Security Analyst
Role details
Job location
Tech stack
Job description
The Security Analyst will join Brunswick's Information Security team and play a dual-role function, splitting time between Third Party Risk Management (TPRM) and operational cyber security activities.
The role is critical in protecting Brunswick's information assets, supporting client trust, and maintaining our security certifications. The successful candidate will work closely with Legal, Privacy, IT, and client-facing teams, while also contributing to day-to-day cyber security monitoring and incident response., In this role, you will be responsible for supporting Brunswick's information security programme across both third-party risk and cyber security operations, ensuring risks are identified, assessed, and managed in line with the firm's risk appetite., * Conducting supplier security assessments and due diligence as part of Brunswick's Third Party Risk Management programme.
- Reviewing and assessing supplier and client security questionnaires, identifying control gaps, and associated risks.
- Supporting client security due diligence requests by completing questionnaires and providing appropriate supporting documentation.
- Collaborating with Legal to review information security and cybersecurity clauses in client contracts and Master Service Agreements.
- Documenting assessment outcomes and communicating clear, risk-based recommendations to internal stakeholders.
- Supporting the maintenance of ISO27001 and TISAX certifications through supplier- and client-related controls and audit preparation.
- Reviewing and triaging security tickets, alerts, and escalations from security tooling and internal reporting channels.
- Assisting with the investigation of security incidents, including analysis and post-incident reporting.
- Supporting vulnerability and technical risk assessments aligned with Brunswick's environment and risk appetite.
- Contributing to the continuous improvement of security processes, controls, and security awareness across the firm.
Requirements
This is a hands-on role suited to someone with 3-5 years' experience who is comfortable operating across governance, risk, and technical security domains., We're looking for a technically capable and commercially aware security professional who is comfortable operating across both governance and operational security domains. The ideal candidate will demonstrate:
- 3-5 years' experience in information security, cyber security, third-party risk management, or a related role.
- Hands-on experience conducting supplier security assessments, due diligence, or responding to client security questionnaires.
- Experience working in an ISO27001-compliant organisation, with familiarity of relevant control sets.
- A practical, technical understanding of cyber security concepts, risks, and controls (e.g. SIEM, EDR, vulnerability management, email/web security).
- Strong written and verbal communication skills, with the ability to translate technical risks into clear, business-focused language.
- High attention to detail, strong analytical skills, and sound judgement in time-sensitive or high-pressure situations.
- Confidence collaborating with Legal, IT, Privacy, and client-facing teams.
- A proactive mindset with a desire to develop skills across both third-party risk and cyber security operations.
- Preferred, but optional, certifications:
- ISC2: CISSP, CCSP, SSCP
- CompTIA: Security+, CySA+, CASP+
