Information Security Analyst (Compliance and Audit)

Our client is seeking an Information Security Analyst to join their cyber security function, with a strong focus on vulnerability management, assurance and compliance. Reporting into the Head of Information Security, this role plays a key part in identifying, assessing and reducing cyber risk across the organisation, working closely with internal technology teams, managed service providers and third-party security partners. Key Responsibilities Manage vulnerability management and remediation activities across applications and infrastructure Coordinate penetration testing, remediation and assurance activities with third parties Support ongoing PCI DSS compliance, including assessments, evidence and control testing Configure and operate security tools, including vulnerability scanners and endpoint protection Monitor and respond to security incidents, escalating to SOC teams where required Conduct security risk assessments, audits and contribute to risk management frameworks Implement security policies, procedures and develop operational playbooks Act as a key security point of contact for internal teams, MSPs and security partners Experience: Proven experience in Information Security, Vulnerability Management or Security Operations Strong understanding of vulnerability assessment, patch management and remediation processes Knowledge of secure web application principles (OWASP Top 10, SANS 25) Experience with application and infrastructure security, including: Firewalls, Web & Email Security, AD / Group Policy, MFA, DMARC, DKIM, SPF Good understanding of network and cloud security concepts (DMZ, TCP/IP, Cloud platforms) Solid awareness of current cyber threats, risks and mitigation techniques Desirable: Experience supporting PCI or other regulatory compliance frameworks Exposure to managing penetration testing programmes end-to-end Ethical hacking or information security certifications (e.g. CISSP, CCSP, Microsoft Security) Experience with Microsoft Azure, Office 365, Endpoint or Cloud Security tooling Please apply now if you are meeting the above criteria or contact Andrew Harrison directly. Skills: InfoSec Cyber Security Vulnerability Compliance Application Infrastructure Benefits: Work From Home