Information Security Analyst

Moneybox is growing and maturing as a technology-led financial services business, all whilst the cyber threat landscape is constantly evolving. This role will be helping to implement and maintain a second line of defence Information Security function delivering across the breadth of the business. You will be able to combine technical expertise with strong personal qualities to effectively protect our information assets.

The role will suit an ambitious analyst who wants to drive and improve processes, take ownership, and champion security across the business.

What you'll do

• Uphold and enforce information security standards and policies, serving as a primary resource for internal stakeholders championing all things Information Security across the business.
• Assist Moneybox in achieving and maintaining industry-recognised certifications such as Cyber Essentials, NIST CSF, and, eventually, ISO 27001.
• Identify and manage risks in accordance with the enterprise-wide risk framework to ensure the triage, review, and ongoing management of information security risks.
• Conduct third-party due diligence to ensure Moneybox's standards are upheld throughout our supply chain.
• Collaborate with Workplace Technology on vulnerability management, build reviews, user access reviews, and security controls to ensure the cybersecurity of our IT systems.
• Maintain the Information Asset Register and other trackers to stay current on documentation and evidence of controls.
• Triage and respond to information security incidents (e.g., phishing, lost laptops, DLP alerts) to maintain Moneybox's resilience against threats.
• Act as a deputy for the Information Security Manager when necessary.
• Collect information for governance meetings, attending and presenting as required.
• Gather and disseminate actionable threat intelligence to keep information security current with new developments.
• Develop and implement information security training and awareness initiatives to educate employees.
• Operationalise and document new security processes as they are developed.
• Provide information security input for Data Protection risk assessments.
• Support compliance with regulatory requirements such as REP018, EBA Guidelines, and UK GDPR.

Who you are

• A driven, ambitious individual who’s looking to build their career at an exciting fast-growing company.
• A professionally inquisitive problem solver looking to enable the business to succeed without a heavy handed approach.
• Able to adjust to new technologies, evolving threats, and changing regulations, remaining focused and effective during security incidents.
• Naturally personable, great communicator who has a passion for their work and the people they work with 

• Excited about being part of a fast-growing company that’s trying to make a positive mark on the world 

• Knows have to have fun whilst maintaining a professional outlook

Experience and Skills

• Experience in information security management: This includes familiarity with industry-standard frameworks like NIST CSF, ISO 27001, or SOC2,
• Knowledge of risk management methods and third party risk management (TPRM)
• Practical knowledge of security technologies: The candidate should be comfortable with tools like Anti-Malware Solutions, DLP, Identity and Access Management, SIEM, and cloud technologies.
• Understanding of financial services and their regulatory environment: to align security measures with industry-specific requirements.
• Knowledge of the Software Development Lifecycle (SDLC): to help integrate security practices into the development process.
• Understanding of Data Protection/Privacy and ICO regulatory requirements: to help signpost the business towards the data protection team.
• Excellent communication and collaboration skills: The analyst must be able to clearly convey technical information to various stakeholders and work effectively across teams.