Lead Security Analyst (Data, Cloud & Compliance)

Lead Security Analyst (Data, Cloud & Compliance) 

Purpose of the Role

The Lead Security Analyst ensures the confidentiality, integrity, and availability of data by embedding security by design, by default, and by change across the full delivery lifecycle.
The role translates regulatory and technical requirements into practical, executable security controls—supporting delivery teams from intake to run, with a strong focus on risk reduction, compliance, and audit‑ready outcomes.

Key Responsibilities Security in Delivery (SDLC)

• Embed security and compliance requirements early in the delivery lifecycle.

• Review and challenge functional, security, and design documentation to ensure controls are:

  • risk‑based, implementable, and testable

  • aligned with data classification and CIA requirements

• Prevent late‑stage security issues, rework, and uncontrolled scope change.

Risk & Security Assessments

• Lead or support Security Business Impact Assessments (lite or full scope).

• Define and validate High‑Level Security Requirements aligned to real risks and regulatory obligations.

• Perform security risk assessments and support governance and approval processes.

• Manage risk exceptions end to end (justification, compensating controls, approvals, expiry, and closure).

Security Testing & Remediation

• Support security testing (e.g. penetration tests), including scope definition, readiness, and remediation planning.

• Ensure vulnerabilities are prioritised, owned, resolved, and validated.

Data Governance & Data Protection

• Support implementation of data governance controls, including classification, retention, usage, and access management.

• Support GDPR compliance activities, including identification of personal data, DPIAs, and GDPR threshold assessments.

• Ensure proportional protection aligned with regulatory and policy requirements.

Advisory & Collaboration

• Act as single point of contact for delivery teams on security and compliance topics.

• Advise Product Owners, Business Analysts, Engineers, and Delivery Leads with clear, pragmatic guidance.

• Represent the team in governance forums such as the Security Exception Review Board and Cloud Services Committee.

• Collaborate closely with security, risk, legal, compliance, audit, and platform collaborators.

What Success Looks Like

• Security requirements defined up front and implemented without delivery friction.

• Fewer late security findings, risk exceptions, and audit issues.

• Clear ownership and timely closure of security risks and vulnerabilities.

• Consistent, measurable application of security and data protection controls.

Core Expertise

• Information security and risk management in regulated environments.

• Security assessment and control design across the SDLC.

• Data security, access control, logging, and auditability.

• GDPR and personal data protection in delivery and run contexts.

What We’re Looking For Experience

• 5–10 years in information security, risk, or security assurance.

• Proven experience supporting secure, compliant delivery—not only defining policy.

• Hands‑on involvement in risk assessments, security testing, and remediation.

Capabilities

• Translate regulatory and technical requirements into clear, actionable plans.

• Balance risk, compliance, and delivery constraints without lowering standards.

• Confidently challenge designs, assumptions, and decisions when risk demands it.

Soft Skills (Critical)

• Strong communication and collaboration skills.

• Critical thinking with a “what can go wrong?” attitude.

• Comfortable challenging and defending security positions.

• Structured, detail‑focused, and execution‑focused.