Application Guide

How to Apply for Information Security Analyst

at Environmental Resources Management

🏢 About Environmental Resources Management

Environmental Resources Management (ERM) is a global sustainability consultancy that helps organizations accelerate their transition to low-carbon futures and advance ESG priorities. Working here means contributing to meaningful environmental impact while ensuring the security of critical information assets in a remote-friendly culture.

About This Role

As an Information Security Analyst at ERM, you'll be the bridge between client security requirements and internal compliance, managing third-party risk assessments and ISO 27001 audits. Your work directly supports ERM's mission by safeguarding client data and enabling sustainable business practices through robust security governance.

💡 A Day in the Life

Your day might start with a client call to discuss a security contract review, followed by a vendor risk assessment using a GRC platform. After lunch, you could facilitate a business continuity tabletop exercise with internal teams, then wrap up by updating ISO 27001 documentation for an upcoming audit.

🚀 Application Tools

Generate Cover Letter

AI-powered, tailored for Environmental Resources Management

Interview Prep

Practice questions for this role

🎯 Who Environmental Resources Management Is Looking For

  • You have 3-4 years of hands-on experience in information security compliance, particularly with ISO 27001 audits and third-party risk management.
  • You possess strong verbal and written English communication skills, comfortable presenting security concepts to clients and writing technical reports.
  • You are proficient with GRC tools (e.g., risk management platforms, vendor assessment software) and can navigate contract reviews confidently.
  • You are adaptable to a remote work environment, self-motivated, and capable of managing multiple client-facing compliance requests simultaneously.

📝 Tips for Applying to Environmental Resources Management

1

Tailor your resume to highlight specific experience with ISO 27001 audits, business continuity exercises, and third-party risk assessments.

2

In your cover letter, mention ERM's sustainability focus and connect how your security work supports ESG goals.

3

Emphasize any experience you have with GRC tooling (e.g., ServiceNow, Archer, OneTrust) and client-facing compliance meetings.

4

Quantify your achievements, e.g., 'Reduced vendor risk by X% through implementing a third-party assessment program.'

5

Since the role is remote, demonstrate your ability to work independently with examples of managing projects across time zones.

✉️ What to Emphasize in Your Cover Letter

['Your experience with ISO 27001 compliance and audits, including specific examples of leading or supporting certification efforts.', 'Your ability to communicate complex security requirements to non-technical clients and stakeholders.', "Your understanding of ERM's mission and how information security enables sustainable business practices.", "Your hands-on use of GRC tools and how you've leveraged them to streamline compliance processes."]

Generate Cover Letter →

🔍 Research Before Applying

To stand out, make sure you've researched:

  • Review ERM's sustainability reports and understand their key ESG frameworks (e.g., TCFD, SASB).
  • Familiarize yourself with ERM's client base (energy, manufacturing, finance) to anticipate security concerns.
  • Check ERM's news page for recent acquisitions or partnerships that may impact security requirements.
  • Understand ERM's remote work culture and any tools they use for collaboration (e.g., Teams, Zoom, SharePoint).

💬 Prepare for These Interview Topics

Based on this role, you may be asked about:

1 Walk me through how you would conduct a third-party risk assessment for a new vendor.
2 Describe your experience with ISO 27001 internal audits and how you handled non-conformities.
3 How do you prioritize multiple client security requests with competing deadlines?
4 Can you give an example of a time you had to explain a technical security control to a non-technical client?
5 How would you approach developing a business continuity plan for a remote team?
Practice Interview Questions →

⚠️ Common Mistakes to Avoid

  • Not tailoring your resume to the specific requirements (e.g., omitting GRC tool experience when it's explicitly requested).
  • Focusing too much on technical security skills (e.g., penetration testing) rather than compliance and governance.
  • Failing to demonstrate client-facing communication skills in your application or interview responses.

📅 Application Timeline

This position is open until filled. However, we recommend applying as soon as possible as roles at mission-driven organizations tend to fill quickly.

Typical hiring timeline:

1

Application Review

1-2 weeks

2

Initial Screening

Phone call or written assessment

3

Interviews

1-2 rounds, usually virtual

Offer

Congratulations!

Ready to Apply?

Good luck with your application to Environmental Resources Management!

← Back to Job Listing Apply Now →