Information Security Analyst

Responsibilities

• Manage information security governance, risk, and compliance, including the maintenance of ISO 27001 certification and the global ISMS.
• Serve as the primary point of contact for client security requests, providing detailed evidence-based responses and attending client meetings.
• Conduct third-party risk assessments, including vendor security due diligence and control evaluations.
• Review contracts and agreements to ensure alignment with information security requirements and standards.
• Perform business impact assessments and facilitate business continuity and disaster recovery exercises.
• Identify, assess, and mitigate information security risks using central risk management tooling.
• Support the development and delivery of security awareness and training programs for employees.

Requirements

• Bachelor's degree in Computer Science, Information Security, or a related field.
• 3-4 years of experience in information security, compliance, or a related field.
• Lead Implementer Training for ISO 27001.
• Hands-on experience with GRC (Governance, Risk, and Compliance) tooling.
• Strong English verbal and written communication skills, with the ability to write technical reports and present to stakeholders.
• Ability to work in a 6-month contractual role.

Preferred Qualifications

• ISO 27001 Lead Auditor certification.
• CISA (Certified Information Systems Auditor) certification.
• CRISC (Certified in Risk and Information Systems Control) certification.

About the Company

ERM is a leading global sustainability consulting firm committed to helping organizations navigate complex environmental, social, and governance (ESG) challenges. With nearly 50 years of experience, ERM provides strategic transformation and technical delivery to help clients operationalize sustainability at scale.