Role Overview
We are seeking an Information Security Analyst to join Orgvue’s Information Security & Data Protection team. This role is suited to someone with early to mid-level experience who is looking to broaden their exposure across security operations, compliance, and product security in a SaaS environment. You will play an active role in maintaining Orgvue’s security posture and certifications (ISO 27001, ISO 27018, SOC 2 Type II, CSA STAR), while supporting emerging areas such as AI governance and regulatory compliance. The role reports to the VP of Information Security & Data Protection, with day-to-day direction and mentorship provided by the Senior Information Security Analyst.
Responsibilities
Security Operations & Risk Management
* Monitor security events and alerts, investigating and escalating as appropriate
* Support incident response activities, including analysis, documentation, and follow-up actions
* Contribute to the continuous improvement of monitoring and detection capabilities
Vulnerability & Risk Management
* Support and help operate the vulnerability management programme across application and infrastructure environments
* Track remediation activities with engineering and infrastructure teams
* Assist with internal risk assessments and supplier/vendor security reviews
Compliance & ISMS
* Support the operation and continuous improvement of the Information Security Management System (ISMS)
* Contribute to maintaining compliance with ISO 27001, ISO 27018, SOC 2 Type II, and CSA STAR
* Assist with audit preparation, evidence collection, and internal audit activities
* Produce and maintain security metrics and reporting
Product & Engineering Security
* Work with engineering teams to embed security practices into DevOps processes and CI/CD pipelines
* Support secure development practices aligned to OWASP principles
* Assist in remediation of penetration testing findings and security assessments
* Contribute to security reviews of application and infrastructure changes
Customer Trust & External Engagement
* Support responses to customer security questionnaires, RFPs, and due diligence requests
* Assist in maintaining customer-facing security documentation and Trust Center content
* Help articulate Orgvue’s security controls and practices to non-technical audiences
Data Protection & AI Governance
* Support data protection activities aligned with GDPR and global privacy requirements
* Contribute to responsible AI practices, including documentation, transparency, and risk considerations
* Assist in identifying and managing risks related to data usage and analytics features
Security Awareness & Culture
* Support delivery of security awareness and training programmes
* Help promote a strong security culture across the organisation
Core Knowledge
* Goodunderstanding of ISO 27001 / ISO 27002 and practical ISMS implementation
* Familiarity with SOC 2, CSA STAR, and common control frameworks
* Good knowledge of cloud security (AWS and/or Azure)
* Understanding of identity and access management, encryption, logging/monitoring, and least privilege principles
* Awareness of modern SaaS security risks (e.g. multi-tenancy, data isolation, API security)
Technical & Engineering Alignment
* Familiarity with secure software development and OWASP Top 10
* Understanding of DevOps, CI/CD pipelines, and infrastructure-as-code environments
* Experience working with vulnerability management, scanning tools, or SIEM platforms (e.g. Datadog or equivalent)
Risk, Compliance & Assurance
* Experience supporting audits or compliance programmes (ISO 27001, SOC 2, etc.)
* Experience conducting risk assessments and control evaluations
* Ability to translate technical controls into clear, customer-facing language
Desirable
* Exposure to AI governance, data ethics, or emerging AI regulatory requirements
* Experience with Trust Centers or customer assurance functions
* Cloud certifications (AWS / Azure)
Experience
* 2–4 years’ experience in an information security or related role
* Experience in a SaaS or cloud-first environment preferred
* Experience working cross-functionally with engineering and product teams
* Exposure to customer-facing security or compliance activities is highly valuable
* Hybrid working – 2 days a week in the London office
* Wellbeing: Sanctus Coaching, Virtual fitness sessions, Wellbeing webinars, Annual Wellbeing day
* Subsidised Gym Membership
* Private Medical Insurance (including Dental and Vision) and Life Assurance
* 25 days holiday (increasing to 30 days at a rate of 1 extra day per year)
* Employer pension contribution of 5% of your gross salary, if you contribute a minimum of 3%
* Season ticket Loan
* Cycle to Work Scheme
* Annual Discretionary Bonus
Benefits
* Hybrid working – 2 days a week in the London office
* Wellbeing: Sanctus Coaching, Virtual fitness sessions, Wellbeing webinars, Annual Wellbeing day
* Subsidised Gym Membership
* Private Medical Insurance (including Dental and Vision) and Life Assurance
* 25 days holiday (increasing to 30 days at a rate of 1 extra day per year)
* Employer pension contribution of 5% of your gross salary, if you contribute a minimum of 3%
* Season ticket Loan
* Cycle to Work Scheme
* Annual Discretionary Bonus
J-18808-Ljbffr