Information Security Analyst - Audit, Compliance & Cybersecurity

Requisition

Reporting into:
Director Information

Role Type:
Individual Contributor

The Information Security Analyst is primarily responsible for ensuring compliance with information security frameworks such as Cyber Essentials, Cyber Essentials Plus, ISO 27001, ISO 27701, ISO 42001, GDPR, and DORA. The role focuses on internal audits, regulatory compliance, readiness for external audits, and contributing to CSOC activities including incident monitoring and response.

• Conduct internal audits to evaluate and enhance IT controls, compliance with standards and risk management processes.
• Assist control owners in scoping evidence and preparing for external audits.
• Facilitate and conduct internal gap assessments and audit readiness evaluations for ISO 27001, GDPR, and DORA.
• Monitor updates to Cyber Essentials, ISO and regulatory frameworks and ensure internal alignment.
• Develop and maintain control narratives, walkthroughs and documentation of compliance processes.
• Identify control deficiencies and recommend cost‑effective remediation actions.
• Draft audit reports and present findings to management.
• Collaborate with external audit teams to streamline processes and provide documentation.
• Use SIEM solutions (e.g., Rapid7 InsightIDR) to assist with security monitoring and incident detection.
• Participate in incident response efforts, documenting incidents and aiding containment and recovery.
• Analyze cybersecurity threats and implement recommendations to improve posture.
• Assist in creating and refining cybersecurity policies and operational procedures.
• Support tracking and remediation of vulnerabilities with IT and Security Operations teams.

• Strong expertise in audit and compliance frameworks: ISO 27001, ISO 27701, ISO 42001, GDPR, DORA, Cyber Essentials and Cyber Essentials Plus.
• Familiarity with CSOC tools such as Rapid7 InsightIDR or other SIEM solutions.
• Hands‑on experience in internal and external audits, compliance assessments and process improvement.
• Basic understanding of incident response frameworks and cybersecurity best practices.
• Exceptional analytical, organizational and communication skills.
• Commitment to continuous learning in audit, compliance and security.

• Master’s degree in Cybersecurity, Risk Management or related field.
• Certifications:
  
  Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), ISO 27001 Lead Auditor or Implementer, Cyber Essentials Assessor, GIAC certifications (e.g., GCIH, GSEC).

NICE is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, age, sex, marital status, ancestry, neurotype, physical or mental disability, veteran status, gender identity, sexual orientation or any other category protected by law.

NICE Ltd. (NASDAQ: NICE) offers software products used by 25,000+ global businesses, including 85 of the Fortune 100 corporations, to deliver extraordinary customer experiences and fight financial crime. The company serves over 120 million customer interactions and monitors more than 3 billion financial transactions each day, with over 8,500 employees across 30+ countries.