Information Security & Compliance Analyst

Job Title: Information Security & Compliance Analyst
Location: Cardiff Bay, Wales
Salary: up to £35,000 per annum based on experience
Department: Security and Compliance
Reports To: Information Security Manager


Your role will be to support and coordinate the improvement of our security controls and visibility within the group organisation structure based around the ISO/IEC 27001:2013 standard, GDPR Regulation as well as other required standards/regulations. You will monitor security compliance reporting and support group information security and compliance communications. Further responsibilities include supporting the management of the internal and external audit schedule, remediation activities and effectiveness measurements. Although not a strictly technical role, technical IT knowledge will be advantageous as you will interact regularly with IT infrastructure and development teams.

The right person for this role will be pro-active and resilient in the face of shifting priorities, with a keen eye for detail and the ability to prioritise and complete tasks in an effective and timely manner. They will need strong stakeholder engagement skills to ensure completion of tasks where ownership is outside of the security team. Experience of carrying out compliance audits to defined standards would be of benefit when applying for this role.

Key Responsibilities

To assist the Group Information Security Manager in managing day to day, business as usual, Information Security and Compliance activities. Activities include:

• Help monitor and improve security controls within Creditsafe
• Support in the management of the internal policy portal
• Perform regular security and compliance activities including security reviews and internal audit
• Support the Security and Compliance standardisation program
• Support in the monitoring of the Creditsafe GDPR compliance and audit program
• Coordinate the regular internal and external audit activities including organising participants and managing resulting actions
• Assist with the internal Security communications program
• Other duties as defined by the information security manager or Group Head of Information Security and Compliance
• Compile and manage group wide security and compliance metrics reporting

Key Skills:

• Prior experience in an information security or regulatory role
• Knowledge of Security and compliance frameworks such as ISO27001, Cyber Essentials etc.
• Knowledge of GDPR
• Clear and concise communicator
• Policy creation and lifecycle management
• Ability to collaborate with multidisciplinary teams
• Strong organisational skills
• Strong Microsoft Excel, Word, PowerPoint skills
• Flexibility to travel ( c25%)

• Knowledge of SOC 2 and CSA Star audit management
• Degree or higher education within a technical or business oriented subject or relevant commercial experience
• Experience of carrying out compliance audits