Information Security Analyst – Information Security

**Information Security Analyst** Reporting to the Information Security Manager, you’ll support all aspects of **security**, **risk**, **compliance**, and **awareness**, while also acting as **Deputy Security Officer** for PKI and Certificate Authority operations. This is a hands-on role in a highly trusted environment where security underpins every business activity.* Operational implementation and maintenance of the Information Security Management System (ISMS) ensuring that controls, processes, and standards are complied with, maintained, current and effective* Reporting of any weaknesses, vulnerabilities, non-conformities or behaviours that undermine the high assurance levels expected of and by Entrust* Proactively identifying InfoSec improvements, efficiencies, savings and benefits* Acting as Deputy Security Officer for the Trust Service Centres (TSC), supporting the Company Security Officer, ensuring that corporate policy and local standards and procedures are upheld and maintained to protect Trust Services* Ensuring conformity to external standards such as ISO27001:2022, tScheme, Cyber Essentials Plus and WebTrust* Daily interaction with the MSO, providing subject matter expertise support, guidance and advice* Supporting security enforcing events such as Key Signing Ceremonies (KSC), Hardware Security Module (HSM) operations, CA builds and off-site Trust Services. Activities include:* Preparation and administration of all artefacts and components required for such activities (documentation, tokens, auditable items, tamper evident containers)* Management, collection and transfer of all security artefacts and components* HSM management* Preparation of security enforcing and audit events* Audits of security artefacts (on-site & off-site)* Analysis of customer-specific security compliance requirements and advising the relevant business owner regarding delivery of such controls* Supporting risk assessments in accordance with the Corporate risk policy and customer requirements* Supporting all internal and 3rd party audits, both in preparation and attendance* Supporting the management and maintenance of all local security and relevant standards, procedures and process ensuring ongoing compliance with requirements* Developing and delivering local security awareness campaigns, training and briefings* Managing secure destruction and disposal of information assets (paper and media), decommissioning of CA/PKI and related components, in accordance with PKI policy and data retention policy and standards* Coordinating maintenance of technical security and environmental controls such as Alarms, CCTV, Cooling systems, Standby Generator, and Access Control Systems* Supporting Business Continuity and Disaster Recovery (BCDR) plans, tests and maintenance* ISO27001 Lead Implementer or Lead Auditor certification* Minimum 3 years’ experience in Information Security, including hands-on involvement in managing security programmes* Ability to meet Entrust’s pre-employment screening requirements* Professional security qualifications (e.g. CISM or equivalent)* Strong written and verbal communication skills, with the ability to explain technical concepts clearly* Self-motivated, process-driven, and detail-oriented* Critical thinker with a commitment to delivering high-quality outcomes* Industry certifications such as CRISC, NCSP, CPSA, CEH* Familiarity with security frameworks and standards (ISO27001, Cyber Essentials, NIST 800-83, JSP 440)* Experience with SIEM and/or vulnerability scanning tools (e.g. Splunk, Rapid7 Nexpose etc)* Understanding of PKI management practices and trust standards (tScheme, eIDAS, ETSI)* Experience of Threat and Vulnerability Management* Risk assessment and/or Management experienceAt Entrust, we don’t just offer jobs – we offer career journeys. Here is what you can expect when you join our team:Flexibility: Life is all about balance. Whether you’re remote, hybrid, or on-site, we offer flexible options that fit your lifestyle.