Senior Information Security Analyst

About The Role

Job Title: Senior Information Security Analyst

Location: Chester or Wolverhampton NDC

Employment Type: Full-Time

Reports To: Head of IT Operations

Job Overview

The Senior Information Security Analyst is responsible for developing, implementing, and

overseeing the organizationʼs information security strategy to protect sensitive data, systems,

and cloud environments from threats. This role manages vendor partnerships, and ensures

compliance with regulatory standards. The Senior Information Security Analyst is a proactive

leader with deep expertise in cybersecurity, cloud security, and vendor coordination, dedicated

to maintaining a robust security posture.

Key Responsibilities

• Foster a culture of security awareness.
• Develop and maintain the organizationʼs information security policies, procedures, and risk management framework.
• Oversee security for cloud platforms (e.g., AWS, Azure, Google Cloud), ensuring configurations meet best practices and compliance requirements.
• Manage relationships with security vendors (e.g., firewall providers, penetration testing firms, cloud security tools), negotiating contracts and evaluating service performance.
• Conduct risk assessments and audits across on-premises and cloud environments, identifying vulnerabilities and implementing mitigation strategies.
• Monitor security events using tools (e.g., SIEM, IDS/IPS, Sentinel1), leading incident response efforts and coordinating with vendors during breaches.
• Ensure compliance with regulations (e.g., GDPR, HIPAA, PCI-DSS) and industry standards (e.g., Cyber Essentials, ISO 27001, NIST), liaising with auditors and vendors as needed.
• Collaborate with IT teams to secure infrastructure, applications, and endpoints, integrating security into cloud and hybrid deployments. Oversee security awareness training programs for employees to reduce human-related risks.
• Manage the security budget, including vendor agreements and cloud security tool subscriptions, optimizing investments for maximum protection.
• Develop and test incident response, disaster recovery, and business continuity plans, ensuring alignment with cloud and vendor dependencies.
• Provide regular reports to senior leadership on security posture, incidents, vendor performance, and compliance status.
  
  

About You

Skills and Qualifications:

• Extensive experience in information security management (5+ years preferred), with a focus on team leadership and risk management.
• Strong knowledge of cloud security principles and platforms (e.g., AWS Security Hub, Azure Security Center), including identity management and encryption.
• Proven experience managing security vendors, from procurement to ongoing service oversight.
• Expertise in security technologies (e.g., firewalls, VPNs, endpoint protection) and frameworks (e.g., NIST, CIS Controls).
• Familiarity with scripting (e.g., Python, PowerShell) or automation tools to enhance security operations is a plus. Exceptional analytical skills to assess risks and respond to complex security incidents.
• Excellent communication and leadership abilities to influence stakeholders, vendors, and employees.
• Relevant certifications (e.g., CISSP, CISM, AWS Certified Security, CRISC) are highly desirable.
  
  

Personal Attributes

• Strategic and detail-oriented, with a passion for protecting organizational assets.
• Calm under pressure, with strong decision-making skills during security incidents.
• Collaborative leader, adept at aligning security goals with business objectives.
  
  

Working Conditions: Office-based with hybrid flexibility, with on-call availability for critical security incidents. May involve travel for vendor meetings, audits, or industry conferences.

About Us

GSF Car Parts is one of the UK’s leading automotive parts distributors, supplying thousands of independent garages throughout the UK and Ireland with parts, tools, garage equipment and specialist training. The group has over 175 branches nationwide and a turnover exceeding £475 million. Built on the heritage and success of a dozen local brand identities acquired over several years, we have traded as one brand since November 2021. Our branch network is bolstered by centralised support and expertise from specialist departments in key areas such as procurement and supply chain, marketing and national accounts. The business also benefits from integrated IT systems, which include our industry leading catalogue system, Allicat, and access to the Group's national garage programme, Servicesure.

#INDGSF