Information Security Analyst

Hybrid – Nottingham (1 day per week onsite) Full-time, 40 hours per week (Mon–Fri, 9am–5pm)

Salary: £35,000 - £40,000 depending upon experience

Are you a pragmatic, detail-driven security professional who enjoys turning standards into practical security controls and helping teams understand and manage risk? If you’re confident collaborating across departments, producing clear reports, and strengthening an organisation’s security posture through measurable improvements, this role could be a great fit.

We’re looking for an Information Security Analyst who can balance governance, risk, compliance, and hands-on operational security activities.

In this varied and impactful role, you’ll help operate and continuously improve our Information Security Management System (ISMS) while supporting risk management, compliance, and audit readiness across the business. Your work will span policies, controls, assessments, awareness, and metrics.

You will:

• Maintain and update ISMS policies, standards, and procedures
• Coordinate internal and external audits (including Gambling Commission security audits) from planning to closure.
• Run the risk management process, keeping registers and treatment plans accurate
• Support PCI DSS compliance activities and associated evidence collection
• Manage and track vulnerability scanning and remediation across systems
• Assist with incident response, triage, evidence collection, and post-incident reviews
• Work with IT and MSPs to improve security controls, alert quality, logging, and SIEM coverage
• Conduct supplier due diligence and review third-party security documentation
• Deliver targeted security awareness training and publish practical guidance
• Produce monthly and quarterly reports on risk, vulnerabilities, audits, and incidents

This is a collaborative, business-wide role where you’ll help embed security into everyday operations and ensure controls remain effective and well-documented.

• Help@Hand – 24/7 access to GPs, mental health support, and more for you and your family
• Thrive App – NHS-approved mental wellbeing support
• Buzz Brights Apprenticeships & Buzz Learning – access to 100s of online courses
• Buzz Brilliance Awards – employee recognition scheme
• 5 weeks annual leave plus public holidays (pro-rated for part-time roles)
• Holiday Buy Scheme – purchase an extra week of holiday (eligibility applies)
• 50% staff discount on bingo tickets, food, and soft drinks
• Refer a Friend Scheme
• Life Assurance & Pension Scheme
• Access to trained Mental Health Advocates

• We’d love to hear from you if you have:
• Working knowledge of ISO/IEC 27001 (risk, audit cycles, controls, evidence)
• Understanding of PCI DSS requirements and SAQ/attestation processes
• Awareness of NCSC best-practice guidance (cloud, phishing, access control, incident management, etc.)
• Experience producing clear, concise reports and presenting to stakeholders
• Ability to translate technical findings into practical remediation actions
• Strong communication skills and confidence working with IT, suppliers, and business teams
• An organised, methodical approach with great attention to detail