Information Security Compliance Analyst

Job Description

What will you be doing?

We’re seeking a talented individual to join our team in Liverpool, which is responsible for the execution of day-to-day information security risk management activities and the enhancement of the overall effectiveness and efficiency of the information security risk management capabilities across the Evelyn Partners Enterprise.

You will play a crucial role in ensuring our organisation's compliance with information security standards and frameworks, particularly Cyber Essentials, ISO 27001 and NIST Cybersecurity Framework (CSF) v2.

As Information Security Compliance Analyst, your responsibilities will include among others:

• Define, develop, and maintain security best practice by implementing technical standards, policies, and processes, and providing expert advice to stakeholders to ensure regulatory and legal compliance.
• Drive continuous improvement of the security posture through internal and external cybersecurity collaboration, actively contributing to industry and partner engagements.
• Prepare and present clear, actionable security reports, including risk metrics, trends, findings, and ratings, to inform decision‑making by senior stakeholders.
• Lead information security risk management activities, including risk assessments, control reviews, residual risk evaluation, and recommending mitigating actions; maintain and manage the security risk register.
• Identify and assess emerging and existing information security risks using internal sources (e.g. audits, penetration tests) and external intelligence (e.g. threat feeds, industry advisories), ensuring risks to confidentiality, integrity, and availability are effectively managed.
• Support compliance and engagement initiatives by managing ISMS activities, audits, certifications (e.g. ISO 27001, Cyber Essentials, NIST CSF), and working closely with internal teams and security partners to embed a strong, risk‑aware security culture.