Job Description

Information Security Analyst
Application Deadline: 19 February 2026
Department: IT
Employment Type: Permanent - Full Time
Location: London
Description
The Information Security Analyst is a key member of the Information Security team, responsible for cyber and information security across the business.
The role is operationally focused, with responsibility for maintaining the organisation's security baseline while supporting audit, assurance, and advisory activities. The scope is broad and hands-on, providing exposure to a wide range of security controls, technologies, and business processes.
The Information Security Analyst operates in a dynamic operational environment where priorities can change quickly. Work frequently involves handling interruptions to respond to incidents and balancing multiple competing demands. While the role is demanding, it is achievable with the right approach and provides strong opportunity to develop operational judgement and security fundamentals.
Analysts are supported through regular team engagement, documented processes, and access to senior team members. In return, the role expects initiative, sound judgement, and the ability to carry out initial investigation and analysis before seeking review or escalation.
The role reports directly to the Head of Cyber and Information Security.
Key Responsibilities
Security Operations & Incident Response
This area of the role provides direct exposure to live security events and operational decision-making, forming a core part of the organisation's defensive capability.
Act as the first point of review for security alerts, performing triage to distinguish genuine security incidents from false positives or low-risk events.
Investigate security events, gather context, and escalate or resolve where appropriate with clear analysis and recommended actions.
Support incident response activities, recognising that incidents override planned BAU and project work.
Maintain calm, structured decision-making under pressure and document actions and outcomes clearly.
Security Baseline Monitoring & Maintenance
This area of the role is responsible for maintaining the organisation's day-to-day security baseline, ensuring that security controls remain effective, monitored, and understood across the environment.
Operate and monitor key security controls that underpin the organisation's security baseline.
Analyse security control outputs to assess risk and control effectiveness.
Track and coordinate corrective actions with technology teams, escalating where control weaknesses persist.
Support audit and assurance activities by providing operational evidence and control status.
Security Assurance & Advisory
This area of the role provides exposure to how security risk is assessed and managed across IT and the wider business, supporting informed decision-making without unnecessary friction.
Conduct defined elements of, and support, security assessments of internal applications, third parties, and business initiatives.
Provide pragmatic security guidance to teams across IT and the wider business (with support from senior team members where appropriate), enabling delivery.
Support audit and assurance activities in line with team priorities.
Operational Discipline & Ownership
This area of the role underpins the team's ability to operate with autonomy and trust, ensuring security work is visible, traceable, and completed to a professional standard.
Maintain accurate, high-quality ticket handling and documentation across operational and task-planning tools, including clear status updates and next actions.
Progress work to a review-ready standard before escalation.
Own assigned issues end-to-end, ensuring clear communication and closure with minimal day-to-day oversight.
Working Environment & Support
This area of the role describes how the team operates day to day, balancing a demanding operational environment with structured support, collaboration, and opportunities to develop judgement and confidence. The role involves frequent interruption and competing priorities, as security alert triage takes precedence over most tasks.
The role operates within standard UK business hours. Flexibility is expected to respond to incidents or priority issues when required; however, this is not a shift-based or continuously on-call role.
The role is primarily remote but does require occasional travel to head office in Central London and other sites as needed. The candidate must be based within a reasonable travel distance to Central London to support this.
Formal support includes daily team stand-ups and scheduled one-to-one sessions, providing regular opportunity for guidance, review, and development.
Informal support is readily available; however, analysts are expected to consult internal documentation, perform initial research and analysis, and escalate with context specific information and proposed next steps.
Skills, Knowledge & Expertise
These requirements reflect the baseline experience and capability needed to operate effectively in a production environment with minimal supervision.
Experience gained in an IT operational role, with responsibility for supporting and maintaining business-critical systems and services (typically 3+ years).
Proven ability to operate independently in a production environment.
Strong understanding of security fundamentals, networking, and common attack patterns, with the ability to apply this knowledge in an operational context.
Experience interpreting security tooling output and translating it into actionable risk.
Clear written and verbal communication skills suitable for both technical and non-technical audiences, including the ability to clearly document findings, decisions, and actions in operational tracking systems.
Strong organisational skills and the ability to manage your workload and multiple priorities effectively.
Desirable Experience
The following experience is beneficial but not essential and is intended to support faster ramp-up and broader exposure within the role.
Relevant security certifications (e.g. Security+, SSCP, or equivalent), where supported by applied experience.
Experience in retail or similarly complex, distributed environments.
Experience working with a wide variety of cybersecurity tooling (e.g. SIEM, vulnerability management, endpoint security, or email security gateway platforms).
Job Benefits
What's in it for you?

• Fully remote, working from home with office visits (London HQ) to a minimal - once per month
• Competitive salary
• 50% staff discount & 25% for family and friends
• Holiday allowance
• And other company benefits including pension and private healthcare, eligible after a probationary period

Skills Required