Security Analyst in Woking

We sell the world’s best chicken. Seriously. And we’ve done it since 1939, when the idea of crispy, original recipe chicken took Kentucky by storm. Now, we’re proud to serve 1000+ communities across the UK and Ireland, bringing the grit, pride and iconic reputation that we started with, all those years ago. Across the Restaurant Support Centre (RSC), we come to work to be ourselves, and to make something of ourselves. We want to see our potential go that little bit further, as part of one of the world’s most iconic brands.

ABOUT THE ROLE

The Security Analyst is responsible for safeguarding the organization’s systems, data, and services through risk-based analysis, proactive security operations, and continuous improvement of controls. This mid-level role blends hands‑on technical work (e.g., vulnerability management, endpoint/EDR, SIEM monitoring) with risk reporting, mitigation planning, and compliance alignment (e.g., ISO 27001, NIST CSF, CIS Controls, GDPR). The successful candidate will be self‑motivated, detail‑oriented, and adept at prioritizing workload based on quantified risk and business impact.

WHAT’S IN IT FOR YOU:

• Hybrid working from our Woking RSC (just 24 mins from London)
• Up to 11% company pension contributions
• 25 days’ holiday (plus bank hols)
• 5 Live Well Days a year, just for you
• Bonus scheme linked to company & personal performance
• Private healthcare, Digital GP access & mental health coaching
• Enhanced parental leave and flexible return options
• Study support, income protection, life cover & more
• 25% off the chicken

WHAT WE LOVE FROM YOU:

Education/Certifications

• Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent practical experience).
• Relevant certifications (one or more strongly preferred): CompTIA Security+, CySA+, SSCP, GIAC (e.g., GSEC/GCIH), AZ-500, MS-500, CCSK/CCSP, ISO 27001.

Experience

• Solid experience in a security analyst or similar role within IT security operations.
• Hands‑on experience with vulnerability management (scanning, analysis, and remediation coordination).
• Practical experience with endpoint security/EDR and SIEM alert triage and incident remediation.
• Demonstrated ability to produce risk reports and drive risk mitigation actions with cross-functional teams.
• Exposure to incident response and security testing (e.g., assisting with pen tests, red team findings, or threat modeling).
• Familiarity with industry standards controls and regulations (e.g., NIST, CIS, GDPR, HIPAA).
• Familiarity with Directory Services (Active Directory and Entra ID) with emphasis on security.
• Good communication skills and the ability to collaborate effectively with diverse teams.

Knowledge and Expertise

• Risk & Compliance: Solid understanding of risk assessment methodologies, control frameworks (ISO 27001, NIST CSF, CIS Controls), and regulatory basics (GDPR; PCI DSS).
• Security Controls: Network, endpoint, identity, data protection, secure configuration, and logging/monitoring fundamentals.
• Cloud & Modern IT: Working knowledge of security in Microsoft 365, Azure (IAM, Conditional Access, Defender suite), and common SaaS platforms.
• Threat Landscape: Awareness of common attack vectors (phishing, ransomware, privilege misuse, misconfiguration) and defense-in-depth strategies.

Skills

• Analytical & Detail-Oriented: Keen eye for anomalies; precise documentation and follow-through.
• Communication: Clear written and verbal communication—translating technical detail into business-friendly risk insights.
• Collaboration: Works well with Infrastructure, Application, and Business teams; influences without authority.
• Self-Motivation: Proactive ownership; drives tasks to completion with minimal supervision.
• Process Discipline: Organizes workload, meets deadlines, and adheres to SLAs and standards.
• Ethics & Confidentiality: Handles sensitive information with discretion and integrity.

KFC FOR EVERYONE

Whoever you are and wherever you’re from, KFC is a place where you can bring the real you to work. Our promise is this: every person who applies to a role at KFC, regardless of age, background, ethnicity, gender, ability, religion or sexual orientation, will have an equal opportunity to work here. We don’t just welcome, we encourage applications from underrepresented groups from all industries. If you’d like any additional support with your application, have a disability or condition that may affect your performance during the recruitment process, or have any other requirements — just let us know. We’ll be there to help you be the real you.

READY? We hope so. If you’re ready to be part of our community, now’s the time to apply. Worried you aren’t ticking all the boxes? Don’t - we’d still love to hear from you.

WHAT WILL YOU SPEND YOUR TIME DOING?

Security Operations & Management (30%)

• Contribute to, maintain, and enforce security policies, procedures, and standards.
• Oversee security risk assessments, vulnerability scans, and penetration tests.
• Monitor and triage security alerts from SIEM/EDR tools; investigate events, determine root cause analysis, and coordinate remediation.
• Coordinate with IT teams to implement technical safeguards, including firewalls, encryption, identity and access controls.
• Progress awareness programs to educate employees on security best practices.

Governance, Risk & Compliance (30%)

• Produce periodic risk reports and dashboards for leadership, highlighting trends, key risks, and recommended mitigations.
• Assist in policy/procedure development, secure baselines, and compliance evidence collection for audits.
• Contribute to risk assessments (systems, projects, suppliers), translating technical issues into business risk statements with likelihood/impact.
• Support control design and testing aligned to frameworks (ISO 27001 Annex A, NIST CSF, CIS Controls) and regulatory obligations (e.g., GDPR; PCI DSS if in scope).
• Hold clear authority to challenge priorities, influence sequencing of investment, and recommend funding decisions at enterprise level.

Incident Response & Readiness (20%)

• Participate in incident response (IR) lifecycle: detection, analysis, containment, eradication, recovery, lessons learned.
• Maintain IR playbooks and run tabletop exercises; drive post-incident improvements and control tuning.

Vulnerability & Patch Management (20%)

• Own scheduled vulnerability scans; analyze findings, assign risk scores, and produce remediation plans in partnership with Infrastructure/tech teams.
• Track patching SLAs, exceptions, and compensating controls; measure and report progress against risk-based targets.
• Validate remediation through rescanning and regression checks.

Working relationships:

• Cross functional teams within technology; this includes making them clear on the security standards in relation to the products they own and making sure any suppliers they managed are clear on expectations.
• Wider business teams; this includes awareness on security posture and best practice, including items such as password behaviour, device control and application screen (onboarding of SaaS solutions etc).
• Global teams; includes working with our Yum! partners to ensure global compliance, trends and alignment, directly with audit but indirectly with strategy and alignment to new process/tools.