What Does an Information Security Analyst Do? Salary, Skills, and More

The 21st century has already seen large information breaches at big companies in which sensitive data—including the credit card numbers, passwords, and social security numbers of hundreds of millions of users—were compromised. Information security analysts, also called cybersecurity analysts or IT security coordinators, work to protect organisations from similar threats, preventing data hacks and breaches.

As the digitalisation of our society continues, many companies will likely be looking for ways to protect their sensitive data and themselves from breaches. Here’s what you need to know about becoming an information security analyst.

Information security analyst salary and job outlooks

According to the National Careers Service, information security analysts in the UK can expect to earn an average salary between £35,000 to £60,000, depending on experience [1]. This is similar to the median salary reported by Glassdoor, which is £43,077 as of April 2023 [2]. However, salaries may vary with factors such as location, job responsibilities, and company size. For example, the average salary for the same position in London is higher than the national average and is reported to be £50,299 [3].

What does an information security analyst do, exactly?

An information security analyst protects an organisation's computer networks, systems, and databases from cyber attacks and data breaches. 

An information security analyst’s job description might specifically include:

• Detecting, monitoring, and mediating various aspects of security—including physical security, software security, and network security

• Performing compliance control testing

• Developing recommendations and training programmes to minimize security risk in the company practices

• Being aware of evolving threats in cybersecurity space by communicating with external sources

• Collaborating with other teams and management within a company to implement best security 

• Developing reports for company partners and stakeholders

Information security analysts are needed in companies that keep sensitive data and information. This can include almost any field—including business, governance, technology, finance, energy, and many more.

Information security vs. cybersecurity

Information security and cybersecurity have significant overlap, and many use the terms interchangeably. However, there are some differences between the two. 

Cybersecurity refers more broadly to preventing cyber attacks that come from unauthorised electronic sources. Information security focuses on protecting the data and information of an organisation, employees, or users, which can exist in both physical and electronic forms. It also means making sure data is accessible to those who are authorised to use it.

How to become an information security analyst

You can take several paths to become an information security analyst. Ultimately, you’ll need to have certain skills. These include: 

• Computer security basics: This includes knowledge of firewalls, routers, and other security infrastructure, as well as an understanding of risk management frameworks. Some information security jobs might ask for ethical hacking or penetration testing experience.

• Familiarity with privacy laws: Information security analyst positions can call for familiarity with data privacy laws in your region. Working in specific sectors, like health care or finance, might also call for an understanding of those sector’s privacy laws.

• Communication and teamwork: Knowing where and how security threats happen, and responding to them once they do, means you’ll frequently be communicating with your team and other players. 

You can build out these skills through the following means:

• University degree: Typically, a university degree in computing, project management, business management, or information systems can provide a basis to learn relevant knowledge in the field. To gain a degree in one of these areas, you will need between 1 to 3 A levels, depending on whether you pursue a foundation degree or degree.

• College: With 4 to 5 GCSEs at grades 9 to 3 (including maths and English), you will likely be able to complete a T Level in Digital Support Services. After this, you can apply for a trainee IT security position with a company to build relevant skills and network within the field.

• Apprenticeship: Cyber technologist higher apprenticeships and cybersecurity technical professional degree apprenticeships are great ways to gain knowledge while practising and building technical skills. To enter one of these apprenticeships, you will typically need 4 or 5 GCSEs at grades 9 to 4. For a higher or degree apprenticeship, you may need A levels.

• IT certifications: Earning a cybersecurity certification can give you a solid knowledge base in security issues while also giving you the credentials to show employers your competency. Certifications in security or networks are a good place to start. 

Get started in information security

Being able to keep organisations safe from ill-intentioned players can make a career as an information security analyst rewarding. Start building job-ready skills with the Google IT Support Professional Certificate on Coursera. Learn essential IT skills that will help you to be job ready within six months or less. Topics include system administration, infrastructure services, and IT security.

If you're interested in cybersecurity, you can start learning in-demand skills with the Google Cybersecurity Professional Certificate on Coursera. Get hands-on experience with industry tools and examine real-world case studies, all at your own pace. Upon completion, you’ll have a certificate for your resume and be prepared to explore job titles like security analyst, SOC (security operations center) analyst, and more.