Infomation Security Analyst

Role Overview The Information Security Analyst will support a wide range of information security, vendor management, procurement, audit, and technical security activities across the business. The role involves working closely with teams such as Legal, Procurement, IT, and Engineering to ensure security best practices are embedded in company processes and supplier relationships. This position would suit someone with experience in roles such as IT Helpdesk, IT Operations, Risk Compliance, Internal Audit, or Security Operations who is looking to develop a career in Information Security. Key Responsibilities: Commercial Support Assist with RFP responses and client security questionnaires. Support client annual security audits and due diligence requests. Respond to internal and external queries relating to information security controls. Review and interpret security-related contractual clauses, including data protection, data retention, and audit requirements. Procurement Supplier Due Diligence Support the supplier security due diligence process for new vendors. Participate in procurement and supplier onboarding discussions. Collaborate with teams to ensure suppliers meet company security standards. Vendor Risk Management Maintain annual vendor due diligence reviews and documentation. Track supplier inventories and criticality ratings. Monitor performance and risk indicators for key suppliers (SLA breaches, downtime, incidents, and news). Support projects such as fourth-party risk assessments and information gathering. Monitor scope changes in vendor products and services as they become available. Work closely with Legal, IT, and Security teams on emerging topics such as AI usage and third-party tools. IT Technical Security Work with IT and Security teams to research new technologies and integrations. Support technical security initiatives and projects. Conduct data flow mapping and architecture documentation. Assist in evaluating system integrations (for example applications connected to CRM platforms). Audit Compliance Support ongoing security and compliance programmes including ISO/IEC 27001 and SOC 2. Assist with internal audit activities and control checks. Help maintain documentation and evidence required for audits and certifications. Required Skills: Experience working with similar roles, ideally in IT support, security operations, compliance, or internal audit. Good understanding of core IT and security concepts such as: Endpoint management Identity and access management APIs and integrations Ability to work across multiple teams and communicate effectively with both technical and non-technical stakeholders. Strong organisational skills and ability to manage projects and documentation. Comfortable handling both operational tasks and more complex security projects. Ability to build strong internal relationships and collaborate across departments. Pragmatic and solution-oriented approach to information security. Experience working with or evaluating AI tools and products Candidates should ideally have: A relevant qualification in Information Security, IT, Cybersecurity, or Computer Science, or Relevant professional certifications (or working toward them), such as: ISO 27001 Lead Implementer / Lead Auditor CISA or similar Equivalent hands-on experience in IT, security, or audit roles will also be considered. Nice to Have: Experience with security audits or compliance frameworks such as ISO 27001, SOC 2, FedRAMP ISO 42001 Familiarity with ticketing or workflow tools such as Jira. Exposure to vendor risk management or supplier due diligence. Benefits: Equity as we want you to have a part of what we are building Unlimited Time Off Policy- A work-life balance and focus on our well-being are critical Budget to set up your home office upon joining Annual learning budget to drive your performance and career development Comprehensive Private Health Insurance through Advancecare ... (truncated, view full listing at source)