Information Security Analyst

Are you an Information Security Analyst who specialises in security governance risk and compliance? If you’ve answered yes, then you could be the right person to join the Information Security team in either one of our UK, Ireland, or French offices.

What you can expect from us:
Salary of £40-48k / €45-€55k
Permanent Contract
Flexible location
23 days holiday plus public holidays
Matched 5% pension contribution

Not only are we offering a competitive salary and a fantastic bonus scheme, you’ll also be entitled to loads of great benefits including, discount, private health insurance, and cash back on hundreds of high-street shops, plus much more.

What can you expect as an Information Security Analyst?

You will be responsible for providing expert and professional information security services through understanding the control and management of Information Security Management Systems, and the effective use of information & cyber security controls relating to both technology and process.

You will be involved in assisting in the development and optimisation of control management processes to ensure Encore business entities operate and can evidence effective InfoSec controls which address their risks, any local legislative or regulatory requirements, company policies, and security best practice.

You will develop and manage processes, standards, and quality assurance for the smooth operation of the ISMS across the Encore businesses, including risk, audit, awareness, and continuous improvement activities. You will also support fellow departments and group businesses with information security advice and guidance as necessary.

Key Accountabilities & Responsibilities

Develop, implement, and maintain information security policies, standards, procedures, guidelines, and training associated with the effective delivery of Encore ISMS, and ensure recommendations associated with effective governance of information security are adopted.
Provide a key resource for GRC activities across European business entities, building relationships with key business stakeholders and strong working relationships with the risk and compliance team globally.
Ensure effective management of IS risk to deliver security through clear, consistent, and prioritised communication of key vulnerabilities and recommended mitigations; obtain ownership and support remediations required to bring residual risks in line with targets
Perform regular audits of our InfoSec controls in line with policy and our ISMS; support our control owners; document evidence; report findings, recommend actions; manage remediations.
Conduct regular and ad hoc risk reviews; prepare analysis for senior stakeholders/risk owners; provide prioitised recommendations, with options based on clearly communicated compensating controls, their impact, and effect on residual risk.
Operate the continuous service improvement plans for all our businesses to ensure we refine our Information Security Management System, adhering to ISO27001 standards.
Help define and implement a maturity model based on NIST CSF Domains; agree sub-domains, controls and control statements; evaluate business unit performance on a regular basis; make recommendations to key internal stakeholders; report status.
Responsible for escalation of any identified security issues to required timescales and quality; recommending remediating actions and ensuring these are completed within the required timescales and SLAs. Provide GRC InfoSec support to the business outside of normal working hours in response to key incident or event management practice.

Person specification:
The job holder will also be measured against the following core capabilities:
Focus on results
Commitment to continuous improvement & quality
Personal impact & professional credibility
Investigation, analysis & decision making
Flexibility & adaptability
Strong customer focus with the drive and commitment to improve the level of service clients receive (internal/external).

Formal Education & Certification

Professional qualification in one or more IS standards.
In depth knowledge of Information security standards: ISO 27001/PCI

What happens next?

Working for Cabot:
You’ll be working for an award winning; Investors in People Gold accredited organisation. We’re passionate about the ethical treatment of our customers and employees. Our mission is to create pathways to economic freedom. Our vision is to make credit accessible by partnering with our consumers to restore their financial health.