Security and Governance Analyst in Wallington

The Security and Governance Analyst role provides very important support to the IT team and the wider organisation. They work closely with the IT Manager and our security partners to ensure the security and integrity of Two Saints information systems and infrastructure. The role involves collaborating on policies, procedures, and administering controls to protect sensitive data from cyber threats and ensure compliance with regulatory requirements, reporting performance back to the IT Manager, Performance and Executive teams.

Main Responsibilities

• In conjunction with the IT Manager, build a constructive relationship with Two Saints’ principal IT suppliers to ensure that the contracted standards of service and support are met.
• Work together with these suppliers to ensure that Two Saints’ ICT Security policies are applied and followed correctly.
• Regularly review the security preparedness of our supply chain.
• Work with the Learning and Development Manager and the HR team to establish a minimum standard of cyber awareness skills for Two Saints’ staff – assess the quality of both internal and external trainers with the delivery of training and awareness through learning platforms and internal communication.
• In conjunction with Systems & Applications Support and Network Support colleagues, maintain accurate records of software licences, equipment types and locations.
• Ensure the organisation maintains a good level of IT security by evaluating risks and solutions, and continue to implement and develop solutions in line with ongoing threats.
• Assist in ensuring the organisation remains GDPR compliant and provide support for subject access requests and destruction of data in line with data governance.
• Support the IT Manager to review and maintain data governance policies and Data Loss Prevention (DLP) using Microsoft compliance tools.
• Oversee daily security checks and carry out any follow‑up action required.
• Report to the IT Manager and maintain security standards by ensuring operating system patches and hardware/firmware updates are applied across the network.
• Ensure all documents, processes and procedures for the ICT team are kept updated.
• Create and develop required reports for the organisation, including producing monthly and quarterly reports for the senior management teams.
• Use the organisation’s preferred reporting tools to produce meaningful reports.
• Work with the IT Manager to support and implement risk‑management processes to identify and mitigate IT risks.
• Regularly audit and monitor IT systems to ensure data integrity, security and compliance.
• Support the IT Manager to ensure that IT projects and operations comply with internal and external policies, regulations and standards.
• Work with the IT Manager to design and implement frameworks and procedures to ensure IT security and governance aligns with organisational objectives.
• Stay informed about the latest IT trends and advancements to inform cyber strategies and policies.
• This role has business continuity responsibilities.

Role Requirements

• This role may require a standard disclosure and barring service check.
• This role will require a full drivers’ licence and access to a vehicle.
• This role will require you to work flexibly across several sites.

Experience And Qualifications

Essential Criteria

• Achieving Cyber Essentials / CE+.
• Working with Security Frameworks.
• Awareness of Operational Risk Management Processes.
• Experience of Project Working.
• CompTIA Security+, Certified Information Security Manager or equivalent.
• Experience working with data protection and compliance.

Desirable Criteria

• 3rd Party Management, particularly with MSP’s and CSOC’s.
• Designing Cyber Security Awareness Programmes for internal staff awareness.

Knowledge And Skills

Essential Criteria

• GDPR Compliance.
• Hardware firmware and Microsoft patching requirements.
• Asset Management.
• Management Reporting.
• Microsoft Defender.
• PCI‑DSS.

Desirable Criteria (experience of)

• NHS DSP Toolkit.
• NIS2.
• ISO27001.
• Microsoft Sentinel (or other SIEM solution).
• Microsoft Purview.
• Strategy creation.

Equal Opportunities

We’re committed to creating an inclusive and diverse workforce that embodies our values and promotes a tolerant and respectful environment where everyone can feel empowered to succeed. We welcome and encourage applications from people of all backgrounds and will support with any reasonable adjustments needed during the recruitment process.