Information Security Analyst - Policy

Job Title: Information Security Analyst 3 Days onsite per week (London) + Day rate up to £500 (Umbrella) Our partner is a leading global commodities firm distinguished for its excellence in Energy and Metals sectors. We are in search of a Cyber Security Business Analyst who comprehends the integration of Infrastructure IT with Information Security. The Information Security Analyst will play a key role in enhancing our client's incident response capabilities, overseeing the deployment of security tools, and contributing to strategic security projects such as evaluating the firm's readiness for a SOC & SIEM, if applicable participating in the design and development of the SOC/SIEM, gearing towards ISO27001 and setting up a TVM and PAM Solution, as well as improving policies and standards and setting KPIs & KRIs. Over 5+ years experience in cyber and information security roles, 1 year plus in regulated industry. Proficiency in technical writing and the ability to translate complex security concepts for non-technical stakeholders. Up-to-date understanding of cybersecurity threats, regulatory standards (e.g., Familiarity with data protection, encryption, and access control mechanisms. Expertise in various information security domains, including risk management, secure development lifecycle, vulnerability management, and third-party risk management. Lead the implementation and ongoing management of the Threat and Vulnerability Management program, including the triage of critical vulnerabilities, stakeholder reporting, and follow-up on remediation efforts. Support the enhancement of security policies and documentation, ensuring they meet current requirements and oversee their implementation. Participate in the design and potential implementation of a Security Information and Event Management (SIEM) system, and assess the need for an in-house or outsourced Security Operations Center (SOC). Oversee the deployment of a Privileged Access Management (PAM) solution, coordinating with relevant teams and managing KPI reporting. Develop and deliver regular security metrics and key performance indicators for executive reporting.