Information Security Analyst - GRC

• Conduct and coordinate information security and privacy risk assessments for new and existing suppliers
• Assess supplier controls relating to data protection, information security, data hosting and subcontractor usage
• Maintain accurate records of organisational data shared with third parties, including purpose of use, classification, sensitivity and processing location
• Ensure supplier data handling arrangements clearly define retention, archiving and deletion requirements in line with internal policies and regulatory obligations
• Support Procurement, Vendor Management, Legal and Information Security teams to embed supplier assurance throughout onboarding, renewal and contract processes
• Track remediation actions with suppliers and internal teams, escalating high-risk issues where appropriate
• Review how personal data is used across systems, processes and vendor solutions
• Ensure data classification, sensitivity and lifecycle controls are clearly documented
• Promote data minimisation by identifying unnecessary collection or retention of personal data and challenging excessive processing
• Document personal data risks, gaps and recommended actions in line with risk management processes
• Provide risk-based advice and technical input to business stakeholders on personal data processing
• Support the review, development and implementation of information security and data protection policies
• Contribute to information security risk registers and compliance monitoring activities
• Produce compliance reports, dashboards and metrics for management and senior stakeholders
• Assist with internal and external audits, including GDPR, PCI DSS and financial audits
• Maintain compliance tracking across third-party risks, data lifecycle controls and privacy-related risks
• Track remediation of identified compliance and control issues to ensure timely closure
• Support incident response activities, particularly those involving third-party access or personal data
• Document business and supplier processes to support governance, risk and compliance requirements
• Produce clear, auditable documentation for assessments, risks, decisions and approvals

Technologies:

• Support
• Security, We are excited to offer an opportunity for an Information Security Analyst - GRC to join our dynamic technology function in Central Birmingham on a 12-month fixed-term contract. Our team thrives on collaboration and ingenuity, and this position will be instrumental in supporting our governance, risk, and compliance activities, focusing on third-party risk management and data protection assurance. We provide a hybrid working model, which means you will work three days a week on-site with a competitive salary of £45,000.

• Good understanding of GDPR, the UK Data Protection Act, and information security control requirements
• Experience conducting supplier assurance, security due diligence or third-party risk assessments
• Ability to assess technical and organisational security controls
• Strong analytical skills with excellent attention to detail
• Clear written and verbal communication skills, able to work with legal, technical and operational teams
• Experience supporting incident or breach investigations
• Ability to manage multiple competing priorities and work pragmatically with stakeholders
• Relevant certifications such as CIPP/E, CIPM, CompTIA Security+, or BCS Practitioner Certificate in Data Protection (desirable)
• Experience working in large, complex or multi-site environments (desirable)