Location: UK-wide (Hybrid)
Salary: £36,000–£38,000 Benefits
We’re looking for a hands-on Information Security Risk & Compliance Analyst to join a growing Business Protection / InfoSec function. This is a practical, collaborative role for someone who thrives in a dynamic, evolving environment and enjoys taking ownership of meaningful work. You’ll help maintain and expand ISO 27001 standards, support operational InfoSec, and contribute to shaping a developing function.
Key responsibilities:
- Maintain and develop an Information Security Management System (ISMS) and ISO 27001 standards.
- Assist with risk assessments, control testing, documentation, policies, and operational InfoSec support.
- Respond to internal queries, incidents, breaches, and client/supplier security questionnaires.
- Identify gaps and help expand ISO standards across additional sites or entities.
- Translate technical InfoSec issues into clear guidance for non-technical stakeholders.
- Collaborate with the team to improve processes and drive practical solutions.
Ideal candidate:
- Hands-on ISO 27001 / ISMS experience.
- Practical experience with risk assessments, controls, documentation, and policy/process support.
- Comfortable working in ambiguity and proactively shaping processes.
- Strong written and verbal communication skills, able to engage stakeholders across multiple business units.
- Exposure to GDPR and related frameworks is advantageous.
- Formal certifications are a bonus, but practical experience is highly valued.
Why this role is exciting:
- Be part of a small, collaborative InfoSec team with scope to shape the function and take ownership over time.
- Work across multiple service lines, entities, and regulated environments.
- Flexible hybrid working with no fixed office days.
- Opportunity to work on meaningful, hands-on InfoSec projects with real business impact.
If you are proactive, practical, and ready to contribute to a growing InfoSec function, we’d love to hear from you.
