Information Security Compliance Analyst

Information Security Compliance Analyst

12 Month FTC

Hatfield - Hybrid

As an Information Security Compliance Analyst, you will Support the development and maintenance of the EMEA information security management system, ensuring compliance with Global EIT strategy, EMEA business needs, and relevant legislation (e.g NIS 2, AI Act, GDPR). Maintain ISO 27001:2022 certification and ensure adherence to health, safety, financial, and privacy regulations.

What are we looking for?

• Degree level qualified or equivalent - essential.
• CISM and / or CISSP or other relevant certification is highly desirable
• ISO 27001:2022 Lead Implementer / Auditor certification is highly desirable
• Demonstratable experience in an Information Security, IT Governance, Risk and Compliance based role, including maintaining and continually improving an ISO 27001 compliant management system.
• Experience of information security management and/or security awareness.
• Good knowledge of industry standard frameworks and best practices – ISO 27001: 2022, NIS2, AI Act etc. and their practical application in a corporate environment to ensure all elements of integrity, availability and confidentiality are adhered to.
• Extensive experience conducting information security risk assessments, reporting risks
• Experience of developing, implementing, managing, and maintaining Information Security policies, guidance, & procedures.
• Experience of risk management and maintaining risk registers.
• Knowledge & experience of risk assessments against third-party organisations based on IT control frameworks such as ISO 27001(essential) and ISO 31000(desirable).
• Practical experience of conducting gap analysis, testing information security processes, procedures, plans and support audits to achieve compliance with Information Security standards.
• Practical experience of establishing and maintain data classification standards within a corporate environment.
• Experience in developing and executing an Information Security awareness training across multi-business units.
• Experience with ensuring corporate compliance with UK/EMEA data protection legislation such as DPA and GDPR.
• Good knowledge of a broad range of IT technology platforms, products, services.
• Stakeholder management experience at both a technical and non-technical to Executive level.
• Excellent Business/customer facing experience

If you are interested please apply or send your CV to luke.sandilands@cpl.com