Senior Information Security & Compliance Analyst
We are looking to strengthen the MWH Business Systems team with a Senior Information Security & Compliance Analyst based at the Hattersley office with hybrid working available.
The Senior Information Security & Compliance Analyst supports the effective governance, operation, and continuous improvement of the organisation’s information security and data protection processes. You will act as the second‑in‑command to the Information Security & Compliance Manager, providing hands‑on support for day‑to‑day compliance activities, incident response, risk management, and stakeholder engagement. The role ensures resilience and consistency in the organisation’s security and privacy controls, particularly during periods of increased workload or officer absence.
Working within the MWH Treatment Business Systems team, this role is central to the security and governance of the business.
You will be a key point of contact for MWH staff, clients, suppliers and other RSK group companies relating to information security and data protection matters.
You will work alongside the internal Cyber Security team and external consultants to assess risks to MWH Treatment, develop mitigation strategies and implement controls. You will help assess new software for security risks, contractual risks in the vendor’s terms and conditions, and ensure privacy controls are in place.
You will be part of the MWH Business Continuity team, helping with security incident response planning, incident management and investigation. You will work with all parts of the business, service providers, external consultants, clients, JV partners, RSK Group companies and our supply chain partners.
MWH Treatment are working towards attaining ISO 27001 certification. You will play a significant role in working with stakeholders and risk owners to define and document controls, coordinate progress, track issues and monitor compliance.
MWH work in a regulated environment for owners of Critical National Infrastructure. Part of your role will be to help answer InfoSec, CyberSec and Privacy questions, draft technical responses for tenders, work with external and internal auditors, insurers and regulators.
A working knowledge of the Data Protection Act 2018, UK-GDPR and associated legislation is desirable for this role. Knowledge of ISO27001, Data Loss Prevention (DLP) strategies and records retention would be an advantage. Some knowledge of basic cyber security techniques will also be helpful. It should be noted that this is a strategic and governance role, not a technical cyber security role.
DPO Responsibilities
- Deputise for the company DPO
- Be a point of contact, providing day to day advice, training and guidance to the business
- Help develop policy and guidance
- Support operational decision making with privacy inputMaintain Records of Processing Activities (RoPA)
- Work with the HR team to manage or quality check DSAR responses
- Help coordinate searches and redactions
- Investigate privacy complaints
- Ensure statutory deadlines are met
Experience
Some experience in or an understanding of information security, data privacy, IT governance, or a related technical/analytical role. Experience supporting audits, security operations, or compliance programmes would be beneficial. Experience working in a technology driven or data sensitive environment preferred. Understanding of cloud security, IT operations, and system administration (advantageous but not essential).
Qualifications
- Certifications desirable but not essential: ISO27001 Internal Auditor, CompTIA Security+, CISM/CIPM/CIPP (working towards accepted).
- Technical: foundational understanding of information security frameworks such as ISO27001, NIST, or CIS Controls; knowledge of UK GDPR, DPA 2018, and data handling best practices; familiarity with risk management, incident response processes, vulnerability management, and access control principles.
- Behavioral: strong communication skills; high attention to detail and excellent organisational skills; ability to manage competing priorities and work independently when required; proactive, analytical, and committed to continuous improvement; high integrity and a strong sense of confidentiality.
