Senior Information Security Analyst

• Develop and deliver the firm's information security strategy and roadmap.
• Provide subject matter expertise and guidance on information security to partners and staff.
• Lead and mentor a small team, fostering professional growth and development.
• Lead the implementation and ongoing management of ISO 27001, including policy and control implementation and stakeholder engagement.
• Lead the development, implementation, and review of security policies, standards, and procedures.
• Own and manage the relationship with the firm's Managed Security Operations Centre (SOC), acting as the primary point of contact, ensuring service levels are met, and coordinating incident response.
• Oversee operational security including server and endpoint protection, M365 security, identity and access management, vulnerability assessments, patching, and system hardening.

• Extensive experience in information security management, ideally within professional services environments.
• Proven management capabilities, including team management and effective stakeholder engagement.
• Hands-on expertise in ISO 27001 implementation and certification, from development through to successful audit.
• Experience of successfully completing Cyber Essentials Plus audits and a solid understanding of UK GDPR requirements.
• Demonstrated ability to manage third-party security relationships.
• Strategic, pragmatic, and business-aligned approach to security risk management and decision-making.
• Highly desirable certifications such as CISM, CISSP, or ISO 27001 Lead Implementer.
• Endpoint Security: EDR solutions and endpoint management platforms.
• Microsoft 365/Entra ID: Identity protection, Conditional Access, MFA, and Privileged Identity Management (PIM).
• Security Monitoring & Operations: SIEM platforms and SOC processes.
• Network Security: Firewalls, web application Firewalls, and VPN technologies.
• Encryption: PKI and data encryption for both data at rest and in transit.
• Email Security: Mimecast and Exchange Online, Tessian plus SPF/DKIM/DMARC configuration.
• Backup and Recovery Systems: On-premise and Cloud backup solutions
• Experience of project management disciplines (eg: Prince2, Agile) are desirable.

In accordance with the Employment Agencies and Employment Businesses Regulations 2003, this position is advertised based upon DGH Recruitment Limited having first sought approval of its client to find candidates for this position., DGH Recruitment Limited acts as both an Employment Agency and Employment Business