Senior Information Security & Compliance Analyst

We are looking to strengthen the MWH Business Systems team with a Senior Information Security & Compliance Analyst based at the Hattersley office with hybrid working available.

 The Senior Information Security & Compliance Analyst supports the effective governance, operation, and continuous improvement of the organisation’s information security and data protection processes. You will act as the second‑in‑command to the Information Security & Compliance Manager, providing hands‑on support for day‑to‑day compliance activities, incident response, risk management, and stakeholder engagement. The role ensures resilience and consistency in the organisation’s security and privacy controls, particularly during periods of increased workload or officer absence.

Working within the MWH Treatment Business Systems team, this role is central to the security and governance of the business.

You will be a key point of contact for MWH staff, clients, suppliers and other RSK group companies relating to information security and data protection matters.

You will work alongside the internal Cyber Security team and external consultants to assess risks to MWH Treatment, develop mitigation strategies and implement controls. You will help assess new software for security risks, contractual risks in the vendor’s terms and conditions, and ensure privacy controls are in place.

You will be part of the MWH Business Continuity team, helping with security incident response planning, incident management and investigation. You will work with all parts of the business, service providers, external consultants, clients, JV partners, RSK Group companies and our supply chain partners.

MWH Treatment are working towards attaining ISO 27001 certification. You will play a significant role in working with stakeholders and risk owners to define and document controls, coordinate progress, track issues and monitor compliance.

You will assist the Information Security and Compliance Manager in their role of company Data Protection Officer (DPO). Acting as a deputy Data Protection Officer, you will be expected to:

• Deputise for the company DPO
• Be a point of contact, providing day to day advice, training and guidance to the business
• Help develop policy and guidance
• Support operational decision making with privacy input
• Maintain Records of Processing Activities (RoPA)
• Work with the HR team to manage or quality check DSAR responses
• Help coordinate searches and redactions
• Investigate privacy complaints
• Ensure statutory deadlines are met

MWH work in a regulated environment for owners of Critical National Infrastructure. Part of your role will be to help answer InfoSec, CyberSec and Privacy questions, draft technical responses for tenders, work with external and internal auditors, insurers and regulators.

A working knowledge of the Data Protection Act 2018, UK-GDPR and associated legislation is desirable for this role. Knowledge of ISO27001, Data Loss Prevention (DLP) strategies and records retention would be an advantage. Some knowledge of basic cyber security techniques will also be helpful. It should be noted that this is a strategic and governance role, not a technical cyber security role.

Experience:

• Some experience in or an understanding of information security, data privacy, IT governance, or a related technical/analytical role.
• Experience supporting audits, security operations, or compliance programmes would be beneficial.
• Experience working in a technology driven or data sensitive environment preferred.
•  Understanding of cloud security, IT operations, and system administration (advantageous but not essential).

• Certifications desirable but not essential: ISO27001 Internal Auditor, CompTIA Security+, CISM/CIPM/CIPP (working towards accepted).