HCUK Information Security Assurance Analyst

• Maintain and improve the ISMS.
• Review and update ISMS policies, procedures, standards, and guidance.
• Coordinate internal ISMS reviews and audits.
• Facilitate supplier onboarding and conduct annual security assessments.
• Develop and deliver security awareness initiatives.
• Monitor security alerts and incidents, escalating when necessary.
• Prepare reports on security incidents, risks, and vulnerabilities.
• Schedule penetration tests and vulnerability scans, supporting remediation efforts.

• Analyse external vulnerability bulletins and coordinate remediation.
• Assist in evaluating cybersecurity tools.
• Use third-party assessment platforms for risk and compliance.
• Operate and improve the online ISMS platform ensuring data quality.

• Support Senior Information Security Analyst with project delivery including research, coordination, and documentation.
• Participate actively in project teams to implement security initiatives.

• Monitor and maintain evidence of control effectiveness.
• Support audits by coordinating evidence collection.
• Evaluate controls and document nonconformities.
• Respond to audit findings ensuring timely remediation.

• Build relationships with internal and external stakeholders to support security objectives.
• Collaborate with IT teams to prioritize and track remediation of vulnerabilities.

• Produce clear reports on security activities and projects.
• Document and report incidents with root cause analysis.
• Generate ISMS reports using defined metrics for governance.
• Communicate risks effectively tailored to audience technical levels.

• Support ongoing ISMS review and enhancement.
• Research and recommend new security tools and practices.
• Keep colleagues and managers informed of security issues and implications.

• Assist in targeted information security risk assessments.
• Participate in risk meetings and prepare reports.
• Report risks, incidents, and breaches in line with policies.

• Documentation & Attention to Detail: Ability to translate complex technical information into business-relevant language with strong accuracy.
• Communication: Excellent verbal and written skills for technical and non-technical audiences.
• Teamwork: Collaborative and professional in building strong working relationships.
• Time Management: Effective multitasking and independent work with minimal supervision.
• Influencing & Negotiating: Builds trust and uses interpersonal skills to influence and build consensus.
• Problem Solving: Applies initiative and critical thinking with adaptability and curiosity.

• Understanding of information security principles, frameworks (e.g., ISO/IEC 27001), and risk management.
• Familiarity with ISMS maintenance and security incident response.
• Knowledge of regulatory requirements such as GDPR, NIS2, and Cyber Essentials.
• Experience with third-party security assessment platforms and GRC tools is desirable.
• Exposure to vulnerability management and audit involvement is advantageous.
• Relevant education or professional qualifications in risk, compliance, or information security.

• Hybrid working model with a minimum of two days per week at the Reigate, Surrey office.
• Occasional domestic travel may be required.
• Salary range between £40,000 - £45,000 depending on experience.
• Eligibility for an annual bonus of up to 15%.
• 25 days holiday plus bank holidays, with flexible holiday options and additional leave after five years.
• Company pension with generous contributions.
• Voluntary benefits allowance of £500 per annum.
• Family support benefits including death in service and income protection.
• Discounted voluntary healthcare benefits and company-sponsored private medical insurance after one year.
• Employee car scheme.
• Employee assistance program.

Santander