Security Analyst

Job Description

We sell the world's best chicken. Seriously. And we've done it since 1939, when the idea of crispy, original recipe chicken took Kentucky by storm. Now, we're proud to serve 1000+ communities across the UK and Ireland, bringing the grit, pride and iconic reputation that we started with, all those years ago.

Across the Restaurant Support Centre (RSC), we come to work to be ourselves, and to make something of ourselves. We want to see our potential go that little bit further, as part of one of the world's most iconic brands.

What's the gig? Well, you support our restaurants - and we'll support you every step of the way. Simple. Our doors are open - and they can take you anywhere.

All we ask is that you be you. Because that makes us, us. Sound good?

Great. Let's find out about that job.

The Security Analyst is responsible for safeguarding the organization's systems, data, and services through risk-based analysis, proactive security operations, and continuous improvement of controls.

This mid-level role blends hands-on technical work (e.g., vulnerability management, endpoint/EDR, SIEM monitoring) with risk reporting, mitigation planning, and compliance alignment (e.g., ISO 27001, NIST CSF, CIS Controls, GDPR). The successful candidate will be self‑motivated, detail‑oriented, and adept at prioritizing workload based on quantified risk and business impact.

We don't hire staff - we hire people. People with real lives and aspirations, building real careers. Each of us has something special to add to the mix we call work, and we'll always encourage you to add your perspective.

See, at KFC, everyone's welcome - whatever your background, and whatever future you're creating. We'll look out for you because you're one of us, not because you work for us. We'll invest in your potential, because it's what we've always done. But most of all, we'll give you the freedom to be you, wherever (and whoever) you happen to be.

We offer benefits that make your life that little bit easier, because we know the juggle is real.

From flexible, hybrid working and Live Well Days, we've created a package that supports the real you, in and out of work.

• Hybrid working from our Woking RSC (just 24 mins from London)
• Up to 11% company pension contributions
• 25 days' holiday (plus bank hols)
• 5 Live Well Days a year, just for you
• Bonus scheme linked to company & personal performance
• Private healthcare, Digital GP access & mental health coaching
• Enhanced parental leave and flexible return options
• Study support, income protection, life cover & more
• 25% off the chicken

Because real ones deserve real rewards.

WHAT WILL YOU SPEND YOUR TIME DOING?

• Contribute to, maintain, and enforce security policies, procedures, and standards.
• Oversee security risk assessments, vulnerability scans, and penetration tests.
• Monitor and triage security alerts from SIEM/EDR tools; investigate events, determine root cause analysis, and coordinate remediation.
• Coordinate with IT teams to implement technical safeguards, including firewalls, encryption, identity and access controls.
• Progress awareness programs to educate employees on security best practices.

• Produce periodic risk reports and dashboards for leadership, highlighting trends, key risks, and recommended mitigations.
• Assist in policy/procedure development, secure baselines, and compliance evidence collection for audits.
• Contribute to risk assessments (systems, projects, suppliers), translating technical issues into business risk statements with likelihood/impact.
• Support control design and testing aligned to frameworks (ISO 27001 Annex A, NIST CSF, CIS Controls) and regulatory obligations (e.g., GDPR; PCI DSS if in scope).
• Hold clear authority to challenge priorities, influence sequencing of investment, and recommend funding decisions at enterprise level

• Participate in incident response (IR) lifecycle: detection, analysis, containment, eradication, recovery, lessons learned.
• Maintain IR playbooks and run tabletop exercises; drive…