Information Security Analyst

About the Role Environmental Resources Management (ERM) is a leading global provider of environmental, health, safety, risk, and social consulting services with 160 offices and over 8,000 staff members covering the entire spectrum of consulting services. ERM is committed to providing a service that is professional and of the highest quality to create value for our customers. ERM’s Global IT team is seeking a Cyber Security Compliance Analyst. This role will be a fixed shift (2-11) IST. In this role, you will play an essential role in managing information security governance, risk, and compliance. Key Accountabilities & Responsibilities 1. Client Requests and Contract Reviews: • Serve as a point of contact for client requests for information related to information security compliance. Must have deep understanding in this and provide detailed evidence-based responses. • Review contracts and agreements to ensure compliance with information security requirements and standards. • Attending client meetings and address their security concerns. 2. Third-Party Risk Management: • Manage third-party risk assessment processes, including vendor security assessments and due diligence. • Evaluate third-party security controls and assess their alignment with organizational policies and standards. 3. Exception Requests: • Review and evaluate exception requests related to information security policies and standards. • Assess the impact of proposed exceptions and make recommendations to management for approval or mitigation. Foundational Responsibilities These are foundational skills that all team members within the Cyber Operations team must have: 1. Compliance Management: • Assist in the development, implementation, and maintenance of the company's information security compliance program. • Ensure adherence to regulatory requirements, industry standards, and internal policies and procedures. • Conduct regular compliance assessments and audits to identify gaps and areas for improvement. 2. Governance Support: • Support the establishment and maintenance of information security governance frameworks, policies, and procedures. • Assist in the development of governance documentation, including charters, policies, standards, and guidelines. • Provide guidance and support to stakeholders on governance-related matters, ensuring alignment with business objectives. 3. Risk Management: • Assist in the identification, assessment, and mitigation of information security risks across the organization. • Conduct risk assessments and analyze security controls to ensure effectiveness and compliance with ISO 27001 requirements. • Collaborate with stakeholders to develop and implement risk mitigation strategies and action plans. 4. ISO 27001 Compliance: • Support the implementation and maintenance of ISO 27001 certification requirements. • Assist in the development and documentation of ISO 27001 policies, procedures, and controls. • Conduct internal audits to assess compliance with ISO 27001 standards and identify areas for improvement. 5. Security Awareness and Training: • Assist in the development and delivery of security awareness and training programs for employees. • Promote a culture of security awareness and best practices throughout the organization. Influence And Decision-Making Operating within practices and procedures covered by precedent or well-defined policies; end results will be subject to review. The job will contain a variety of activities and clear short-term objectives. The job holder may determine their own priorities whilst meeting clear outcomes. Explains policies, practices and procedures of the job area to parties within and outside of own job function. May have responsibility for communicating with parties external to the organisation (e.g., customers, vendors, etc.). Qualifications: • Bachelor's degree in Computer Science, Information Security, or a related field. • Lead Implementer Training ISO27001 Job specific capabilities/skills: • 3-4 years of experience in information security, compliance, or related field. • Strong English Verbal communication skills, including presentation skills, with an ability to communicate with a range of technical and non-technical team members and other relevant individuals. • Strong English Written communication skills, for example to write technical reports and reviews of Master Service Agreements. At ERM, sustainability is our business. We are the world’s largest advisory firm focused solely on sustainability, offering unparalleled expertise across business and finance. ERM partners with clients to operationalize sustainability at pace and scale, through our unique combination of strategic transformation and technical delivery capabilities. Our diverse global team of experts works with the world’s leading organizations to help them set clear sustainability targets, measure progress and operationalize strategy through deep implementation and business transformation. With more than 50 years of experience, our ability to integrate sustainability solutions and our depth and breadth of technical knowledge are why organizations choose to partner with us as their trusted advisor. Every one of us firmly believes in the potential to create value for our clients through an integrated approach to sustainability (because we have personally seen it and professionally achieved it). Our team members are passionate about client service. We work closely with our clients to help them operationalize their sustainability goals and meet their environmental, health and safety objectives while advancing ERM’s purpose through delivering tangible progress in what the United Nations coined The Decade of Action. Organizing our people across globally integrated communities of technical and strategic talent positions ERM to be a “boots to boardroom” leader in bringing that value creation to our clients, partners, and the world. We recruit exceptional professionals with a personal and professional passion for sustainability and nurture them to even greater success as specialists. We prepare our consultants to bring integrated, innovative and sustainable solutions to our clients and provide opportunities for ongoing development across a variety of subject areas related to technical, business, and personal growth. At ERM, effort pays off and becomes career defining work that leaves a positive imprint on our planet. ERM Homepage Explore All Open Roles Explore Early Careers Roles Explore Experienced Professional Roles Explore Partnership Roles