Graduate Operational Technology (OT) Cyber Security Analyst / Engineer 3 days a week onsite (London or Leicester or Sunderland or Crewe or Derby or Luton) Permanent role with excellent salary + company benefits This person will receive all the training and paid qualifications to move into an Operational Technology Compliance Manager role. We're looking for an ambitious engineering graduate with at least 1 years' experience of working with Operational Technology (OT) who is keen to build a long-term career in cybersecurity for critical infrastructure. Reporting into the Head of Information Security GRC and Group CISO this role sits within the Group Information Security team and offers a unique opportunity to work at the intersection of engineering systems and cybersecurity. You will help ensure that operational technologies across this large global organisation are designed, deployed and maintained securely, supporting the protection of critical transport systems. You will receive structured training, mentoring and financial support to achieve industry-recognised cybersecurity certifications, while gaining hands-on experience working with engineers, technology teams and security specialists across the organisation. This role is ideal for someone who has worked with rail operational systems or similar and wants to transition into the rapidly growing field of Operational Technology security. What You'll Be Doing Working alongside experienced cybersecurity and engineering specialists, you will: Support the implementation of the Operational Technology security strategy across engineering and operational teams. Assist in applying recognised cyber security frameworks such as National Institute of Standards and Technology Cyber Security Framework and IEC 62443 to operational environments. Work with engineering teams to understand how operational systems such as Supervisory Control and Data Acquisition, Programmable Logic Controller, and rail technologies like European Train Control System are designed and operated. Support the review of engineering designs to help ensure security considerations are included throughout the system lifecycle. Assist with vulnerability scanning, security assessments and assurance activities relating to operational technology systems. Work with the Security Operations Centre to help monitor and respond to security risks affecting operational environments. Help develop training materials and guidance for engineering teams on secure system design and operational practices. Contribute to security improvement plans following risk assessments or security testing. Training and Development As part of this role you will receive: Structured training in Operational Technology cybersecurity Mentoring from experienced cybersecurity and engineering professionals Financial support and study time for professional certifications such as: Certified Information Systems Security Professional Certified Information Security Manager ISO/IEC 27001 Lead Auditor Exposure to large-scale operational systems and real-world cybersecurity challenges Opportunities to grow into specialist OT security or cybersecurity leadership roles What We're Looking For Essential Degree in Engineering, Electrical Engineering, Electronic Engineering, Systems Engineering, or a related discipline Some practical experience of Operational Technology environments, such as industrial control systems, automation, or rail systems Understanding of technologies such as PLCs, SCADA, or industrial networks Interest in cybersecurity and protecting critical infrastructure Strong analytical and problem-solving skills Good communication skills and ability to work with both engineering and technology teams Desirable Experience through internships, placements or projects involving operational technology systems Exposure to rail or transport engineering environments Basic awareness of cybersecurity concepts Interest in pursuing professional cybersecurity certifications This role provides an exceptional opportunity to build a career in one of the fastest-growing areas of cybersecurity: Operational Technology security. You will gain experience protecting systems that support real-world infrastructure and transport operations, while receiving the training and professional support needed to develop into a specialist OT cybersecurity professional so if you're interested in this role please send your CV asap.
03/04/2026
Full time
Graduate Operational Technology (OT) Cyber Security Analyst / Engineer 3 days a week onsite (London or Leicester or Sunderland or Crewe or Derby or Luton) Permanent role with excellent salary + company benefits This person will receive all the training and paid qualifications to move into an Operational Technology Compliance Manager role. We're looking for an ambitious engineering graduate with at least 1 years' experience of working with Operational Technology (OT) who is keen to build a long-term career in cybersecurity for critical infrastructure. Reporting into the Head of Information Security GRC and Group CISO this role sits within the Group Information Security team and offers a unique opportunity to work at the intersection of engineering systems and cybersecurity. You will help ensure that operational technologies across this large global organisation are designed, deployed and maintained securely, supporting the protection of critical transport systems. You will receive structured training, mentoring and financial support to achieve industry-recognised cybersecurity certifications, while gaining hands-on experience working with engineers, technology teams and security specialists across the organisation. This role is ideal for someone who has worked with rail operational systems or similar and wants to transition into the rapidly growing field of Operational Technology security. What You'll Be Doing Working alongside experienced cybersecurity and engineering specialists, you will: Support the implementation of the Operational Technology security strategy across engineering and operational teams. Assist in applying recognised cyber security frameworks such as National Institute of Standards and Technology Cyber Security Framework and IEC 62443 to operational environments. Work with engineering teams to understand how operational systems such as Supervisory Control and Data Acquisition, Programmable Logic Controller, and rail technologies like European Train Control System are designed and operated. Support the review of engineering designs to help ensure security considerations are included throughout the system lifecycle. Assist with vulnerability scanning, security assessments and assurance activities relating to operational technology systems. Work with the Security Operations Centre to help monitor and respond to security risks affecting operational environments. Help develop training materials and guidance for engineering teams on secure system design and operational practices. Contribute to security improvement plans following risk assessments or security testing. Training and Development As part of this role you will receive: Structured training in Operational Technology cybersecurity Mentoring from experienced cybersecurity and engineering professionals Financial support and study time for professional certifications such as: Certified Information Systems Security Professional Certified Information Security Manager ISO/IEC 27001 Lead Auditor Exposure to large-scale operational systems and real-world cybersecurity challenges Opportunities to grow into specialist OT security or cybersecurity leadership roles What We're Looking For Essential Degree in Engineering, Electrical Engineering, Electronic Engineering, Systems Engineering, or a related discipline Some practical experience of Operational Technology environments, such as industrial control systems, automation, or rail systems Understanding of technologies such as PLCs, SCADA, or industrial networks Interest in cybersecurity and protecting critical infrastructure Strong analytical and problem-solving skills Good communication skills and ability to work with both engineering and technology teams Desirable Experience through internships, placements or projects involving operational technology systems Exposure to rail or transport engineering environments Basic awareness of cybersecurity concepts Interest in pursuing professional cybersecurity certifications This role provides an exceptional opportunity to build a career in one of the fastest-growing areas of cybersecurity: Operational Technology security. You will gain experience protecting systems that support real-world infrastructure and transport operations, while receiving the training and professional support needed to develop into a specialist OT cybersecurity professional so if you're interested in this role please send your CV asap.
About the role This is a fantastic opportunity to join Southern Water's Cyber Risk & Assurance team, the organisation's second line of defence within the wider Cyber Security function. As a Cyber Risk & Assurance Analyst, you'll play a central role in helping the business understand, manage and reduce cyber risk across critical operations. You'll be responsible for developing and improving cyber risk insights in your area of specialism, driving process and tooling enhancements, and supporting stakeholders across Technology, Legal and the wider business. This is a role for someone who enjoys tackling complex problems, breaking them down into actionable solutions, and collaborating with a wide range of experts. You'll also act as a trusted advisor helping colleagues understand cyber threats, risks and controls, and supporting the wider team in embedding strong cyber risk management practices across Southern Water. What you will be responsible for: You will conduct complex cyber risk assessments, strengthen key controls, deliver clear risk insights, and drive improvements across cyber domains - all while building collaborative relationships across Technology, Security, Legal and the business. Key Responsibilities Maintain an up-to-date understanding of the cyber threat landscape, relevant regulations (including NIS1/NIS2 and GDPR), and emerging risks. Lead, plan and perform complex cyber risk assessments aligned to industry-recognised frameworks, testing the design and effectiveness of cyber controls. Produce high-quality risk assessment reports with clear, actionable conclusions that support timely risk-based decision-making. Identify and deliver improvements across domains such as identity & access management, application security, endpoint security, and network security. Work closely with stakeholders across Security, Technology, Legal, Internal Audit and the wider business to assess control gaps, prioritise remediation actions and track progress to completion. Build strong working relationships across teams to influence, support and strengthen cyber risk management practices. Drive process improvements and enhancements across the Cyber Risk & Assurance function. Additional requirements specific to the role Will work closely with both technical teams and non-technical stakeholders, requiring an ability to communicate complex concepts clearly. Must be comfortable operating in an environment with regulatory, operational and cyber security obligations. Occasional engagement with internal or external audit teams may be required. What you'll bring to the role: Essential Degree-level education or equivalent experience. Strong knowledge of cyber security and information security control best practice. Proven experience in cyber security, risk management or security assessment (10+ years, or advanced degree with 8+ years). In-depth understanding of key frameworks such as NIST (800-37, 800-30, 800-53), ISO 27001/27005, SOC 2, PCI or MITRE ATT&CK. Solid understanding of cloud models, application security, vulnerability and patch management. Experience in regulated and/or unionised environments. Excellent communication skills with the ability to simplify complex findings for senior management. Strong attention to detail and a proactive, positive, innovative mindset. Desirable GRC or security certifications (e.g., CISSP, CISM, CRISC, CISA, GCFE, GSEC, CCSP). Experience with cyber risk modelling (e.g., CyberCube, RMS, Cyence). Hands-on experience with frameworks such as ISO 27001, NIST CSF, NCSC CAF or CIS Controls. Understanding of ICS/OT environments. Southern Water is at the forefront of transforming Britain's water industry, investing significantly to enhance resilience, sustainability, and service excellence. With £7.8bn planned investment for 2025-30, this is an unparalleled opportunity to join a business committed to delivering a generational shift in the way water services are managed. You will be joining at a time of significant change, working alongside a highly skilled leadership team with a clear vision for the future. We offer an environment where senior professionals can make a meaningful impact, influence major strategic decisions, and drive long-term value creation . At Southern Water, we believe diverse perspectives drive innovation. If you're passionate about making a positive impact and think you can bring value to our team, we'd love to hear from you-even if you don't tick every box. Your unique skills and experiences could be exactly what we need. Our Commitment to Diversity We welcome applicants from all backgrounds, identities, and experiences. We do not discriminate based on race, ethnicity, gender, sexual orientation, age, disability, religion, or any other protected characteristic. If you need reasonable adjustments during the recruitment process, please let us know. Additional information: In line with Southern Water's security requirements, successful candidates will be required to provide evidence of their identity, eligibility to work in the UK, criminal record check (DBS) and verification of their employment and/or education history for the past three years. Appointment to this role is subject to the successful completion of all preemployment checks, including security vetting. Please note that if a candidate does not meet the required security standards or fails to pass the vetting process, Southern Water reserves the right to withdraw the offer of employment. Some positions may also require higher levels of security vetting, which may involve providing additional documentation.
01/04/2026
Full time
About the role This is a fantastic opportunity to join Southern Water's Cyber Risk & Assurance team, the organisation's second line of defence within the wider Cyber Security function. As a Cyber Risk & Assurance Analyst, you'll play a central role in helping the business understand, manage and reduce cyber risk across critical operations. You'll be responsible for developing and improving cyber risk insights in your area of specialism, driving process and tooling enhancements, and supporting stakeholders across Technology, Legal and the wider business. This is a role for someone who enjoys tackling complex problems, breaking them down into actionable solutions, and collaborating with a wide range of experts. You'll also act as a trusted advisor helping colleagues understand cyber threats, risks and controls, and supporting the wider team in embedding strong cyber risk management practices across Southern Water. What you will be responsible for: You will conduct complex cyber risk assessments, strengthen key controls, deliver clear risk insights, and drive improvements across cyber domains - all while building collaborative relationships across Technology, Security, Legal and the business. Key Responsibilities Maintain an up-to-date understanding of the cyber threat landscape, relevant regulations (including NIS1/NIS2 and GDPR), and emerging risks. Lead, plan and perform complex cyber risk assessments aligned to industry-recognised frameworks, testing the design and effectiveness of cyber controls. Produce high-quality risk assessment reports with clear, actionable conclusions that support timely risk-based decision-making. Identify and deliver improvements across domains such as identity & access management, application security, endpoint security, and network security. Work closely with stakeholders across Security, Technology, Legal, Internal Audit and the wider business to assess control gaps, prioritise remediation actions and track progress to completion. Build strong working relationships across teams to influence, support and strengthen cyber risk management practices. Drive process improvements and enhancements across the Cyber Risk & Assurance function. Additional requirements specific to the role Will work closely with both technical teams and non-technical stakeholders, requiring an ability to communicate complex concepts clearly. Must be comfortable operating in an environment with regulatory, operational and cyber security obligations. Occasional engagement with internal or external audit teams may be required. What you'll bring to the role: Essential Degree-level education or equivalent experience. Strong knowledge of cyber security and information security control best practice. Proven experience in cyber security, risk management or security assessment (10+ years, or advanced degree with 8+ years). In-depth understanding of key frameworks such as NIST (800-37, 800-30, 800-53), ISO 27001/27005, SOC 2, PCI or MITRE ATT&CK. Solid understanding of cloud models, application security, vulnerability and patch management. Experience in regulated and/or unionised environments. Excellent communication skills with the ability to simplify complex findings for senior management. Strong attention to detail and a proactive, positive, innovative mindset. Desirable GRC or security certifications (e.g., CISSP, CISM, CRISC, CISA, GCFE, GSEC, CCSP). Experience with cyber risk modelling (e.g., CyberCube, RMS, Cyence). Hands-on experience with frameworks such as ISO 27001, NIST CSF, NCSC CAF or CIS Controls. Understanding of ICS/OT environments. Southern Water is at the forefront of transforming Britain's water industry, investing significantly to enhance resilience, sustainability, and service excellence. With £7.8bn planned investment for 2025-30, this is an unparalleled opportunity to join a business committed to delivering a generational shift in the way water services are managed. You will be joining at a time of significant change, working alongside a highly skilled leadership team with a clear vision for the future. We offer an environment where senior professionals can make a meaningful impact, influence major strategic decisions, and drive long-term value creation . At Southern Water, we believe diverse perspectives drive innovation. If you're passionate about making a positive impact and think you can bring value to our team, we'd love to hear from you-even if you don't tick every box. Your unique skills and experiences could be exactly what we need. Our Commitment to Diversity We welcome applicants from all backgrounds, identities, and experiences. We do not discriminate based on race, ethnicity, gender, sexual orientation, age, disability, religion, or any other protected characteristic. If you need reasonable adjustments during the recruitment process, please let us know. Additional information: In line with Southern Water's security requirements, successful candidates will be required to provide evidence of their identity, eligibility to work in the UK, criminal record check (DBS) and verification of their employment and/or education history for the past three years. Appointment to this role is subject to the successful completion of all preemployment checks, including security vetting. Please note that if a candidate does not meet the required security standards or fails to pass the vetting process, Southern Water reserves the right to withdraw the offer of employment. Some positions may also require higher levels of security vetting, which may involve providing additional documentation.
We are partnering an Energy Data provider who are looking for a hands-on Cyber Security Analyst to join their internal IT & Security team during a pivotal period of change. A true 4-day working week My client operates Monday to Thursday, working week, with Fridays off. Extensive Microsoft Purview experience is required for this role. Responsibilities Own and run our vulnerability and patch management processes Investigate and respond to security incidents (malware, phishing, unauthorised access, etc.) Conduct vulnerability assessments and support remediation efforts Help implement and enforce security policies, standards, and procedures Partner with IT colleagues and business units to ensure secure configurations Support audits, risk assessments, and compliance initiatives (ISO 27001, GDPR, NIST) Act as a key escalation point for security investigations Maximise the effectiveness of Microsoft Defender, Intune, and Purview Promote cyber awareness and best practice across the organisation Collaborate with the Information Security Manager and Compliance Team on GRC activity Stay ahead of emerging threats, vulnerabilities, and industry trends Identify opportunities to improve security tooling, processes, and controls Skills & Experience Needed Microsoft 365 Defender/Security Portal (endpoint and identity protection) Microsoft Purview (data governance and compliance, including Compliance Portal) Proven hands-on experience remediating vulnerabilities and applying patches in a live environment A strong understanding of cybersecurity principles and threat landscapes Experience with endpoint, network, and identity security within Microsoft ecosystems. Strong troubleshooting and analytical skills Effective communication and collaboration across technical and non-technical teams Relevant certifications (eg, Security+, CySA+, SC-200, SSCP) are beneficial Familiarity with Power Platform and Power BI is advantageous A minimum of three years of relevant experience in similar positions. If you're looking to join a forward-thinking organisation, play a key role in strengthening its security infrastructure, and enjoy a better work-life balance with a 4-day work week, please email your CV. Etech Partners needs to collect and use your personal information when you apply for a role. We understand that you care about your privacy, and we take that seriously. Our Privacy Notice describes our policies and practices regarding collection and use of your personal data. By applying for this job you accept the Privacy Policy.
01/04/2026
Full time
We are partnering an Energy Data provider who are looking for a hands-on Cyber Security Analyst to join their internal IT & Security team during a pivotal period of change. A true 4-day working week My client operates Monday to Thursday, working week, with Fridays off. Extensive Microsoft Purview experience is required for this role. Responsibilities Own and run our vulnerability and patch management processes Investigate and respond to security incidents (malware, phishing, unauthorised access, etc.) Conduct vulnerability assessments and support remediation efforts Help implement and enforce security policies, standards, and procedures Partner with IT colleagues and business units to ensure secure configurations Support audits, risk assessments, and compliance initiatives (ISO 27001, GDPR, NIST) Act as a key escalation point for security investigations Maximise the effectiveness of Microsoft Defender, Intune, and Purview Promote cyber awareness and best practice across the organisation Collaborate with the Information Security Manager and Compliance Team on GRC activity Stay ahead of emerging threats, vulnerabilities, and industry trends Identify opportunities to improve security tooling, processes, and controls Skills & Experience Needed Microsoft 365 Defender/Security Portal (endpoint and identity protection) Microsoft Purview (data governance and compliance, including Compliance Portal) Proven hands-on experience remediating vulnerabilities and applying patches in a live environment A strong understanding of cybersecurity principles and threat landscapes Experience with endpoint, network, and identity security within Microsoft ecosystems. Strong troubleshooting and analytical skills Effective communication and collaboration across technical and non-technical teams Relevant certifications (eg, Security+, CySA+, SC-200, SSCP) are beneficial Familiarity with Power Platform and Power BI is advantageous A minimum of three years of relevant experience in similar positions. If you're looking to join a forward-thinking organisation, play a key role in strengthening its security infrastructure, and enjoy a better work-life balance with a 4-day work week, please email your CV. Etech Partners needs to collect and use your personal information when you apply for a role. We understand that you care about your privacy, and we take that seriously. Our Privacy Notice describes our policies and practices regarding collection and use of your personal data. By applying for this job you accept the Privacy Policy.
We are partnering an Energy Data provider who are looking for a hands-on Cyber Security Analyst to join their internal IT & Security team during a pivotal period of change. A true 4-day working week My client operates Monday to Thursday, working week, with Fridays off. Extensive Microsoft Purview experience is required for this role. Responsibilities Own and run our vulnerability and patch management processes Investigate and respond to security incidents (malware, phishing, unauthorised access, etc.) Conduct vulnerability assessments and support remediation efforts Help implement and enforce security policies, standards, and procedures Partner with IT colleagues and business units to ensure secure configurations Support audits, risk assessments, and compliance initiatives (ISO 27001, GDPR, NIST) Act as a key escalation point for security investigations Maximise the effectiveness of Microsoft Defender, Intune, and Purview Promote cyber awareness and best practice across the organisation Collaborate with the Information Security Manager and Compliance Team on GRC activity Stay ahead of emerging threats, vulnerabilities, and industry trends Identify opportunities to improve security tooling, processes, and controls Skills & Experience Needed Microsoft 365 Defender/Security Portal (endpoint and identity protection) Microsoft Purview (data governance and compliance, including Compliance Portal) Proven hands-on experience remediating vulnerabilities and applying patches in a live environment A strong understanding of cybersecurity principles and threat landscapes Experience with endpoint, network, and identity security within Microsoft ecosystems. Strong troubleshooting and analytical skills Effective communication and collaboration across technical and non-technical teams Relevant certifications (eg, Security+, CySA+, SC-200, SSCP) are beneficial Familiarity with Power Platform and Power BI is advantageous A minimum of three years of relevant experience in similar positions. If you're looking to join a forward-thinking organisation, play a key role in strengthening its security infrastructure, and enjoy a better work-life balance with a 4-day work week, please email your CV. Etech Partners needs to collect and use your personal information when you apply for a role. We understand that you care about your privacy, and we take that seriously. Our Privacy Notice describes our policies and practices regarding collection and use of your personal data. By applying for this job you accept the Privacy Policy.
01/04/2026
Full time
We are partnering an Energy Data provider who are looking for a hands-on Cyber Security Analyst to join their internal IT & Security team during a pivotal period of change. A true 4-day working week My client operates Monday to Thursday, working week, with Fridays off. Extensive Microsoft Purview experience is required for this role. Responsibilities Own and run our vulnerability and patch management processes Investigate and respond to security incidents (malware, phishing, unauthorised access, etc.) Conduct vulnerability assessments and support remediation efforts Help implement and enforce security policies, standards, and procedures Partner with IT colleagues and business units to ensure secure configurations Support audits, risk assessments, and compliance initiatives (ISO 27001, GDPR, NIST) Act as a key escalation point for security investigations Maximise the effectiveness of Microsoft Defender, Intune, and Purview Promote cyber awareness and best practice across the organisation Collaborate with the Information Security Manager and Compliance Team on GRC activity Stay ahead of emerging threats, vulnerabilities, and industry trends Identify opportunities to improve security tooling, processes, and controls Skills & Experience Needed Microsoft 365 Defender/Security Portal (endpoint and identity protection) Microsoft Purview (data governance and compliance, including Compliance Portal) Proven hands-on experience remediating vulnerabilities and applying patches in a live environment A strong understanding of cybersecurity principles and threat landscapes Experience with endpoint, network, and identity security within Microsoft ecosystems. Strong troubleshooting and analytical skills Effective communication and collaboration across technical and non-technical teams Relevant certifications (eg, Security+, CySA+, SC-200, SSCP) are beneficial Familiarity with Power Platform and Power BI is advantageous A minimum of three years of relevant experience in similar positions. If you're looking to join a forward-thinking organisation, play a key role in strengthening its security infrastructure, and enjoy a better work-life balance with a 4-day work week, please email your CV. Etech Partners needs to collect and use your personal information when you apply for a role. We understand that you care about your privacy, and we take that seriously. Our Privacy Notice describes our policies and practices regarding collection and use of your personal data. By applying for this job you accept the Privacy Policy.
Acorn Insurance and Financial Services Limited
Liverpool
Due to a period of exciting growth Acorn are looking for a highly skilled and experienced Senior Information Security Analyst to join our Information Security Team. Within this role you get the opportunity to join a collaborative team and have a chance to blend GRC responsibilities with technical security experience, all whilst working for a market leading insurance company, supporting and maintaining robust security controls and regulatory compliance.
Job Title: Senior Information Security Analyst (12 month FTC)
Location: Liverpool City Centre, Hybrid working available
Working Hours: Monday to Friday, 37.5 hours per week , 9:00 AM – 5:30 PM
Salary: £50,000 - £60,000 pa (DOE).
What you will be doing:
Work with all parties across the business to identify and assess risk and ensure mitigations are tracked to completion.
Lead the development and maintenance of information security policies, standards and procedures in line with regulatory frameworks and industry standards.
Lead third party risk management processes.
Collaborate across all areas of the business to align security policies and processes with business objectives and regulatory obligations.
Work with Security Operations and IT teams to provide oversight of vulnerability assessments and remediation activities.
Lead on security architecture reviews for new systems and services.
Evaluate technical security controls and recommending improvements.
Support the implementation of security tools and technologies.
Provide oversight of the security incident management process.
Provide security metrics for interested parties at all levels.
Lead the security awareness programme to promote a culture of security within all levels of the Group.
Provide support for internal and external security audits.
Lead security governance meetings representing the Information Security team and standing in for the Head of Information Security when required.
Provide subject matter expertise liaising across all business functions.
What we look for:
Minimum 5 years' experience in information security roles.
Strong leadership and mentorship abilities with a strategic mindset.
Experience with risk assessment methodologies.
Excellent analytical and problem-solving skills with attention to detail.
Strong communication skills with the ability to explain complex security concepts to non-technical stakeholders.
Ability to manage risk and compliance projects and drive security initiatives.
Knowledge of information security frameworks such as ISO 27001 or NIST.
Knowledge of vulnerability management processes.
About Acorn Insurance With over 40 years of experience, Acorn Insurance is a specialist provider dedicated to helping individuals secure motor insurance across the UK. We proudly serve more than 50,000 customers, ensuring they find policies that meet their needs and provide the peace of mind that comes with high-quality cover.
At Acorn Insurance, we offer comprehensive training and continuous in-house coaching. You'll receive in-depth, FCA-regulated industry knowledge and all the tools necessary to grow your career with us.
We celebrate diversity and are committed to fostering a culture where everyone feels respected and valued. As a Disability Confident Level 1 and Level 2 employer, we ensure our workplace is accessible and inclusive, encouraging our people to bring their best selves to work every day.
The Acorn Group has been recognised as a Great Place to Work for 2024/5. A record number of employees participated in our survey, overwhelmingly highlighting our welcoming and supportive atmosphere as an excellent place to build a career. We are committed to continuous improvement and have ambitious plans for 2025.
Why Acorn Insurance? Acorn Insurance want to give you more than a job, we want to give you a purpose and a career. So, what can we offer you as an employer? Some of the "your tomorrow" benefits you will receive include: Wellbeing:
Enhanced Annual Leave entitlement starting at 31 days and potentially increasing to 35 days per year depending on grade & length of service (including bank holidays)
Enhanced paternity pay and 16 weeks full maternity pay.
Colleague Assistance programme offers a suite of wellbeing services such as:
6 Free Counselling sessions per year
Unlimited access to a telephone councillor 24/7
Access to a free 4-week programme of cognitive behavioural therapy (CBT) with a trained therapist mentor.
Network of internal qualified mental health first aiders are available to provide support to colleagues.
Financial:
A core level of life assurance with the option to increase cover via salary sacrifice and add your spouse/partner
Ability to access your earnings before payday via Dayforce Wallet.
Company pension scheme
Refer a friend scheme with a £250 bonus for every colleague recommended on passing their probation period.
Access to a flexible benefits platform including an annual flex pot allowance to spend on over 15 benefits of your choice.
Ability to give back. You can opt into donating money to charity to climate positive organisations directly from your salary.
Reward, Recognition and Culture :
Long Service Award paid on 5,10- and 15-years’ service
A reward and recognition hub to celebrate and reward colleagues and peers.
Consistent and engaging company events including company awards, competitions and charity fundraisers.
Budgets for department leaders to use for social and engagement events. Please visit out website to view more of our excellent work benefits!
All roles are subject to DBS and Financial checks, any offer made will be conditional until checks are completed to a satisfactory standard. Unfortunately, due to the length of training and complexity of the role, we can only accept applications from candidates who have at least one year remaining on their (Graduate/ Post study work) visa. Unfortunately, we are unable to provide visa sponsorships. At Acorn, we are committed to creating an inclusive and supportive work environment. We recognise that candidates may have specific needs and are happy to consider reasonable adjustments to the recruitment process and working environment to accommodate individual requirements. Whether it’s modifying equipment, adjusting working hours, or providing additional support, we aim to ensure all employees can perform at their best. If you require any reasonable adjustments, please let us know during the application or interview process, and we will work with you to ensure your needs are met.
25/04/2025
Full time
Due to a period of exciting growth Acorn are looking for a highly skilled and experienced Senior Information Security Analyst to join our Information Security Team. Within this role you get the opportunity to join a collaborative team and have a chance to blend GRC responsibilities with technical security experience, all whilst working for a market leading insurance company, supporting and maintaining robust security controls and regulatory compliance.
Job Title: Senior Information Security Analyst (12 month FTC)
Location: Liverpool City Centre, Hybrid working available
Working Hours: Monday to Friday, 37.5 hours per week , 9:00 AM – 5:30 PM
Salary: £50,000 - £60,000 pa (DOE).
What you will be doing:
Work with all parties across the business to identify and assess risk and ensure mitigations are tracked to completion.
Lead the development and maintenance of information security policies, standards and procedures in line with regulatory frameworks and industry standards.
Lead third party risk management processes.
Collaborate across all areas of the business to align security policies and processes with business objectives and regulatory obligations.
Work with Security Operations and IT teams to provide oversight of vulnerability assessments and remediation activities.
Lead on security architecture reviews for new systems and services.
Evaluate technical security controls and recommending improvements.
Support the implementation of security tools and technologies.
Provide oversight of the security incident management process.
Provide security metrics for interested parties at all levels.
Lead the security awareness programme to promote a culture of security within all levels of the Group.
Provide support for internal and external security audits.
Lead security governance meetings representing the Information Security team and standing in for the Head of Information Security when required.
Provide subject matter expertise liaising across all business functions.
What we look for:
Minimum 5 years' experience in information security roles.
Strong leadership and mentorship abilities with a strategic mindset.
Experience with risk assessment methodologies.
Excellent analytical and problem-solving skills with attention to detail.
Strong communication skills with the ability to explain complex security concepts to non-technical stakeholders.
Ability to manage risk and compliance projects and drive security initiatives.
Knowledge of information security frameworks such as ISO 27001 or NIST.
Knowledge of vulnerability management processes.
About Acorn Insurance With over 40 years of experience, Acorn Insurance is a specialist provider dedicated to helping individuals secure motor insurance across the UK. We proudly serve more than 50,000 customers, ensuring they find policies that meet their needs and provide the peace of mind that comes with high-quality cover.
At Acorn Insurance, we offer comprehensive training and continuous in-house coaching. You'll receive in-depth, FCA-regulated industry knowledge and all the tools necessary to grow your career with us.
We celebrate diversity and are committed to fostering a culture where everyone feels respected and valued. As a Disability Confident Level 1 and Level 2 employer, we ensure our workplace is accessible and inclusive, encouraging our people to bring their best selves to work every day.
The Acorn Group has been recognised as a Great Place to Work for 2024/5. A record number of employees participated in our survey, overwhelmingly highlighting our welcoming and supportive atmosphere as an excellent place to build a career. We are committed to continuous improvement and have ambitious plans for 2025.
Why Acorn Insurance? Acorn Insurance want to give you more than a job, we want to give you a purpose and a career. So, what can we offer you as an employer? Some of the "your tomorrow" benefits you will receive include: Wellbeing:
Enhanced Annual Leave entitlement starting at 31 days and potentially increasing to 35 days per year depending on grade & length of service (including bank holidays)
Enhanced paternity pay and 16 weeks full maternity pay.
Colleague Assistance programme offers a suite of wellbeing services such as:
6 Free Counselling sessions per year
Unlimited access to a telephone councillor 24/7
Access to a free 4-week programme of cognitive behavioural therapy (CBT) with a trained therapist mentor.
Network of internal qualified mental health first aiders are available to provide support to colleagues.
Financial:
A core level of life assurance with the option to increase cover via salary sacrifice and add your spouse/partner
Ability to access your earnings before payday via Dayforce Wallet.
Company pension scheme
Refer a friend scheme with a £250 bonus for every colleague recommended on passing their probation period.
Access to a flexible benefits platform including an annual flex pot allowance to spend on over 15 benefits of your choice.
Ability to give back. You can opt into donating money to charity to climate positive organisations directly from your salary.
Reward, Recognition and Culture :
Long Service Award paid on 5,10- and 15-years’ service
A reward and recognition hub to celebrate and reward colleagues and peers.
Consistent and engaging company events including company awards, competitions and charity fundraisers.
Budgets for department leaders to use for social and engagement events. Please visit out website to view more of our excellent work benefits!
All roles are subject to DBS and Financial checks, any offer made will be conditional until checks are completed to a satisfactory standard. Unfortunately, due to the length of training and complexity of the role, we can only accept applications from candidates who have at least one year remaining on their (Graduate/ Post study work) visa. Unfortunately, we are unable to provide visa sponsorships. At Acorn, we are committed to creating an inclusive and supportive work environment. We recognise that candidates may have specific needs and are happy to consider reasonable adjustments to the recruitment process and working environment to accommodate individual requirements. Whether it’s modifying equipment, adjusting working hours, or providing additional support, we aim to ensure all employees can perform at their best. If you require any reasonable adjustments, please let us know during the application or interview process, and we will work with you to ensure your needs are met.
