Senior Information Security Analyst JM RQ1640948
| Posting date: | 11 November 2025 |
|---|---|
| Salary: | £28.49 per hour |
| Additional salary information: | per hour PAYE |
| Hours: | Full time |
| Closing date: | 10 December 2025 |
| Location: | Watford, WD18 8AG |
| Company: | Triumph Consultants Ltd |
| Job type: | Temporary |
| Job reference: | JM RQ1640948 |
Summary
What's involved with this role:
Role: Senior Information Security Analyst
Ref: JM RQ1640948
Pay Rate: £28.49 per hour PAYE
Contract Length: 3 months may be extended
Hours per week: 35
Location: Remote/Homebased
A basic DBS is required for this role, candidates will need to obtain this prior to starting
Our client is seeking an experienced Senior Information Security Analyst to provide immediate support to their Information Security team. This role is a hybrid of technical security analysis and governance, risk, and compliance (GRC) activities.
The successful candidate will play a key role in assessing risks, reviewing supplier and project security documentation, responding to security questionnaires and tenders, supporting incident investigations, and helping to maintain the organisation’s security posture and compliance with relevant standards (Cyber Essentials Plus, ISO 27001, DSPT, GDPR, NCSC).
This is a hands-on delivery role for someone who can work independently, make sound judgements, and communicate clearly with both technical and non-technical stakeholders.
Key Responsibilities:
Security Governance & Risk
Conduct security risk assessments for systems, projects, and suppliers, and document findings in a consistent and evidence-based way.
Review, respond to, and attest security questionnaires and tender submissions from vendors and partners.
Support and track remediation actions arising from risk assessments, audits, or incidents.
Assist with the maintenance and review of the Information Security Risk Register and associated controls.
Support compliance with ISO 27001, Cyber Essentials Plus, and Data Security & Protection Toolkit (DSPT) requirements.
Provide input to security policies, standards, and process improvements.
Technical Security Oversight
Collaborate with IT and Security partners to review alerts, vulnerabilities, and incidents; provide risk-based recommendations.
Review and validate security configurations for technology stack, endpoint protection, DLP, and other key platforms — advising on improvement actions rather than performing hands-on configuration.
Support technical teams in vulnerability and patch management, and assess the impact of critical vulnerabilities on the organisation’s environment.
Participate in post-incident reviews and support lessons-learned reporting.
Provide security input to change reviews and technical design discussions when required.
Conduct and document third-party risk assessments for new and existing suppliers.
Evaluate supplier responses and evidence against the organisation’s security requirements and standards.
Identify and escalate high-risk findings and track mitigation progress.
Support procurement and legal teams with security clauses and data protection considerations in contracts.
Provide practical, proportionate advice to projects and business teams on information security and data protection.
Promote good security practice and awareness within the organisation.
Support the Head of Information Security in incident briefings, reporting, and communication with senior stakeholders.
Skills & Experience Essentials:
5+ years’ experience in Information Security roles combining technical and GRC activities.
Strong understanding of cloud and network security (preferably Microsoft stack: M365, Azure, Defender, DLP, Conditional Access).
Demonstrated experience reviewing security questionnaires, tenders, and supplier assurance evidence.
Good knowledge of risk assessment methodologies (ISO 27005, NIST RMF, or equivalent).
Working familiarity with ISO 27001, Cyber Essentials Plus, DSPT, and GDPR requirements.
Experience interpreting vulnerability scan results and prioritising remediation.
Strong written communication skills for drafting risk reports, supplier reviews, and executive summaries.
Excellent stakeholder engagement skills — able to explain technical concepts in plain language.
Desirable:
Relevant certifications such as CISSP, CISM, CRISC, CEH, CompTIA Security+, or equivalent experience.
Experience working in healthcare, charity, or public sector environments.
Familiarity with NCSC CAF and NHS DSPT frameworks.
Experience working with SOCs and incident response partners.
We will also add your details to our mail out lists. Please note you may receive details of roles outside of your immediate vicinity, as many candidates are able to relocate temporarily for work. Please disregard any such emails that are not of interest and let us know if you would rather not receive such mailouts and/or if you wish us to delete your details and prefer to apply direct to our advertised roles.
If you do not hear from us within three working days, unfortunately your application has not been shortlisted on this occasion. Thank you for your interest in working with us
Please quote the Job Title & Vacancy Reference No. in your application, or we will be unable to match your CV to the role being applied for.
1
Job Ref: JM RQ1640948
Anticipated Length of Assignment: Unless otherwise stated (we do carry the occasional permanent vacancy) all of our roles are technically temporary, though opening assignments can be and often are, extended by clients on a longer term basis and can sometimes become permanent.
Please do try to resist contacting us with requests for progress updates.
We really do read every CV sent to us. All applications will be acknowledged by a human, not a robot, provided the job remains live and provided your CV meets the “Essential Requirements” listed.
Please note that we do our level best to take down ads as soon as roles have been filled. We are not in the business of harvesting CVs.
Important: We will interpret your application as being permission to submit your CV to this role (with the right to represent you) unless you advise us to the contrary.