Cyber Security Compliance Analyst

Cyber Security Compliance Analyst – Inside IR35
Contract Term: 12 Months
Contracting Authority: UK Research and Innovation (BEIS UKRI)
Location: Remote
UKRI is looking for a cyber security Compliance and Policy analyst to join the organisations Information Security Function; responsible for promoting, encouraging and supporting the safe and secure use of Information and ICT by UKRI staff, scientific facility users and collaborators. The role will be critical for balancing the BAU/ project resource demand and appropriate prioritisation. The role will be responsible for delivering a range of risk and compliance services including cyber security risk management, third party security due diligence reviews, ensuring compliance with legal, regulatory and relevant security policies and standards. The position will assist with the production of risk assessments, contract reviews/assessments, audit and contingency planning, and evidence gathering. This position shall coordinate audit gap-analysis and remediation efforts. You will also support the cyber security awareness and training activities of the function. The role will report to the Compliance and Policy Lead, and the role and team will be part of a wider Information Security Risk and Compliance group that supports all areas across UKRI.
This key role provides a great opportunity to join a team in an organisation at the heart of research and innovation in the UK, providing you with a rewarding, fast-paced role, and a superior foundation for building a professional cyber security career – to learn and grow in the profession.
As a Cyber Security Compliance Analyst your main responsibilities would be: 
•    Implement and maintain third party information security assurance and risk management standards and processes.
•    Conduct due diligence and assessments of third party security controls and posture.
•    Collate, analyse, and track evidence provided and gathered via direct and indirect external sources to understand information risk in the supply chain.
•    Work with the Legal and Contract teams to ensure third party contracts and service agreements contain adequate clauses to protect information and information processing services.
•    Manage the supplier security and privacy assurance process including pre and post contract assessments of suppliers.
•    Make recommendations to, and work with, third parties to improve their information security standards and controls.
•    Improve on the current continuous assessment platform and bring innovation with new tooling to improve processes.
•    Assist with implementation, monitoring and assurance reviews of IT security controls.
•    Maintain information security frameworks, policies, standards and guidelines.
•    Conduct regular formal reviews of policies and standards with key stakeholders to ensure continued appropriateness and completeness.
•    Implement process improvements and efficiencies as defined by the agreed service improvement plans.
•    Assist with the definition and enforcement of configuration standards and policies for security technologies.
•    Conduct research and provide recommendations on emerging threats in support of security enhancements and process improvements.
•    Support the function’s security awareness and training programme ensuring it meets all industry regulations, standards, and compliance requirements and engages employees to understand and adopt the principles in the manner which they work.
•    Support the evolution and content definition of the security awareness programme to incorporate and address emerging technologies and risks.
•    Generate monthly reports that measure employee engagement with cyber security awareness training and trends.
•    Work in close co-operation with operational, IT teams and other stakeholders across the organisation to ensure the confidentiality, integrity and availability of information assets are suitably protected, best practice is adopted, and threats mitigated.
•    Act as the subject matter expert and first point of contact for all information security risk, compliance, and assurance matters.
•    Conduct information security assessments on operations, projects, and engagement with third parties, and provide design advice to ensure information security and data protection controls are built into an appropriate level at the outset.
•    Contribute to the information security risk management framework across the organisation.
•    Support the compliance with various frameworks such as NIST Cyber Security Framework and Governments Cyber Assessment Framework.
•    Help coordinate the development and monitoring of information security remediation plans.
•    Produce regular reports of the measures of the organisation’s state and quality of information security for management and other stakeholders, emphasising trends and highlighting exceptions from norms and root causes as appropriate.

You’ll have relevant experience in:

•    Have a minimum 3 years’ experience in information security or risk management roles.
•    Experience working within an ICT environment.
•    Experience in the development and continuous improvement of security policy, frameworks and methodologies to ensure the optimum operation and performance within a complex environment.
•    Experience of performing security assessments for IT systems / processes.
•    Experience in information security and assurance disciplines.
•    Capabilities in ISO/IEC 27001 and NIST information security management frameworks.
•    Experience in maintaining ISMS policies and process documents.
•    Knowledge and awareness of emerging security trends and security threats and their applicability to a public sector organisation.
•    Knowledge of and experience working with relevant legislation, public sector policy and guidelines
•    Understanding of risk management framework(s).
•    Self-management – accurately prioritises demands, manages multiple demands without affecting outcomes, structures and organises work effectively, allocates and uses time efficiently.
•    Ability to communicate complex technical information to the understanding of a layperson.
•    Excellent relationship/stakeholder management skills able to establish, build and maintain relationships at all levels of an organisation.
If this role sounds like something that you would be interested in, please click the link to apply and get in touch with karl.robinson@publicsectorresourcing.co.uk 

In applying for this role, you acknowledge the following, this role falls in scope of the Off Payroll Working in the Public Sector legislation. Any rates of payment quoted will reflect the gross rate per day for the assignment and will be subject to appropriate taxes and statutory costs. As such the payment to the intermediary and your income resulting from this contract will be different.

Please be aware that this role can only be worked within the UK and not Overseas.