Information Security Analyst
Hybrid
London, United Kingdom
Full Time
11-03-2025
Job Specifications
Role profile
Award winning law firm Osborne Clarke are looking for an Information Security Analyst to join their growing Information Security team in in our London office. This is a permanent role offering hybrid working.
The role of the Information Security Analyst is committed to maintaining the highest level of data security and protecting our systems from threats. As part of our ongoing efforts to enhance our information security posture, we are seeking a skilled and motivated Information Security Analyst to join our team.
Job Description
As an Information Security Analyst, you will play a crucial role in safeguarding our organisation's assets from potential threats. You will be responsible for raising awareness with colleagues, assessing risks, implementing controls, and ensuring compliance with industry standards and best practices.
Key Responsibilities Include
Developing, maintaining and publishing ISMS documentation (processes, procedures and guidelines), ensuring overall governance and continual improvement of information security controls.
Maintaining conformance with ISO 27001:2022, and other applicable standards.
Helping expand the scope of ISO 27001 certification to include other international entities of the firm, especially with local processes, risks, controls, internal and external audits and management review
Stay up to date with the latest trends, technologies, and regulatory requirements. Maintain and share awareness of security industry trends including evaluation of new and emerging security technologies and make recommendations to stakeholders
Continuing to enhance the firms security culture through awareness programmes and training
Working with departments and systems across the business to conduct security risk assessments and carry out treatment plans.
Planning and performing periodic internal audits and compliance activities, supporting internal or external security audit processes, defining and implementing any required remediation activities.
Assisting with investigation and triage of any security incidents or issues reported, including use of monitoring activities, scanning/test tools and results to determine potential weaknesses, threat patterns, and trends.
Ensuring resolution, root cause analysis and coordination of remediation activities to ensure effective tracking to closure of potential security breaches, attacks or policy violations.
Help respond to customer requests for information security compliance, controls and contractual measures.
Prepare and present reports on security incidents, risks, and mitigation strategies to management and stakeholders.
Carry out supplier due diligence, monitoring and regular review of performance, including supplier audits.
What We're Looking For
The successful candidate will need to have proven experience in a similar role and/or professional certification in Information Security (e.g. CISSP, CISMP, Lead ISMS Implementer or Auditor). You'll also need to demonstrate the following:
General
Strong interpersonal, communication and collaboration skills (spoken, written and presentation) able to work with, influence and educate people at all levels
Broad ranging consultancy skills (problem solving, change management, influencing, communication, research and data collection and analysis, process mapping, creative thinking, negotiation)
Credible and effective thinker and planner, with good understanding of the firm’s goals and objectives
Excellent attention to detail in terms of task planning, execution and communication
Ability to present ideas in business-friendly and user-friendly language across multiple geographies
Highly organised and outcome focussed
Proactive in the face of challenges, keen to enjoy work and make an effective contribution
Able to effectively prioritise and execute tasks within a fast-paced environment
Excellent analytical and problem solving skills.
Strong collaboration abilities.
Technical
Trained as an auditor in ISO management systems, ideally ISO 27001 but relevant others also considered.
Strong knowledge of certifications and standards such as ISO 27001, Cyber Essentials (plus), ISO 22301 and/or NIST controls
Good awareness of IT security measures, best practices and industry standards.
Experience with incident response procedures and tools.
Good understanding of cyber security and technology
Knowledge of cloud security or services, especially Azure
Knowledge of Office 365
Practical and/or theoretical knowledge of security protocols and tools such as ZScaler
Salary And Benefits
We offer competitive salaries and generous benefits. We value the health and wellbeing of our people and our wide range of initiatives and benefits support this.
Our recruitment process
We welcome direct applications for our opportunities - if you would like any further information about this role or the firm, we would be delighted to hear from you. Please contact, in complete confidence, Dan Jones (Recruitment Manager) at dan.jones@osborneclarke.com.
Please note that although we include closing dates for our roles as a guide, we review and progress applications on a rolling basis. At Osborne Clarke we do not make any recruitment decisions using automated decision-making.
We are committed to providing an environment where you can perform to the best of your abilities at every stage of your recruitment experience and beyond. If you require any adjustments to be made during the application stage, interview process, or when working with us, please let us know in confidence.
About Us
Osborne Clarke is an international legal practice with over 330 Partners and more than 1,260 talented lawyers in 26 locations*. Our sector-based approach enables us to help our clients tackle the issues they are facing today, and prepare for the ones that they will face tomorrow. Advising them both comprehensively and commercially. We love working closely with our clients on new deals, products and solutions which will transform their businesses, markets and even sectors. And our unique approachable culture is not an added extra, it's fundamental to our success.
At Osborne Clarke we value difference and encourage applicants from all backgrounds. We want everyone to feel that OC is a place where you can be yourself and belong, and our range of interest groups and diversity networks - not to mention our great teams - are a part of making that a reality.
Services in India are provided by a relationship firm
About the Company
We’re an international legal practice and our goal is simple: to help our clients and our people succeed in tomorrow’s world. In a business environment that’s facing new digital, economic, political and environmental challenges, we help our clients to gain competitive advantage by providing commercially focused insights and legal services. We’ve been around for over 250 years and have a presence across Europe, Asia and the US. Within our core sectors, our clients range from market leaders to fast-growth companies. Our str... Know more
Related Jobs
- Company Name
- UK Power Networks Services
- Job Title
- Senior Cyber Security (GRC) Analyst
- Job Description
- 80422 - Senior Cyber Security (GRC) Analyst This Senior Cyber Security (GRC) Analyst will report to the Cyber Security Governance, Risk & Compliance Manager and will work within the Information Systems directorate based in either our London or Crawley office. You will be a permanent employee. You will attract a salary of up to £75,000.00 and a bonus of 7.5%. This role can also offer blended working after probationary period (6 months) - 3 days in the office and 2 remote Close Date: 25/03/2025 We Also Provide The Following Additional Benefits 25 Days Annual Leave plus bank holidays. Reservist Leave – Additional 18 days full pay and 22 unpaid Personal Pension Plan – Personal contribution rates of 4% or 5% (UK Power Networks will make a corresponding contribution of 8% or 10%) Tenancy Loan Deposit Scheme, Season Ticket Loan Tax efficient benefits: Cycle to Work, Home & Tech, and Green Car Leasing Schemes Occupational Health support Switched On – scheme providing discount on hundreds of retailers’ products Discounted gym membership Employee Assistance Programme Job Purpose The Senior Governance Risk and Compliance (GRC) Analyst will support the Cyber Security GRC Manager in developing IT governance, risk management, and compliance strategies across UK Power Networks information applications and users to safeguard essential business services and operations from cyber threats. Dimensions People - Work collaboratively in a team of circa 8-10 permanent and temporary GRC resources and specialist 3rd Party GRC service providers. Mentor less experienced GRC analysts, providing guidance and training. Financial - no direct budget responsibility. Industry and Regulatory – deputise for the GRC manager to represent UKPN in energy sector industry forums and regulatory working groups, working collaboratively with Ofgem and the Department for Energy Security and Net Zero Communication – communicate and work with all teams and partners in UK Power Networks. Good verbal, written, and presentational skills to express risks and the potential possible effects to the business and make reasoned recommendations for management action to mitigate or reduce the risks. Stakeholders – regular and ongoing interaction with senior management across IT, IS and the Business; Build relationships with internal support teams, internal and external auditors, specialist 3rd party service providers and partners to manage IT risk, and to monitor mitigation plans and actions. Principal Accountabilities Risk Management: Conduct cyber security risk assessments following the UK Power Networks risk assessment framework and methodology, identifying and explaining findings and treatment actions to important partners. Ensure all risks relating to the control environment are captured and remediation actions defined, tracked, monitored and followed-up with owners including communication of third-party assessments and actions. Reporting: Produce management information related to the risk and control environment. Support IS teams to define main control metrics to demonstrate their effectiveness. Prepare regulatory submissions and provide assurance for UK Power Networks policy compliance within IT which includes main performance metrics and management reporting. Information Security Management System Support: Operate and maintain the information security management system and artefacts, in compliance with ISO 27001/27002 including the governance forum agenda and minutes. Policies and Standards: establish GRC policies, standards and procedures to monitor UKPN information security controls, exceptions, risks, and testing including management reporting on performance. Controls Framework: Ensure a fit for purpose and robust IT control environment and support a roadmap for IT controls improvements. Requiring an understanding of technical issues and controls. Compliance: Design, implement, and run processes to monitor UKPN IT compliance to legal and regulatory requirements such as Smart Energy Code, Cyber Essentials, National Cyber Security Centre (NCSC) Networks & Information Systems (NIS) Regulations Cyber Assessment Framework (CAF) and all IT related audits (internal and external) where the scope is wholly or significantly relevant to the companies cyber security controls. Business Continuity and Disaster Recovery: Own and maintain IT resilience and business continuity plans, plan, coordinate test exercises. Conduct business continuity reviews and evaluate resilience and business continuity activities. GRC Systems and Tools Support: support the technical implementation, maintenance and configuration of the suite of GRC tools, products and systems to ensure effective operation of GRC frameworks and capabilities. Stakeholder Management: Engage and work with important partners across IT, IS and the Business, maintaining daily working relationships with internal and external support teams, internal and external auditors, UKPN regulator Ofgem, third party managed service providers and partners to manage all IT risks across the enterprise. Supply Chain and 3rd Party: Engage, interact and ensure 3rd party supplies are meeting cyber security expectations. Gather evidence and assurance, risk assess and create reports and governance metrics for measuring the ongoing risk and impact that 3rd party suppliers present to UKPN. Nature and scope The Information Systems Department works across UK Power Networks, supporting us in the achievement of our vision to maintain its position as best DNO. The team achieve this through the provision of technology solutions, and the optimisation of current solutions to improve how we operate. Continuous improvement, customer service and seamless delivery is at the heart of this ethos and are therefore underpinned by effective cyber security. You will assess Cyber and IT risks and undertaking risk management activities within UK Power Networks. Also you will support UK Power Networks cyber security maturity improvements in processes that are necessary to protect our customers from cyber threats. You will support all other team members, the rest of Information Systems teams, IT Service Providers and partners across UK Power Networks to implement and improve IS and IT risk management and operational control capabilities that are important to safeguarding UKPN information assets, business services and operations. Knowledge: We ask that you understand governance, risk management, and compliance principles, in addition to a knowledge of relevant laws, regulations, and industry standards. We are looking for a detailed knowledge and practical expertise in at least 3 of the following specialist areas: - Specific Industry Standards IS/IT Operational Controls and Governance IT/IS Risk Management Business Continuity Planning and Disaster Recovery Supply Chain and 3rd Party Risk Management Problem Solving: The role must have strong analytical and problem-solving skills to recommend pragmatic mitigat...
- Company Name
- Alcumus
- Job Title
- Information Security Auditor
- Job Description
- Department: Audit Employment Type: Permanent Location: Field Based, UK Reporting To: Regional Operations Manager Description Please note, that a full driving licence is required as this is a field-based role. Join our growing Lead Auditor teams across the UK! At ISOQAR, we draw on our experience, knowledge, and ambition to empower organisations to achieve their highest potential. Through our robust portfolio of progressive solutions, comprehensive range of certifications and industry-leading insights, we lead by example to amplify excellence within the organisations that we support. ISOQAR is part of the Alcumus Group. A global leader in the provision of support and solutions, the Alcumus Group helps organisations increase resilience and manage risk, protecting its customers, workforce, stakeholders, and the environment. Due to our continued growth, we are seeking professionals within information security to join our growing Lead Auditor teams who support a breadth of clients across the UK. With onsite practical experience and deep knowledge of industry processes, policies, and regulations, you'll help clients reach their full potential. While internal audit experience is helpful, it's not mandatory as we offer comprehensive training via our academy. Following your Global and Divisional inductions, you will embark on a 12-week training programme, including classroom and onsite learning with a Senior Lead Auditor to achieve your Lead Auditor qualifications within Quality Management Systems (9001) and Information Security Management Systems (27001). What that means day to day The life of a Lead Auditor is both fun and varied, and no two days are the same. The responsibilities include: Getting to know our clients and their products Hosting opening meetings – let’s help our clients understand their audit process as much as we can Leading on the audit – this is where your subject matter expertise comes into play Report writing – now the audit is complete, it is time to finalise it and turn your hard work into a report for the client to receive Ongoing learning and development – if you join us with knowledge of just one standard, we will train and upskill you to be able to audit against others What you’ll need to be successful You will have practical workplace experience in information technology and information security. Ideal candidates may have worked in roles such as IT Systems Architect, Cloud Systems Engineer, Network Engineer, Cyber Intelligence Specialist, Digital Forensics Analyst or similar positions. However, we are open to considering candidates with relevant experience beyond these specific roles. Your expertise in the field is essential for this role. As this role will involve regional and national travel, you should be comfortable with overnight stays and have a full driving licence. As you will be working with several industries, you should be a confident communicator both verbally and written and have positive influencing skills. As we pride ourselves on our integrity and technical expertise, thorough and concise report-writing experience is essential to this role. What you'll get in return Alcumus has a hybrid workplace policy, where you will work from the office 3 days per week. We want you to be able to do your best work here. We emphasize providing many ways to support our team to do their best work and below are some of the perks and benefits we offer: Personal Health & Wellbeing / Benefits Enhanced Parental Leave Generous annual leave Healthcare Plan Annual Giving Day – an extra day to give back to yourself or your community Car Allowance (role specific) Cycle-to-work Scheme Future Planning Pension scheme with employer contributions Life Assurance – 3X base salary Rewards Program – access to discounts and cashback LinkedIn Learning License for upskilling & development Interested but don’t feel you meet all the requirements? Our recruitment team assesses and reviews all applications against the role and business needs. We believe in people having transferable and soft skills and want you to know that we do consider where an individual might not meet all the criteria, but have the aptitude and capability, nonetheless. Our priority is to ensure we set people up for success. We will make a final call based on our determining whether we can offer the necessary support to upskill or provide the developmental support needed for you to get the best out of this opportunity with us! Bring Your Whole Self To Work. Alcumus is proudly an equal-opportunity employer. We are committed to ensuring that no candidate is discriminated against because of gender identity and expression, race, disability, ethnicity, sexual orientation, age, colour, region, creed, national origin, or sex. We are dedicated to growing a diverse team while continuing to create an inclusive environment where everyone feels safe and empowered to be themselves. What you can expect if you apply: A response to your application within 15 working days An interview process consisting of: An initial discovery call with the recruiter A first-stage interview via Microsoft Teams We’re keen to ensure our hiring process allows you to be at your best, so if you need us to make any adjustments, please just let us know.
- Company Name
- Paragon Alpha - Hedge Fund Talent Business
- Job Title
- Senior Product Security Engineer - Systematic Hedge Fund - £250k
- Job Description
- I'm working with a tech driven hedge fund famous for their investment in technology, culture and collaboration. They hire people from tech as commonly as from within finance, and they need a Senior Product Security Engineer to join their growing London office. The company is running a plethora of applications ranging from AWS platforms, C++ low latency systems, and data heavy systems in Python. They need a Security Engineer to join and help automate security processes, influence the architecture, and partner with Cloud and Data teams. They need someone with 6+ years experience, who has diverse experience across threat modelling, product security and system architecture. Stack: Python, AWS, Linux, SAST This company has a modern culture with evangelizes collaboration and research, and as an engineer you are the driving force of the company and not an afterthought. This culture is coupled with market leading salaries and also two days a week remote. If this sounds of interest, please do apply.
- Company Name
- T-Systems UK
- Job Title
- Sales Specialist - Cyber Security
- Job Description
- About the Company - At T-Systems, we recognise the imperative for companies to accelerate their digital transformation to remain competitive. We specialise in guiding our customers through this journey, translating challenges into digital solutions that deliver tangible business value. Our integrated solutions cater to various industries and sectors, including security services. We provide a comprehensive portfolio of services, from IT transformation services to the implementation of innovative projects. With a global network of resources, cutting-edge data centres, and stringent security measures, we ensure our clients are equipped to navigate the digital landscape securely. About the Role - The Security Services at T-Systems focuses on delivering cutting-edge security solutions to clients across industries. We enable organisations to fortify their digital infrastructure, safeguarding against cyber threats and ensuring data integrity. Our solutions empower businesses to navigate the complexities of digital security with confidence and resilience. T-Systems continues to innovate in security services by integrating advanced technologies, adopting best practices, and staying abreast of evolving cyber threats and regulatory requirements. Responsibilities Provide in-depth knowledge of our security solutions and portfolio to clients, addressing their specific needs and concerns. Supports business development strategy implementation and vision based on the company's best interest and portfolio. Stay abreast of market trends and competitor activities, adjusting sales strategies accordingly. Identify and pursue new business opportunities within the security services sector. Owns all client proposals for security-related solutions. Responsible for interfacing between technical and sales teams to support client existing and future engagement. Identifies technical scope and initiates sales and technical resource allocation per the sales strategy and management directions. Manages technical and sales teams' coordination for tender preparation. Manages solution portfolio knowledge within the sales team. Cooperates with other T-Systems teams to identify strategic partners and products to complement existing T-Systems solutions. Build and maintain a robust sales pipeline by leveraging market insights and prospect segmentation. Develop and execute strategic sales plans to meet or exceed annual revenue targets. Collaborate with internal stakeholders, including business development managers, account managers and client success managers, to ensure seamless execution of sales initiatives. Preferred Experience Good understanding of security services industry dynamics and trends. Extensive enterprise cyber security services sales experience, with a proven track record of exceeding targets. Experience in digital transformation projects and familiarity with IT industry landscapes. Demonstrated ability to cultivate relationships with key decision-makers, including C-suite executives. Proactive mindset with a willingness to take calculated risks to drive results. Exceptional communication and presentation skills, both verbal and written. Problem-solving abilities. Collaborative team player with excellent organisational skills.