Information Security Risk and Assurance Analyst

I’m interested


Leeds or London

Contract type


Job description

Consult. Report. Improve.

In 2016 we fought off online attacks from territories all over the world, and they continue to keep us very busy. We can’t just wait for an attack to happen before we find out how our technology and systems will cope. We need to assess and analyse the risks, make sure that the rest of the business are aware, fix any issues and continually improve to keep our customers' and colleagues’ information safe.

As an expert in information security and risk management, the rest of the business will turn to you for advice on how new systems and processes are being developed. Whether in house or from third parties, they’ll need to meet our compliance requirements and our own high security standards. You’ll work with colleagues across the world to make sure that all areas of our business are doing everything they should to protect our systems and sensitive information. You’ll gain an in-depth understanding of all areas of our business and technologies, analyse their risks and put forward recommendations and solutions to continually improve our security posture.

You’ll write and raise awareness of our security policies, working with different areas of our business to integrate these with existing standards and processes. A lot of things can be done over Skype, the phone and e-mails. But some things you need to see in person and you’ll be able to travel to each of our office locations around the world.

You’ll know ISO27001 and PCI-DSS inside out and be able to show your knowledge through the technical security and audit certifications you have achieved (GIAC, CEH, CISSP, CISA, CISM, CRISC, CGEIT, CCSP, PCI DSS QSA/ISA, ISO27001 Lead Auditor)

You’ll be great with people and will be able to quickly build good working relationships with anybody in our business and partners. They'll see you as a trusted analyst through your broad information security knowledge including networking, infrastructure and operating systems, databases, cloud and application security.

You'll be able to objectively quantify risk and communicate this to colleagues in the business as well as the techies responsible for implementing solutions to reduce risk exposure.