Senior Information Security Analyst

Job Title: Senior Information Security Analyst – Remote/Home-Based Location: Remote / Home-Based (Hybrid as required)Type: Initially 3 months - potential to extend Salary: 34.50 UMB per hour (£26 PAYE)On behalf of our client, We are seeking an experienced Senior Information Security Analyst to provide immediate support to their Information Security team. This hybrid role combines technical security analysis with governance, risk, and compliance (GRC) activities, offering a unique opportunity to influence and maintain the organisation’s security posture.About the Role: The successful candidate will assess risks, review supplier and project security documentation, respond to security questionnaires and tenders, support incident investigations, and help ensure compliance with relevant standards, including Cyber Essentials Plus, ISO 27001, DSPT, GDPR, and NCSC guidelines. This is a hands-on delivery role requiring someone who can work independently, make sound judgments, and communicate effectively with both technical and non-technical stakeholders.Key Responsibilities: Security Governance & Risk

• Conduct security risk assessments for systems, projects, and suppliers, documenting findings consistently.
• Review, respond to, and attest security questionnaires and tender submissions.
• Support and track remediation actions arising from risk assessments, audits, or incidents.
• Assist with maintaining the Information Security Risk Register and associated controls.
• Support compliance with ISO 27001, Cyber Essentials Plus, and DSPT.
• Provide input to security policies, standards, and process improvements.

Technical Security Oversight

• Collaborate with IT and Security partners to review alerts, vulnerabilities, and incidents, providing risk-based recommendations.
• Review and validate security configurations for key platforms (endpoint protection, DLP, Microsoft 365 stack).
• Support technical teams with vulnerability and patch management, assessing impacts of critical vulnerabilities.
• Participate in post-incident reviews and provide input to technical design and change discussions.

Supplier and Third-Party Security Assurance

• Conduct third-party risk assessments and evaluate supplier responses against security requirements.
• Identify and escalate high-risk findings and track mitigation progress.
• Support procurement and legal teams on security clauses and data protection in contracts.

Advisory and Awareness

• Provide practical advice on information security and data protection.
• Promote good security practices across the organisation.
• Support incident briefings and reporting to senior stakeholders.

Required Skills and Experience:

• 5+ years in Information Security roles, combining technical and GRC activities.
• Strong understanding of cloud and network security (Microsoft M365, Azure, Defender, DLP, Conditional Access preferred).
• Experience reviewing security questionnaires, tenders, and supplier assurance evidence.
• Knowledge of risk assessment methodologies (ISO 27005, NIST RMF, or equivalent).
• Familiarity with ISO 27001, Cyber Essentials Plus, DSPT, and GDPR.
• Ability to interpret vulnerability scan results and prioritise remediation.
• Strong written communication and stakeholder engagement skills.

Desirable:

• Relevant certifications: CISSP, CISM, CRISC, CEH, CompTIA Security+.
• Experience in healthcare, charity, or public sector environments.
• Familiarity with NCSC CAF and NHS DSPT frameworks.
• Experience working with SOCs and incident response partners.

Personal Attributes:

• Pragmatic, calm, and delivery-focused.
• Professional, collaborative, and able to build trust quickly.
• Comfortable working independently and making reasoned decisions.
• Strong integrity with a commitment to safeguarding and protecting sensitive data.

If you feel that you have the skills, experience and personal attribute required for this role, please contact Nicola at .uk or call on