Information Security Audit & Compliance Analyst – 12 months - £600 per day II35
Our client, an enterprise corporation that partners with a number of media, telecommunication and entergy companines worldwide is hiring a Information Security Audit & Compliance Analyst on a contract basis paying £600 per day Inside IR 35 on 12 month contract basis with hybrid working in Winchester 2/3 days we week.
Reporting to the Information Security Compliance Officer, you will be responsible for ensuring the organisation's compliance with all relevant information security, legal regulations, contractual obligations, and industry best practice. The role will focus on compliance-related activities both internally and externally, including support for conducting audits, coordinating, and managing customer and supplier audits, and overseeing general compliance activities within customer contracts. Working collaboratively as part of the wider information security team, you will also participate in ongoing continual improvement activities.
Core responsibilites:
Conduct regular security audits to assess the effectiveness of the organization's security controls, identifying risks and ensuring they are completed on time, and to a high standard ISO27001:2022
Document and report on audit findings and recommendations to relevant stakeholders
Provide support to the ISCO on projects and bids from a security compliance and assurance perspective
Monitor regulatory changes and updates to ensure the organization remains compliant with all relevant requirements
Support in implementing Arqiva’s ongoing Security compliance regime, working with InfoSec colleagues and technical stakeholders to continuously assess, quantify and report on the successful and effective compliance across the business with relevant standards, policies, and security frameworks
Undertake regular assessment of customer contractual security obligations and highlight any non-compliance
Coordinate with third party suppliers and the GRC Third Party Analyst to ensure supplier audits are undertaken
Core technical requirements:
Industry knowledge of Telecommunication, Media or Energy would be highly advantageous.
Experience in information security compliance
Experience/Knowledge of the Telecoms Security Act (2022) and subsequent secondary legislation, The Electronic Communications (security measures) Regulations 2022 and Telecommunications Security Code of Practice
Knowledge/Experience of the Smart Energy Code (SEC) obligations an advantage
Good understanding of Risk Management
Strong knowledge of relevant regulations and standards (e.g., ISO 27001, GDPR (General Data Protection Regulation), NIST (National Institute of Standards and Technology) (National Institute of Standards and Technology)
Experience in conducting audits
Excellent communication and stakeholder management skills
Strong analytical and problem-solving skills
Professional certifications (e.g., CISA, CISSP, CISM, CISMP, ISO27001 Lead Auditor/Implementor) an advantage
The ability to demonstrate a proactive and continual compliance approach
Able to translate Information Security and IT risk language into business language
Information Security Audit & Compliance Analyst – 12 months - £600 per day II35