Senior Information Security Analyst, UK

Realty Income aims to be a globally recognized leader in the S&P 100, committed to creating long-term value for all stakeholders. These stakeholders include our dedicated team members, who embody our purpose: building enduring relationships and brighter financial futures. This guiding principle serves as a beacon for our team, influencing every action we take.

Our employees consistently invest their time, commitment, and dedication into the company, and in turn, they receive investment returns in the form of purpose, belonging, and opportunities for advancement. We are committed to best-in-class corporate responsibility practices through environmental initiatives, governance programs, and community outreach projects. From the boardroom to the breakroom, our team members make a difference every day.

Realty Income (NYSE: O), an S&P 500 company, is a real estate partner to the world's leading companies. Founded in 1969, we invest in diversified commercial real estate and have a portfolio of 15,500 properties in all 50 U.S. states, the UK and eight other countries in Europe, with a gross book value of $58bn. We are known as 'The Monthly Dividend Company(R)' and have a mission to deliver stockholders dependable monthly dividends that grow over time. Since our founding, we have declared 656 consecutive monthly dividends and are a member of the S&P 500 Dividend Aristocrats(R) index, having increased our dividend for the last 31 consecutive years.

The European portfolio, including the UK, has grown significantly since our first international acquisition, a £429m 12-property portfolio from Sainsbury’s in 2019. In just five years the portfolio now includes investments of over €11bn, and 483 distinct properties.

Be a part of this growth story for a world leading Real Estate Investment Trust! Working in this global role you will contribute to the Info Sec team’s expansion in Europe, empowering your career and allowing you to take on additional responsibility and challenges, whilst you broaden your experience and skillsets.

Reporting to the Associate Director, European IT and operating under the supervision of the global Information Security program, the Senior Information Security Analyst supports the day-to-day operations of the global Information Security program, with a focus on security alert triage, incident investigation, and operational effectiveness across the environment.

This role is responsible for monitoring and responding to security alerts, performing assigned operational tasks, and optimizing security tooling to improve detection quality and reduce false positives. The position operates within a centralized global security function and collaborates across regions to ensure consistent handling of security incidents.

The Senior Information Security Analyst contributes to the continuous improvement of information security processes and procedures, supporting compliance activities aligned with frameworks and standards such as the NIST Cybersecurity Framework, GDPR and SOX.

• Monitor, triage, and investigate security alerts in coordination with the Security Operations Center (SOC) and internal teams.
• Analyze and validate potential security incidents, ensuring accurate classification, documentation, and escalation.
• Perform daily operational information security tasks, including the management and resolution of ServiceNow incidents assigned to the Information Security team.
• Support incident response efforts through investigation, coordination, and detailed documentation of findings.
• Participate occasionally in an on-call rotation as required to support timely response and escalation of security incidents outside of business hours, ensuring appropriate handover, documentation, and continuity of incident management.
• Tune and optimize security tools, including SIEM and endpoint protection platforms, to improve alert fidelity and reduce false positives.
• Collaborate with internal technology teams to ensure appropriate logging, monitoring, and alerting capabilities are in place across systems.
• Work closely with the IT Service Desk, Operations, and development teams to support vulnerability identification and ensure remediation is prioritised and delivered within agreed SLAs.
• Work closely with global and regional stakeholders to support consistent security operations and incident handling across time zones.
• Support security awareness initiatives through participation in training, workshops, and knowledge-sharing activities.
• Partner with the global Information Security team to review, streamline, and develop security processes, procedures, and incident response playbooks, while maintaining accurate, current documentation aligned with approved standards.
• Promote a culture of security across the organization through engagement and collaboration.
• Performs other duties as assigned.

• Suitable experience in an Information Security role.
• Some previous relevant experience in a technical IT role (System Administration/Network Administration/DevOps).
• While we do not set upper or lower limits of experience for any of our vacancies, candidates with at least 4 - 8 years’ suitable experience are likely to have the right level of knowledge and experience. Combination of education, training, experience, skills and other characteristics that would provide the requisite knowledge and abilities in support of the essential job functions.
• Must have Cybersecurity certification(s) (CISSP, Sec+, CCSP, CEH) or equivalent.
• Knowledge of security frameworks and regulatory compliance standards (NIST CSF, SOX ITGC, GDPR, etc.).
• Hands-on experience with security technologies including Microsoft Defender, Zscaler, SIEM platforms (e.g. Google SecOps), and identity platforms (e.g. Azure/Entra, Okta).
• Hands-on experience in incident response, threat detection, and vulnerability management within an enterprise environment.
• Strong ability to analyze, prioritize, and respond to security alerts and vulnerabilities within the context of business operations and risk tolerance.
• Experience with incident response processes and best practices, including investigation, escalation, and documentation.
• Knowledge of cloud security principles, particularly within Microsoft Azure environments.
• Working technical knowledge of IT systems including Active Directory, Microsoft 365 and Windows OS.
• Strong written and verbal communication skills include the ability to clearly document findings and risks to technical and non-technical stakeholders.
• Demonstrate commitment to continuous learning, staying current with emerging threats, technologies and industry trends.
• Hybrid working arrangements, in the office Monday / Tuesday / Wednesday / Thursday.
• May require infrequent travel to remote sites.
• Make yourself available outside of normal working hours for security incidents.

• Experience working in the financial services or investment industries.
• Bachelor’s degree in information security or related field or equivalent combination of education and experience.

For more than 50 years, Realty Income has been guided by our mission to invest in people and places to deliver dependable monthly dividends that increase over time. We do this by nurturing long-term, meaningful relationships that enable people to achieve a better financial outlook. We understand that when individuals succeed financially, they are able to provide for their families, support local businesses and pursue their greatest ambitions—creating a lasting positive impact.