Information Security Analyst (GRC)

Information Security Analyst (GRC)

Are you passionate about driving information security to new heights?
We are seeking an Information Security Analyst (GRC) to join a leading law firm in London. In this role, you will implement crucial information security tasks, supporting the Head of Information Security (CISO) navigating two key streams in the organisational structure: Policy & Compliance and Operations.

The role offers hybrid working, 3 days a week in the London office.

Roles and Responsibilities:

• Assess vendor security aligned with ISO27001, NIST, CIS, and Cyber Essentials.
• Manage policy updates, risk tracking, and certification programs.
• Maintain information security tools and reporting activities.
• Support internal and external audits.
• Collaborate for tests, vulnerability uncovering, and audit trail.
• Drive security-by-design and incident management.

Qualifications and Experience:

• CISA, ISO/IEC 27001 Lead Auditor, or Implementer qualification.
• Experience in Audit, Risk programs coordination.
• CISSP, CISM, CISA or ISO certifications advantageous.
• Strong background in information security and risk.
• Proficiency in network testing, firewalls, SIEM, etc.
• Ability to mitigate vulnerabilities, manage patches.
• GRC experience in Infrastructure or Audit roles.

If you are ready to elevate your career in Information Security with a dynamic and forward-thinking firm, we invite you to click 'apply’ now.