GRC Information Security Analyst – Fixed Term Contract Full Time NEW

Agilesource Ltd

AgileSource are looking for a skilled Information Security Analyst to help deliver governance, risk, and compliance (GRC) services for a key client engagement.

In this role, you’ll collaborate with senior business stakeholders, technical teams, and security leaders to support the organisation in enhancing its cyber security maturity. You’ll contribute to risk management practices, compliance activities, and broader security governance, while assisting with the implementation and upkeep of recognised industry frameworks and standards

This position suits a security professional who is comfortable working in a client-facing capacity and can offer practical, risk-based guidance to a variety of audience

Key Responsibilities

• Assist in delivering cybersecurity governance, risk, and compliance activities aligned with recognised frameworks such as ISO 27001, NIST Cybersecurity Framework, Cyber Essentials, and GovAssure
• Perform information security risk assessments across business operations, projects, systems, and third-party providers
• Maintain and update risk registers, monitor mitigation activities, and support ongoing cyber risk management efforts
• Develop and maintain security documentation, including policies, standards, audit artefacts, assessment outputs, and senior-level reporting
• Support internal and external audits, control assessments, and compliance reviews
• Engage with stakeholders across technical teams, programme delivery functions, and leadership to gather requirements, collect evidence, and support security initiatives
• Contribute to supplier security assessments and third-party risk processes
• Support the evolution of security governance frameworks, processes, and control environments
• Help embed secure-by-design principles, data governance practices, and security standards across transformation, recovery, and operational initiatives
• Participate in organisational security governance activities, including awareness, reporting, and risk communication

Essential:

• 3-5 years’ experience in information security, cyber risk, IT audit, compliance, or a related discipline
• Proven experience conducting risk assessments and evaluating security controls
• Strong understanding of governance, risk management, and compliance concepts
• Working knowledge of ISO 27001 and Information Security Management Systems (ISMS)
• Familiarity with frameworks such as NIST CSF and Cyber Essentials
• Experience contributing to audit or assurance engagements
• Strong communication and stakeholder management skills
• High standard of written documentation and reporting
• Ability to translate technical security concepts for non-technical audiences
• Willingness to be onsite in London 2-3 days per week

Desirable

• Experience within the public sector, government, regulated industries, or large enterprise environments
• Awareness of GovAssure and public sector security expectations
• Exposure to cloud platforms such as Microsoft Azure and AWS
• Experience using GRC tools or risk management platforms
• Understanding of security architecture or secure-by-design methodologies

Certifications

The following certifications would be advantageous:

• ISO 27001 Lead Implementer or Lead Auditor
• CompTIA Security+
• CGRC (Certified in Governance, Risk and Compliance)
• CRISC (Certified in Risk and Information Systems Control)
• CISSP (or Associate level)