Information Security Risk and Compliance Analyst

We are seeking an enthusiastic and capable Information Security Risk and Compliance Analyst to support the provision of effective Information Security through the development and implementation of appropriate policies, procedures, and controls, together with a superstar team led by an inspiring Engineering Lead.

This is an important role critical to ensuring secure access to data and services for staff, partners, clients, and other stakeholders.

• Collaborate to define information security standards and develop supporting organisational policies.
• Leading the development of the overall Information Security Management System at Climate X, from induction training of new staff to conducting quarterly audits and chairing both the Annual Management Review Meeting and multi-year ISMS Committee Meetings, comprising the heads of each department.
• Support vendor/supplier due diligence process and help to lead and define overall third-party risk management efforts.
• Support the maintenance of existing ISO 27001 and UK Cyber Essentials certifications as required.
• Support internal and external audit processes for relevant compliance concerns, including SOC 2, ISO27001, and GDPR, as well as others as they arise.
• Perform business impact analysis and assist with the development of the Information Security Risk Registers.
• Guide business and risk owners in developing appropriate risk treatment plans to reduce the organisation's risk.
• Stay current and well-informed on developing regulatory concerns and changing IT and information security trends.
• Support audit and compliance activities on new development projects.

• A current cybersecurity or technology certification such as CISSP, CISM, CCSP, CCP SIRA, CISA, CRISC, SEC+.
• 3+ years of combined relevant experience in Information Technology or Cybersecurity.
• 2+ years of experience working directly in an Information Security Governance, Risk and Compliance role, ideally within the UK and European context.
• Experience with commonly accepted industry standards and best practices relating to information security compliance, such as ISO 27000 series or NIST 800 series.
• Experience with information security management, information systems auditing and compliance are essential.

• Bachelor's degree in computer science/technology, cybersecurity, information management or other IT-related field.
• Experience with information security governance, risk, and compliance management in a global context.
• Demonstrated ability to assess business risk, classify potential threats, and enhance security controls for remediation & countermeasures.
• Familiarity with ISMS and security frameworks.
• Good working knowledge of cloud security.
• Experience with information security testing methodology.
• Hands-on, can-do attitude, great interpersonal skills, and ability to collaborate effectively. This includes the ability to plan projects, meet objectives, develop contingencies, and produce schedules.
• Strong written, verbal, and interpersonal skills – and the ability to explain complex concepts to a non-technical audience.