Information Security Analyst

Description

Information Security Analyst

Hybrid – Nottingham (1 day per week onsite) Full-time, 40 hours per week (Mon–Fri, 9am–5pm)

Salary: £35,000 - £40,000 depending upon experience

Are you a pragmatic, detail-driven security professional who enjoys turning standards into practical security controls and helping teams understand and manage risk? If you’re confident collaborating across departments, producing clear reports, and strengthening an organisation’s security posture through measurable improvements, this role could be a great fit.

We’re looking for an Information Security Analyst who can balance governance, risk, compliance, and hands-on operational security activities.

What you’ll be doing

In this varied and impactful role, you’ll help operate and continuously improve our Information Security Management System (ISMS) while supporting risk management, compliance, and audit readiness across the business. Your work will span policies, controls, assessments, awareness, and metrics.

You will:

Maintain and update ISMS policies, standards, and procedures

Coordinate internal and external audits (including Gambling Commission security audits) from planning to closure.

Run the risk management process, keeping registers and treatment plans accurate

Support PCI DSS compliance activities and associated evidence collection

Manage and track vulnerability scanning and remediation across systems

Assist with incident response, triage, evidence collection, and post-incident reviews

Work with IT and MSPs to improve security controls, alert quality, logging, and SIEM coverage

Conduct supplier due diligence and review third-party security documentation

Deliver targeted security awareness training and publish practical guidance

Produce monthly and quarterly reports on risk, vulnerabilities, audits, and incidents

This is a collaborative, business-wide role where you’ll help embed security into everyday operations and ensure controls remain effective and well-documented.

What You’ll Get in Return

(email address removed) – 24/7 access to GPs, mental health support, and more for you and your family

Thrive App – NHS-approved mental wellbeing support

Buzz Brights Apprenticeships & Buzz Learning – access to 100s of online courses

Buzz Brilliance Awards – employee recognition scheme

5 weeks annual leave plus public holidays (pro-rated for part-time roles)

Holiday Buy Scheme – purchase an extra week of holiday (eligibility applies)

xjnqpsq

50% staff discount on bingo tickets, food, and soft drinks

Refer a Friend Scheme

Life Assurance & Pension Scheme

Access to trained Mental Health Advocates

What you’ll bring

We’d love to hear from you if you have:

Working knowledge of ISO/IEC 27001 (risk, audit cycles, controls, evidence)

Understanding of PCI DSS requirements and SAQ/attestation processes

Awareness of NCSC best-practice guidance (cloud, phishing, access control, incident management, etc.)

Experience producing clear, concise reports and presenting to stakeholders

Ability to translate technical findings into practical remediation actions

Strong communication skills and confidence working with IT, suppliers, and business teams

An organised, methodical approach with great attention to detail

#BB1

Ad ID: 5417778506