Data protection cybersecurity and secure nerwork concept data protection gdrp glowing

IT Security Analyst

A leading law firm who are a one-stop shop for expert legal advice, with 5 offices spanning the north of England are continuing with their rapid growth and are now looking for an Information security analyst to join their Spalding and Nottingham locations.

The role of the Information Security Analyst is to ensure the confidentiality, availability, and integrity of information systems and data. You will be acting as the focal point for the coordination of policy, procedure, monitoring, the effective use of controls, audit, testing, incident management and user education and maintaining awareness of current and emerging risks and provision of advice in terms of relevant controls and security standards.   You will be working closely with in house IT, managed service providers and the business to ensure the effective operation of security the Information Security Management System without unduly impacting the efficiency of the business.

Responsibilities Include:

  • Carrying out regular system health check and maintaining records of security incidents ensuring any required fixes/investigations/preventative measures are completed to maintain a high-security standard
  • Implementation and ongoing management of appropriate security controls to protect information systems and data.
  • Patch management to ensure patches are deployed in a timely manner while understanding business impact.
  • Working with the managed service providers to undertake regular vulnerability testing. Reviewing findings and act as necessary.
  • Undertaking internal audits as part of ISO27001 to evaluate the effectiveness of existing controls and make recommendation for improvement.
  • Conducting risk assessments on a scheduled basis and as directed by QCC/Management Board, including any associated controls and their effectiveness
  • Maintaining current awareness in relation to information security trends and security standards, making recommendation as appropriate.
  • Advising on appropriate information security training for end users to help maintain ongoing awareness of risks and preventative measures.

Skills and experience required:

  • Comprehensive understanding and technical knowledge of mainstream operating systems and security technologies.
  • Strong knowledge of information security principles, systems of governance and best practises including ISO27001, Cyber Essentials Plus, PCI DSS, GDPR
  • A practical good working knowledge of security technologies such as network and application firewalls, intrusion prevention, anti-virus, email and web security, endpoint security and security policy management
  • Working experience (configuration & administration) of VLANs, VPN, Mimecast, Tessian, Microsoft security solutions would be beneficial
  • Relevant applicable qualifications would be beneficial
  • Excellent written and verbal communication skills, able to work independently and as part of a team, organised, structured with excellent attention to detail.  Resilient and self-motivated, with a positive attitude


The Firm will offer the successful candidate a very competitive salary, bonus and benefits package and provide them with a clear guide for career progression.

Website Job Registration - Listing Pages