Senior Information Security Analyst JM RQ1640948

Our client is seeking an experienced Senior Information Security Analyst to provide immediate support to their Information Security team. This role is a hybrid of technical security analysis and governance, risk, and compliance (GRC) activities.

The successful candidate will play a key role in assessing risks, reviewing supplier and project security documentation, responding to security questionnaires and tenders, supporting incident investigations, and helping to maintain the organisation's security posture and compliance with relevant standards (Cyber Essentials Plus, ISO 27001, DSPT, GDPR, NCSC).

This is a hands-on delivery role for someone who can work independently, make sound judgements, and communicate clearly with both technical and non-technical stakeholders., Security Governance & Risk * Conduct security risk assessments for systems, projects, and suppliers, and document findings in a consistent and evidence-based way. * Review, respond to, and attest security questionnaires and tender submissions from vendors and partners. * Support and track remediation actions arising from risk assessments, audits, or incidents. * Assist with the maintenance and review of the Information Security Risk Register and associated controls. * Support compliance with ISO 27001, Cyber Essentials Plus, and Data Security & Protection Toolkit (DSPT) requirements. * Provide input to security policies, standards, and process improvements.

Technical Security Oversight * Collaborate with IT and Security partners to review alerts, vulnerabilities, and incidents; provide risk-based recommendations. * Review and validate security configurations for technology stack, endpoint protection, DLP, and other key platforms - advising on improvement actions rather than performing hands-on configuration. * Support technical teams in vulnerability and patch management, and assess the impact of critical vulnerabilities on the organisation's environment. * Participate in post-incident reviews and support lessons-learned reporting. * Provide security input to change reviews and technical design discussions when required. * Conduct and document third-party risk assessments for new and existing suppliers. * Evaluate supplier responses and evidence against the organisation's security requirements and standards. * Identify and escalate high-risk findings and track mitigation progress. * Support procurement and legal teams with security clauses and data protection considerations in contracts. * Provide practical, proportionate advice to projects and business teams on information security and data protection. * Promote good security practice and awareness within the organisation. * Support the Head of Information Security in incident briefings, reporting, and communication with senior stakeholders.

Do you have experience in Network security?, 5+ years' experience in Information Security roles combining technical and GRC activities. * Strong understanding of cloud and network security (preferably Microsoft stack: M365, Azure, Defender, DLP, Conditional Access). * Demonstrated experience reviewing security questionnaires, tenders, and supplier assurance evidence. * Good knowledge of risk assessment methodologies (ISO 27005, NIST RMF, or equivalent). * Working familiarity with ISO 27001, Cyber Essentials Plus, DSPT, and GDPR requirements. * Experience interpreting vulnerability scan results and prioritising remediation. * Strong written communication skills for drafting risk reports, supplier reviews, and executive summaries. * Excellent stakeholder engagement skills - able to explain technical concepts in plain language., Relevant certifications such as CISSP, CISM, CRISC, CEH, CompTIA Security+, or equivalent experience. * Experience working in healthcare, charity, or public sector environments. * Familiarity with NCSC CAF and NHS DSPT frameworks. * Experience working with SOCs and incident response partners.