Information Security Analyst (GRC) in Coventry

Welcome to Moneycorp. In the last decade, Moneycorp has transformed from a largely domestic, consumer‑focused provider of foreign exchange to an end‑to‑end global payments ecosystem. With two banking licences and operations across the entire value chain of the international payments and foreign exchange sectors, we enable businesses, institutions and individuals to thrive beyond borders. We help our clients realise their growth ambitions by providing them with worldwide reach, relentless regulatory excellence and tailored, relevant solutions that resiliently optimise their financial operations.

This role sits within the Information Security Team, part of Group Risk and Compliance, reporting into the Head of Information Security. The candidate will be responsible for ensuring Moneycorp’s data and information processing systems are protected in‑line with the information & cyber security programme. The role will assist compliance to the ISO27001:2022 standard, by supporting day‑to‑day activities; by ensuring the organisation adopts good industry practices which are aligned to the organisation’s Information Security Policies.

What we’re looking for / Skills that will help you in the role:

• ISO27001/SOC2 GRC support: Provide support to the management of the existing Information Security Management System: governance, risk management, remediation activities.
• Information Security assessments: Conduct information security risk assessments across project lifecycle from incubation to decommission. Where necessary, provide advisory to ensure sufficient controls are implemented.
• Data management: Manage and tune Data Loss Prevention tools, to protect and prevent the loss of sensitive information.
• Operational Team activities: Responsible for completing daily tasks, providing KPIs, and triaging ticket queue with SLAs.

Person Specification Knowledge and Experience:

• At least 3 years experience in an information or IT security related role within a financial or regulated firm.
• Experience with DLP solutions, such as email filtering, Cloud access security broker and or Microsoft Purview.
• Applicants will have a technical background with exposure to IT, security, network or Cloud infrastructure administration.
• Fully understand security concepts such as identity access management, defence in depth, least privilege, resilience (technical & operational), segregation (networks & duties), cloud security (shared responsibility).
• Ability to support audits, conduct risk assessments, and implement mitigation strategies.
• Understanding of PCI DSS, SWIFT CSP, and operational resilience frameworks.
• Knowledge of implementing ISO27001:2022.
• Data loss prevention & management.

Skills:

• Technically astute, understands technical risks to the business and can provide clear risk assessment analysis to the business.
• Able to challenge where risks are outside of tolerance in an evidence‑led, logical and methodical manner.
• Network Security & Protocols – Deep understanding of TCP/IP, firewalls, VPNs, IDS/IPS, and secure network architecture and browser filtering technologies.
• Email – understands email delivery, and controls i.e. tracing, analysing, filtering, DMARC, SPF, DKIM.
• Security Frameworks & Controls – Familiarity with NIST, CIS Controls, and UK‑specific frameworks like Cyber Essentials.
• Cloud Security – Knowledge of securing Azure, including IAM, encryption, and monitoring (Sentinel experience beneficial).
• Data Protection & Encryption – Understanding of cryptographic protocols and secure data handling practices.
• Experience in Information Security Awareness and Training, phishing simulations, managing online training (CBT), providing content for awareness.
• Attention to Detail – Critical for monitoring logs, reviewing configurations, and writing formal documentation.
• Analytical Thinker – Ability to assess complex systems and identify potential risks and vulnerabilities.
• Ability to disseminate documentary evidence to provide objective analysis.
• Maintain a current understanding of common vulnerabilities and appropriate remediation.
• Communicating and documenting user‑reported security problems and incidents.
• Keeps up to date with the latest Information and Cyber news, threats and incidents.
• Appreciate when to elevate issues upwards.

Desirable Skills:

• Familiarity with Data Protection and Financial regulations i.e. GDPR, FCA regulations, PRA guidelines, UK Data Protection Act, DORA.
• Familiar with SOC2 Type II, NIST CSF, PCI DSS and NCSC guidance.

Education:

• BSc/MSc in Information Security, computing, science, technology, engineering or mathematics (STEM) subject.
• Known security qualifications such as CompTIA Security+, CySA+, CASP, or other established certifications from ISC2, ISACA GIAC or EC‑Council.
• Azure Fundamentals AZ‑900; Security, Compliance and Identity Fundamentals SC‑900; or other Microsoft certification.

Personal Attributes:

• A passion for cyber security and a keen interest in IT.
• Highly motivated, responsible, reliable and organised individual able to use own initiative, manage own time and workload and an excellent attention to detail.
• Inquisitive, keen to learn.
• Capable of developing a strong working relationship with peers to encourage good security practices.
• Collaborative and team‑oriented, flexible attitude, adhering to a high standard of ethical behaviour.

This position is full‑time, permanent. The role is office‑based in Coventry as part of the Risk and Compliance team. However, we have an agile flexible working policy which enables you to work up to 2 days from home if desired.

What you get in return:

This role offers a competitive salary with commission or bonus, plus a comprehensive benefits package including 25 days holiday plus a day off for your birthday, pension, BUPA private medical health insurance and more.

Fostering a culture of belonging and inclusivity:

We’re committed to creating a workplace where every individual feels valued, respected, and included. As an Equal Opportunity Employer, we actively cultivate an inclusive culture where diversity thrives, and we empower our colleagues to drive meaningful change within our organisation through initiatives like our DE&I focus groups and value champion network.