Information Security Analyst
| Posting date: | 29 January 2026 |
|---|---|
| Salary: | £35,000.00 to £40,000.00 per year |
| Additional salary information: | Up to £40,000 depending upon experience |
| Hours: | Full time |
| Closing date: | 26 February 2026 |
| Location: | Nottinghamshire, NG7 1TN |
| Company: | Buzz Group |
| Job type: | Permanent |
| Job reference: | ORG4247-NB1488650NotISA |
Summary
Information Security Analyst
Hybrid – Nottingham (1 day per week onsite) Full-time, 40 hours per week (Mon–Fri, 9am–5pm)
Salary: £35,000 - £40,000 depending upon experience
Are you a pragmatic, detail-driven security professional who enjoys turning standards into practical security controls and helping teams understand and manage risk? If you’re confident collaborating across departments, producing clear reports, and strengthening an organisation’s security posture through measurable improvements, this role could be a great fit.
We’re looking for an Information Security Analyst who can balance governance, risk, compliance, and hands-on operational security activities.
What you’ll be doing
In this varied and impactful role, you’ll help operate and continuously improve our Information Security Management System (ISMS) while supporting risk management, compliance, and audit readiness across the business. Your work will span policies, controls, assessments, awareness, and metrics.
You will:
Maintain and update ISMS policies, standards, and procedures
Coordinate internal and external audits (including Gambling Commission security audits) from planning to closure.
Run the risk management process, keeping registers and treatment plans accurate
Support PCI DSS compliance activities and associated evidence collection
Manage and track vulnerability scanning and remediation across systems
Assist with incident response, triage, evidence collection, and post-incident reviews
Work with IT and MSPs to improve security controls, alert quality, logging, and SIEM coverage
Conduct supplier due diligence and review third-party security documentation
Deliver targeted security awareness training and publish practical guidance
Produce monthly and quarterly reports on risk, vulnerabilities, audits, and incidents
This is a collaborative, business-wide role where you’ll help embed security into everyday operations and ensure controls remain effective and well-documented.
What You’ll Get in Return
Help@Hand – 24/7 access to GPs, mental health support, and more for you and your family
Thrive App – NHS-approved mental wellbeing support
Buzz Brights Apprenticeships & Buzz Learning – access to 100s of online courses
Buzz Brilliance Awards – employee recognition scheme
5 weeks annual leave plus public holidays (pro-rated for part-time roles)
Holiday Buy Scheme – purchase an extra week of holiday (eligibility applies)
50% staff discount on bingo tickets, food, and soft drinks
Refer a Friend Scheme
Life Assurance & Pension Scheme
Access to trained Mental Health Advocates
What you’ll bring
We’d love to hear from you if you have:
Working knowledge of ISO/IEC 27001 (risk, audit cycles, controls, evidence)
Understanding of PCI DSS requirements and SAQ/attestation processes
Awareness of NCSC best-practice guidance (cloud, phishing, access control, incident management, etc.)
Experience producing clear, concise reports and presenting to stakeholders
Ability to translate technical findings into practical remediation actions
Strong communication skills and confidence working with IT, suppliers, and business teams
An organised, methodical approach with great attention to detail
#BB1
Hybrid – Nottingham (1 day per week onsite) Full-time, 40 hours per week (Mon–Fri, 9am–5pm)
Salary: £35,000 - £40,000 depending upon experience
Are you a pragmatic, detail-driven security professional who enjoys turning standards into practical security controls and helping teams understand and manage risk? If you’re confident collaborating across departments, producing clear reports, and strengthening an organisation’s security posture through measurable improvements, this role could be a great fit.
We’re looking for an Information Security Analyst who can balance governance, risk, compliance, and hands-on operational security activities.
What you’ll be doing
In this varied and impactful role, you’ll help operate and continuously improve our Information Security Management System (ISMS) while supporting risk management, compliance, and audit readiness across the business. Your work will span policies, controls, assessments, awareness, and metrics.
You will:
Maintain and update ISMS policies, standards, and procedures
Coordinate internal and external audits (including Gambling Commission security audits) from planning to closure.
Run the risk management process, keeping registers and treatment plans accurate
Support PCI DSS compliance activities and associated evidence collection
Manage and track vulnerability scanning and remediation across systems
Assist with incident response, triage, evidence collection, and post-incident reviews
Work with IT and MSPs to improve security controls, alert quality, logging, and SIEM coverage
Conduct supplier due diligence and review third-party security documentation
Deliver targeted security awareness training and publish practical guidance
Produce monthly and quarterly reports on risk, vulnerabilities, audits, and incidents
This is a collaborative, business-wide role where you’ll help embed security into everyday operations and ensure controls remain effective and well-documented.
What You’ll Get in Return
Help@Hand – 24/7 access to GPs, mental health support, and more for you and your family
Thrive App – NHS-approved mental wellbeing support
Buzz Brights Apprenticeships & Buzz Learning – access to 100s of online courses
Buzz Brilliance Awards – employee recognition scheme
5 weeks annual leave plus public holidays (pro-rated for part-time roles)
Holiday Buy Scheme – purchase an extra week of holiday (eligibility applies)
50% staff discount on bingo tickets, food, and soft drinks
Refer a Friend Scheme
Life Assurance & Pension Scheme
Access to trained Mental Health Advocates
What you’ll bring
We’d love to hear from you if you have:
Working knowledge of ISO/IEC 27001 (risk, audit cycles, controls, evidence)
Understanding of PCI DSS requirements and SAQ/attestation processes
Awareness of NCSC best-practice guidance (cloud, phishing, access control, incident management, etc.)
Experience producing clear, concise reports and presenting to stakeholders
Ability to translate technical findings into practical remediation actions
Strong communication skills and confidence working with IT, suppliers, and business teams
An organised, methodical approach with great attention to detail
#BB1