Information Security Analyst in City of London

Ricoh are currently recruiting for an Information Security Analyst based in London who will be accountable for the development, implementation, and continuous improvement of the Information Security Management System (ISMS) at Ricoh Europe PLC. The role exists to protect the confidentiality, integrity, and availability of corporate information assets, and to ensure the organisation’s alignment with ISO/IEC 27001 standards and applicable regulatory requirements.

You will be doing:

• Conducting internal audits and working with external auditors.
• Drafting and enforcing security policy, standards and procedures.
• Leading or coordinating responses to security breaches or events.
• Maintaining, developing, and enhancing the ISMS to ensure continued ISO/IEC 27001 compliance.
• Conducting regular internal audits and risk assessments, ensuring timely remediation of any identified vulnerabilities or non-conformities.
• Establishing and enforcing information security policies, standards, and controls across the organisation.
• Acting as the central authority and subject matter expert on information security within Ricoh Europe PLC.
• Monitoring the threat landscape and coordinating incident response planning, including investigation, mitigation, and communication of security incidents.
• Overseeing the security assurance programme, including third-party risk management and vendor assessments.
• Collaborating with IT, legal, HR, and business teams to integrate security principles into operational processes and projects.
• Promoting a strong culture of security awareness through training and awareness campaigns and quarterly Phishing Simulations.
• Providing reporting on ISMS performance, risks, and assurance activities to senior stakeholders and auditors.
• Demonstrating a deep understanding of information security standards and management systems, particularly ISO/IEC 27001, and the ability to operationalise policies, manage risks, and ensure compliance within a complex enterprise setting.
• Performing risk assessments and tracking risk treatment plans.
• Preparing documentation and evidence for ISO 27001 audits.
• Demonstrating experience with data protection principles and delivering privacy impact assessments.
• Designing and implementing security controls in line with policy requirements.
• Developing and maintaining the ISMS manual and associated procedures.
• Aligning security strategies with business continuity and data protection programmes.
• Interpreting IT governance and control frameworks such as: ITGC, NIST, COBIT, CSTAR, ITIL, and other standards to shape policy and monitor conformance.
• Analysing threat intelligence and risk trends to anticipate and prevent security breaches and advise on emerging technologies and their potential impact on security posture.
• Demonstrating and utilising foundational knowledge of project management frameworks such as: Lean Six Sigma, PRINCE2 and Cyber Essentials and Cyber Essentials Plus frameworks.

You will ideally have:

• A proven background working in an EMEA wide organisation or larger enterprises with complex operations across an IT landscape/environment.
• A bachelor’s degree (or equivalent) ideally in a relevant field such as: Cyber Security, Information Technology, Computer Science or Information Systems.
• ISO 27001 Lead Implementer or ISO 27001 Lead Auditor qualifications, with further qualifications across CISM, CISA, CRISC, CCAK, ISO 27701, Data Protection Practitioner, ISO 22301 Lead Implementer, ISO 27005 Risk Manager being a distinct advantage.
• Exceptional interpersonal and communication skills.
• The ability to tailor communication—presenting detailed technical risk in a non-technical, business-relevant format.
• Assertiveness balanced with diplomacy, especially when challenging decisions, enforcing compliance, or navigating resistance to change.
• Trust-building skills, as the Information Security Manager often has to advise, influence, and lead without formal authority.
• Conflict resolution, negotiation, and consensus-building abilities.
• Empathy and cultural awareness, especially when operating across the diverse cultural landscape of Ricoh’s European operations.
• Active listening, a collaborative mindset, and the ability to motivate others to engage with security initiatives.
• Demonstrated ethical behaviour, confidentiality, integrity and taking due professional care in all interactions relating to Auditing as per the principles of ISO 19011.

In return for your commitment, you can expect:

• A competitive salary package
• Industry leading benefits

Ricoh is an exceptional place to work, with a strong emphasis on career development for the right individuals. This is a role where you can excel within a fast-paced environment and succeed within a thriving organisation. This is an excellent opportunity to join a global company where you can truly capitalise and build on your own experience.

Ready to make that change? Apply now for a confidential conversation with our Recruitment Team.

We are an equal opportunities employer. At Ricoh, we embrace and respect the collective and unique talents, experience, and perspectives of all people. Together we inspire remarkable innovation. That’s how we live the Ricoh Way.

Ricoh have removed the disclosure of convictions box from their application process, offering equal opportunities to all. For all roles, we will judge each individual on their skills and ability before taking into account their history. However, some roles are subject to sensitive and restrictive information and, if successful, you may be required to undertake pre-employment vetting checks which include but are not limited to residency check, credit reference check, financial sanctions check and a DBS Check.