Information Security Analyst

Job Title: Information Security Analyst3 Days onsite per week (London) + Day rate up to £500 (Umbrella)Client Overview:Our partner is a leading global commodities firm distinguished for its excellence in Energy and Metals sectors. We are in search of a Cyber Security Business Analyst who comprehends the integration of Infrastructure IT with Information Security.Position Overview:The Information Security Analyst will play a key role in enhancing our client's incident response capabilities, overseeing the deployment of security tools, and contributing to strategic security projects such as evaluating the firm's readiness for a SOC & SIEM, if applicable participating in the design and development of the SOC/SIEM, gearing towards ISO27001 and setting up a TVM and PAM Solution, as well as improving policies and standards and setting KPIs & KRIs.Skills & Experience:Over 5+ years experience in cyber and information security roles, 1 year plus in regulated industry.Strong communication and interpersonal skills with the ability to work effectively across departments.Proficiency in technical writing and the ability to translate complex security concepts for non-technical stakeholders.Knowledge of high-availability architectures and infrastructure systems.Up-to-date understanding of cybersecurity threats, regulatory standards (e.g., PCI DSS, GDPR), and industry best practices.Familiarity with data protection, encryption, and access control mechanisms.Expertise in various information security domains, including risk management, secure development lifecycle, vulnerability management, and third-party risk management.Key Responsibilities:Lead the implementation and ongoing management of the Threat and Vulnerability Management program, including the triage of critical vulnerabilities, stakeholder reporting, and follow-up on remediation efforts.Support the enhancement of security policies and documentation, ensuring they meet current requirements and oversee their implementation.Assist in aligning the organisation with security frameworks such as ISO 27001 and Cyber Essentials+Participate in the design and potential implementation of a Security Information and Event Management (SIEM) system, and assess the need for an in-house or outsourced Security Operations Center (SOC).Oversee the deployment of a Privileged Access Management (PAM) solution, coordinating with relevant teams and managing KPI reporting.Develop and deliver regular security metrics and key performance indicators for executive reporting.