Security Governance Analyst

Job Title: Security Governance AnalystLocation: Northampton (Minimum of 2 days onsite required)Contract: Inside IR35Hours/Duration: Full-time, 5 days per week. Overall project expected to be 3 months in duration.The Role of Security Governance AnalystOur client, who is one the UK's leading trade suppliers, is seeking an experienced Security Governance Analyst to join the Information Security Team to assist with improving the organisations security and core governance and compliance activities across the business.This role is expected to last for 3 months in duration, and the successful candidate will need to attend the client site in Northampton 2 days a week minimum, with the remainder worked from home, this work arrangement is essential based on the role requirements.Key Responsibilities

• Design, develop and deploy phishing campaigns to all email users using Microsoft Defender to raise security awareness
• Triage and manage security related requests and incidents through the IT Service Management (ITSM) platform, ensuring timely and effective resolution
• Assist with Subject Access Request (SARs) and Right to be Forgotten (RTBF) requests in line with GDPR
• Support the evaluation of third-party vendors by gathering risk information, reviewing security documentation, and conducting assessments to ensure compliance with company standards.
• Coordinate internal and external penetration testing activities, liaising between technical teams and external testers, tracking findings, and ensuring remediation plans are in place.

About youThe successful candidate will have previous experience working as a Security Governance Analyst, and be confident in governance checking, risk management and regulatory compliance. You will also have the following skills:

• An ability to identify, assess, and mitigate cybersecurity risks
• Security architecture knowledge, specifically designing and implementing secure systems and networks
• An understanding of system and network security, including security protocols, firewalls, intrusion detection systems, and encryption technologies
• Be able to respond and manage security incidents effectively
• Compliance and Regulatory knowledge, and familiarity with laws and regulations such as GDPR, HIPAA, and ISO standards
• A natural ability to analyse complex security issues and develop effective solutions
• Qualifications in either CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or CRISC (Certified in Risk and Information Systems Control) are advantageous but not essential

We are looking for candidates who are available to start work immediately and must hold the required experience outlined above. We aim to respond to all applicants within 5 working days – to avoid missing out please apply today, and one of our Team will be in touch.