Company Description:
At Quorum Cyber, we're on a mission to help good people win. Founded in Edinburgh in 2016, we're one of the fastest growing cyber security companies in the UK and North America, serving over 400 customers on four continents.
We protect organisations against the rising threat of cyber-attacks, enabling them to thrive in an increasingly unpredictable and inhospitable digital landscape.
As a Microsoft-only security house, a Microsoft Solutions Partner for Security, a member of the Microsoft Intelligent Security Association (MISA), and winner of the Microsoft Security MSSP of the Year 2025 award, we offer a unified security ecosystem comprised of innovative services, all delivered through our customer platform, Clarity.
In September 2024, Quorum Cyber acquired Canada-based, Microsoft Solutions Partner for Security, Difenda. This was closely followed in December 2024 by the acquisition of US-based, Kivu Consulting, a global cyber security firm with world-leading incident response capabilities.
As we continue to grow, we are looking for a detail-oriented and proactive Information Security Analyst to join our Governance, Risk & Compliance (GRC) team.
Role Purpose:
As an Information Security Analyst, you will act as a digital guardian for Quorum Cyber - protecting our information assets, supporting compliance across multiple frameworks, and ensuring our security controls remain effective and audit-ready.
Working within our GRC team, you will combine strategic thinking with hands-on delivery. You will translate complex security and compliance requirements into practical business solutions, working collaboratively across the organisation to strengthen our security posture.
This is an excellent opportunity for someone who enjoys governance, risk, compliance, audit readiness, and being a trusted advisor across the business.
What I Do Is:
* Maintain and support the internal audit schedule across all required frameworks using our GRC platform and planning tools
* Assist with external audits and support remediation planning and implementation
* Review, update and validate policies, procedures, and documentation to ensure alignment with regulatory and framework requirements
* Act as a trusted point of contact for reported issues, incidents, or concerns, ensuring due process is followed
* Maintain the data incident reporting log and ensure thorough investigation and resolution
* Manage Third-Party Risk Management (TPRM) processes and vendor assurance records, performing risk assessments to highlight potential business risks
* Support the internal vulnerability management lifecycle, monitoring tools and reporting on KPIs
* Respond to compliance-related queries and provide guidance on frameworks, certifications, and best practice
* Deliver security awareness training in line with company programmes
* Stay informed on emerging technologies, threat trends, and legislative changes affecting data protection
The Skills I Need Are:
* Experience working with Microsoft security tools
* Strong technical understanding of Microsoft environments
* Solid understanding of security principles, best practices, and risk management
* Knowledge of operating systems, networking, and cloud computing
* Understanding of compliance and regulatory frameworks such as GDPR, ISO 27001, SOC 2, NIST
* Excellent written and verbal communication skills
* Ability to explain technical information to both technical and non-technical audiences
* Strong attention to detail and organisational skills
* Effective time management across daily tasks and annual audit cycles
* Technical curiosity and interest in emerging technologies and threats
* Adaptable and comfortable with changing priorities
* Collaborative team player who enjoys working cross-functionally
I Know I Have Done A Great Job If:
* Documentation is accurate, up to date, and audit-ready at all times
* Evidence is readily available for internal and external audits
* Information security KPIs are measured, tracked, and reported effectively
* Systems and processes are continually improved through collaboration
* Colleagues receive clear, practical guidance that helps them work more securely and efficiently
* You build strong internal relationships and enhance the visibility of Information Security across Quorum Cyber
Other Information:
You will get an excellent salary, with world class benefits.
As leading-edge technology company you will have access to the latest technology, and an environment that will encourage and nurture your curiosity. We are passionate about your development, and you will be empowered to advance your skills and expertise.
Our Commitment to Equality & Diversity:
"Our diversity is a huge part of our success, and collecting data during the hiring process helps us understand how to keep strengthening and supporting that diversity."
We are an equal opportunity employer. We are committed to fostering an inclusive, accessible, and equitable workplace where all qualified applicants receive fair consideration. We do not discriminate on the basis of race, national or ethnic origin, colour, religion, age, sex, sexual orientation, gender identity or expression, marital status, family status, disability, or any other characteristic protected under applicable federal, provincial, or territorial human rights legislation.
The information requested below is collected to help us meet our employment equity and reporting obligations, and to support our ongoing diversity and inclusion initiatives. Providing this information is entirely voluntary. It will not be shared with hiring managers and will not be used in any hiring decision. Declining to provide this information will not affect your application in any way.