Information Security Analyst (GRC) – Engine by Starling
Starling Manchester, England, United Kingdom
Engine by Starling is a rapid‑growth SaaS business powering banks worldwide. We’re building technology that transforms banking across markets and are looking for an Information Security Analyst to mature our governance, risk, and compliance (GRC) program.
Hybrid Working
We prefer candidates located within a commutable distance of one of our offices so that we can collaborate in person. Hybrid work arrangements are encouraged.
About The Role
You will play a key role in maintaining and maturing our GRC program, ensuring ongoing adherence to security standards and regulations. This hands‑on position is ideal for someone who can engage stakeholders across the business.
What you’ll get to do
* Compliance Management – support day‑to‑day management of ISO 27001, SOC 2, and PCI DSS/3DS programs.
* Audit Support – act as a liaison for internal and external auditors, gather evidence, prepare for audits, and track remediation of findings.
* Risk Management – participate in risk assessment, identify, analyse, and document information security risks, and develop treatment plans.
* Policy & Procedure Maintenance – develop, update, and maintain information security policies, standards, and procedures.
* Evidence Collection & Review – automate and streamline evidence collection for compliance frameworks.
* Cross‑Functional Collaboration – embed security controls into engineering, product, and security operations processes.
* Continuous Improvement – identify opportunities to improve GRC effectiveness and efficiency.
Requirements
Essential
* Minimum of 3 years in an information security role.
* Proven experience managing ISO 27001, SOC 2, and PCI DSS compliance.
* Strong skills in security metrics and reporting.
* Experience with audit processes and evidence collection.
* Proactive, organized, and detail‑oriented approach.
* Experience with GRC software is a plus.
Desired Qualifications
* CompTIA Security+
* Certified Information Systems Auditor (CISA)
* Certified in Risk and Information Systems Control (CRISC)
* Certified Information Systems Security Professional (CISSP)
Interviewing Process
* Stage 1 – 45 min with BISO.
* Stage 2 – 60 min with Team Members.
* Stage 3 – Final with CTO.
Benefits
* 33 days holiday (including public holidays).
* Extra holiday on birthday.
* Annual leave increased with length of service; up to five extra days available.
* 16 hours paid volunteering per year.
* Salary sacrifice, company‑enhanced pension scheme.
* Life insurance 4× salary & group income protection.
* Private medical insurance with VitalityHealth, mental health support and cancer care; partner discounts.
* Generous family‑friendly policies.
* Referral‑based incentive scheme.
* Perkbox membership – retail discounts, wellness platform, weekly perks.
* Cycle to Work, salary‑sacrifice gym partnerships and electric vehicle leasing.
About Us
Engine by Starling is an equal‑opportunity employer committed to diversity and inclusion. We welcome people of all backgrounds to join our mission to radically reshape banking. All applicants are considered without regard to protected characteristics under applicable law.
By submitting your application you consent to the processing of personal data for recruiting purposes in accordance with our Privacy Notice.
#J-18808-Ljbffr