Information Security Analyst

Nhs-approved
Nottingham, United Kingdom
2 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Compensation
£ 40K

Job location

Nottingham, United Kingdom

Tech stack

Cloud Computing
Computer Security
PCI Data Security Standards
Phishing
Security Information and Event Management
Data Logging
Information Security Management System
Vulnerability Analysis

Job description

We're looking for an Information Security Analyst who can balance governance, risk, compliance, and hands-on operational security activities.

What you'll be doing

In this varied and impactful role, you'll help operate and continuously improve our Information Security Management System (ISMS) while supporting risk management, compliance, and audit readiness across the business. Your work will span policies, controls, assessments, awareness, and metrics.

You will:

Maintain and update ISMS policies, standards, and procedures

Coordinate internal and external audits (including Gambling Commission security audits) from planning to closure.

Run the risk management process, keeping registers and treatment plans accurate

Support PCI DSS compliance activities and associated evidence collection

Manage and track vulnerability scanning and remediation across systems

Assist with incident response, triage, evidence collection, and post-incident reviews

Work with IT and MSPs to improve security controls, alert quality, logging, and SIEM coverage

Conduct supplier due diligence and review third-party security documentation

Deliver targeted security awareness training and publish practical guidance

Produce monthly and quarterly reports on risk, vulnerabilities, audits, and incidents

This is a collaborative, business-wide role where you'll help embed security into everyday operations and ensure controls remain effective and well-documented.

Requirements

Are you a pragmatic, detail driven security professional who enjoys turning standards into practical security controls and helping teams understand and manage risk? If you're confident collaborating across departments, producing clear reports, and strengthening an organisation's security posture through measurable improvements, this role could be a great fit., Working knowledge of ISO/IEC 27001 (risk, audit cycles, controls, evidence)

Understanding of PCI DSS requirements and SAQ/attestation processes

Awareness of NCSC best-practice guidance (cloud, phishing, access control, incident management, etc.)

Experience producing clear, concise reports and presenting to stakeholders

Ability to translate technical findings into practical remediation actions

Strong communication skills and confidence working with IT, suppliers, and business teams

An organised, methodical approach with great attention to detail

Benefits & conditions

(email address removed) - 24/7 access to GPs, mental health support, and more for you and your family

Thrive App - NHS-approved mental wellbeing support

Buzz Brights Apprenticeships & Buzz Learning - access to 100s of online courses

Buzz Brilliance Awards - employee recognition scheme

Annual Bonus, depending on company performance

5 weeks annual leave plus public holidays (pro-rated for part-time roles)

Holiday Buy Scheme - purchase an extra week of holiday (eligibility applies)

50% staff discount on bingo tickets, food, and soft drinks

Refer a Friend Scheme

Life Assurance & Pension Scheme

Access to trained Mental Health Advocates

What you'll bring

We'd love to hear from you if you have

Apply for this position