedures, laws, and regulations.
  • Provide information security advice and guidance for EMEA business activities and projects.
  • Manage information security programs to ensure the company meets its compliance requirements.
  • Monitor, analyse and report on information security-based management metrics.
  • Perform comprehensive third-party information security due diligence assessments in a timely manner, report on results, recommend remediation activities and work with the legal team to ensure contractual obligations include security clauses as relevant.
  • Support information security and compliance audits conducted in the department.

Qualifications and Experience required:

  • Degree level qualified or equivalent - highly desirable.
  • CISM and / or CRISC or other relevant certification is highly desirable.
  • ISO 27001:2022 Lead Implementer / Auditor certification is essential.
  • Demonstratable experience in an Information Security, IT Governance, Risk and Compliance based role, including maintaining and continually improving an ISO 27001 compliant management system.
  • Extensive experience of information security management and/or security awareness.
  • In-depth expert knowledge of industry standard frameworks and best practices – ISO 27001: 2022, ISO 27002:2022, ISO 27005, ISO 31000, NIST and their practical application in a corporate environment to ensure all elements of integrity, availability and confidentiality are adhered to.
  • Extensive experience conducting information security risk assessments, reporting risks.
  • Experience of developing, implementing, managing, and maintaining Information Security policies, controls, standards, guidance, processes & procedures, and auditing compliance.
  • Experience of developing, implementing, managing, and maintaining risk management framework, policies, processes, and procedures.
  • Knowledge & experience of developing and performing information security due diligence and risk assessments of third-party organisations based on IT control frameworks such as ISO 27001 and ISO 31000.
  • Practical experience of conducting gap analysis, testing information security processes, procedures, plans and leading audits to achieve compliance with Information Security standards.
  • Practical experience of establishing and maintain data classification standards within a corporate environment.
  • Experience of project managing Information Security, Data Protection & Compliance initiatives.
  • Experience in developing and executing an Information Security awareness training across multi-business units.
  • Experience with ensuring corporate compliance with UK/EMEA data protection legislation such as DPA and GDPR.
  • Good knowledge of a broad range of IT technology platforms, products, services.
  • Stakeholder management experience at both a technical and non-technical to Executive level.
  • Excellent Business/customer facing experience.

If you are interested please apply or send your CV to luke.sandilands@cpl.com

LinkedIn

Contact Detail:

LinkedIn Recruiting Team

View LinkedIn Profile

StudySmarter Expert Advice 🤫

We think this is how you could land Information Security Compliance Analyst

✨Tip Number 1

Familiarise yourself with the latest updates on ISO 27001:2022 and other relevant frameworks like NIST and GDPR. Being well-versed in these standards will not only boost your confidence but also demonstrate your commitment to compliance during discussions.

✨Tip Number 2

Network with professionals in the information security field, especially those who have experience with compliance roles. Engaging in conversations can provide insights into the role and may even lead to referrals or recommendations.

✨Tip Number 3

Prepare to discuss real-world scenarios where you've successfully managed risk assessments or compliance audits. Having concrete examples ready will showcase your practical experience and problem-solving skills.

✨Tip Number 4

Stay updated on current trends and challenges in information security, particularly those affecting the EMEA region. This knowledge will help you engage in meaningful conversations and show that you're proactive about industry developments.

We think you need these skills to ace Information Security Compliance Analyst

ISO 27001:2022 Lead Implementer / Auditor certification
CISM and/or CRISC certification
Information Security Management
Risk Assessment and Management
Compliance Auditing
Development of Information Security Policies
Knowledge of GDPR and Data Protection Legislation
Stakeholder Management
Information Security Awareness Training
Incident Response Management
Business Continuity Management
Third-Party Risk Assessment
Gap Analysis
Project Management
Excellent Communication Skills

Some tips for your application 🫡

Tailor Your CV: Make sure your CV highlights relevant experience in information security, compliance, and risk management. Emphasise any certifications like ISO 27001:2022 Lead Implementer or Auditor, as well as your knowledge of frameworks such as NIST and GDPR.

Craft a Strong Cover Letter: In your cover letter, explain why you are passionate about information security and how your skills align with the responsibilities of the role. Mention specific experiences that demonstrate your ability to conduct risk assessments and manage compliance initiatives.

Showcase Relevant Projects: If you've worked on projects related to information security policies, risk management frameworks, or compliance audits, be sure to include these in your application. Detail your role and the outcomes to illustrate your impact.

Proofread Your Application: Before submitting, carefully proofread your CV and cover letter for any spelling or grammatical errors. A polished application reflects your attention to detail, which is crucial in the field of information security.

How to prepare for a job interview at LinkedIn

✨Know Your Standards

Familiarise yourself with ISO 27001:2022 and other relevant frameworks like NIST and GDPR. Be prepared to discuss how you've applied these standards in your previous roles, as this will demonstrate your expertise and understanding of compliance requirements.

✨Showcase Risk Assessment Skills

Be ready to talk about your experience conducting risk assessments and developing mitigation plans. Use specific examples to illustrate how you identified risks, evaluated responses, and recommended actions, as this is a key part of the role.

✨Highlight Stakeholder Management Experience

Since the role involves working with various stakeholders, prepare to discuss your experience in managing relationships at both technical and executive levels. Share examples of how you've effectively communicated complex information security concepts to non-technical audiences.

✨Prepare for Scenario Questions

Expect scenario-based questions that assess your problem-solving skills in real-world situations. Think of examples where you've had to respond to information security incidents or compliance challenges, and be ready to explain your thought process and actions taken.

Information Security Compliance Analyst
LinkedIn
Go Premium

Land your dream job quicker with Premium

You’re marked as a top applicant with our partner companies
Individual CV and cover letter feedback including tailoring to specific job roles
Be among the first applications for new jobs with our AI application
1:1 support and career advice from our career coaches
Go Premium

Money-back if you don't land a job in 6-months

>