InfoSec Analyst in London

Who are we? We are a female-founded scale-up, currently made up of around 100 AltoVitians. Our fully-remote team hails from 26 different countries and collectively speaks 29 languages. Most of the time, it is our differences that are celebrated (whether they are in cultures, personalities, preferences or passions). However, despite those differences, there are a few principal attributes that we share which define an AltoVitian. AltoVitians are tenacious, humble, and thoughtful. Being humble is important because it enables us to keep learning every day, and tenacity is necessary because in a high performing environment as fast-paced as AltoVita, taking it slow is simply not an option! Today is a particularly exciting time to join our team, we closed our Series A financing round in late 2022 and will be starting the Series B rounds in the coming year. This next chapter won’t always be a smooth ride, but it will be filled with innovation, excitement and opportunities, so if you are ready for the challenge (and the fun!) of growing with us, we would love to hear from you.

What we do AltoVita is a multi-award winning accommodation platform that enables enterprises to consolidate accommodation programmes through the power of proprietary technology paired with a human centric approach. AltoVita’s unique offering sets us apart in the market, providing a network of 10 million+ verified and vetted properties that are all duty of care compliant, backed by a four-tier quality control process; located in over 35,000 cities & 165 countries worldwide. With our award-winning enterprise software and human-centric approach, we deliver smart and sustainable solutions to global talent mobility & business travel managers worldwide. Our Client Development team plays a vital role as trusted advisors and partners to our clients. Embodying our consultative philosophy, this dedicated team proactively shares new market insights, analyses data, and empowers our clients with the tools and knowledge to make informed decisions, ensuring our clients are always equipped to make the best choices for their corporate housing needs.

Key Responsibilities

• Security and Privacy Operations Support the day-to-day operation of AltoVita’s information security and privacy activities as well as the mindset transformation. Responsibilities include:
• Supporting the maintenance of security, privacy and compliance documentation.
• Assisting with tracking security and privacy actions, control improvements and remediation activities.
• Helping maintain registers such as risks, issues, actions, policies, vendors, assets, data processing activities and control evidence.
• Coordinating updates between internal teams to ensure agreed actions are progressed.
• Supporting the preparation of security and privacy reports, summaries and updates for internal stakeholders.
• Helping ensure security and privacy activities are documented, repeatable and easy to evidence.
• Escalating risks, issues or delays to the CISO or relevant business owner.
• Compliance and Audit Support Assist with internal and external compliance activities, including ISO 27001, SOC 2, GDPR and client assurance requirements. Responsibilities include:
• Supporting evidence gathering for audits, assessments and control reviews.
• Helping maintain audit trackers, evidence folders and compliance records.
• Coordinating with internal teams to obtain required documentation and control evidence.
• Supporting follow-up actions from audits, assessments or client reviews.
• Assisting with the maintenance of policies, procedures and standards.
• Helping ensure compliance activities are well organised and delivered within agreed timelines.
• Supporting the CISO and relevant control owners with audit preparation and remediation tracking.
• Policy and Documentation Support Help maintain clear, practical and accessible security and privacy documentation. Responsibilities include:
• Supporting the review and update of information security and privacy policies.
• Assisting with the creation of standards, procedures, guidance notes and user-facing materials.
• Helping ensure documents are version controlled, approved and communicated appropriately.
• Maintaining policy review schedules and tracking required updates.
• Drafting practical guidance for employees on security and privacy topics.
• Supporting the communication of policy changes across the business.
• Helping ensure documentation is accurate, consistent and aligned to business processes.
• Security Awareness and Culture Support the delivery of security and privacy awareness activities across AltoVita. Responsibilities include:
• Carry out security and privacy training administration and responsible for ensuring 100% completion rates across the business.
• Supporting the development of awareness content, reminders, newsletters, FAQs and guidance.
• Helping coordinate phishing simulations and follow-up communications.
• Tracking training completion and awareness participation.
• Supporting campaigns that promote secure behaviours and good privacy practices.
• Helping make security and privacy feel practical, accessible and enabling.
• Escalating recurring behavioural or process issues to the CISO or relevant business owner.
• Privacy Support Support AltoVita’s privacy activities under the direction of the relevant privacy, legal or security lead. Responsibilities include:
• Assisting with the maintenance of privacy records, including data processing registers and related documentation.
• Supporting the tracking of privacy actions, assessments and improvement activities.
• Helping gather information for privacy reviews, data mapping or data protection impact assessments.
• Supporting internal teams with practical privacy guidance, escalating complex matters where needed.
• Assisting with record keeping for data subject requests, incidents or privacy enquiries.
• Helping ensure privacy documentation remains organised, accurate and accessible.
• Client Assurance and Security Questionnaires Support the completion of client security and privacy questionnaires, RFP responses and due diligence requests. Responsibilities include:
• Assisting with the preparation of responses to client security and privacy questions.
• Maintaining a library of approved answers, evidence and supporting materials.
• Coordinating with internal subject matter experts to obtain accurate information.
• Ensuring responses are consistent with AltoVita’s current controls, policies and practices.
• Helping translate technical or compliance information into clear, client-friendly language.
• Tracking open client assurance requests and supporting timely completion.
• Escalating complex, high-risk or contractual questions to the CISO, Legal or relevant business owner.
• Supplier and Third-Party Support Support supplier security and privacy processes under the direction of the CISO or relevant business owner. Responsibilities include:
• Assisting with supplier due diligence questionnaires and evidence collection.
• Helping maintain supplier records, risk ratings and review schedules.
• Tracking supplier security or privacy actions.
• Supporting periodic reviews of key suppliers.
• Helping ensure supplier documentation is complete and up to date.
• Escalating potential supplier risks or concerns to the appropriate owner.
• Incident and Risk Support Support security, privacy and operational risk processes by helping with coordination, documentation and follow-up. Responsibilities include:
• Supporting the logging and tracking of security or privacy incidents.
• Helping gather relevant information during incident reviews.
• Maintaining incident notes, timelines and action trackers.
• Supporting post-incident follow-up and lessons learned activities.
• Assisting with risk register updates and remediation tracking.
• Escalating suspected incidents or risks promptly to the CISO or relevant lead.
• Supporting the documentation of controls, gaps and agreed improvements.
• IT and Access Control Support Assist with security-related IT and access control activities where required. Responsibilities include:
• Day to day execution of access controls.
• Supporting access review processes by gathering user access information.
• Helping track joiner, mover and leaver control activities.
• Supporting evidence collection for account provisioning, deprovisioning and access approvals.
• Assisting with documentation of access control processes.
• Helping monitor completion of agreed access management actions.
• Oversight and support on internal reviews of security tooling usage, adoption and documentation.
• Escalating access control issues or gaps to IT, system owners or the CISO.

Profile The successful candidate will be someone who:

• Takes ownership of tasks and follows through.
• Communicates clearly and professionally.
• Can organise information, actions and evidence in a structured way.
• Is comfortable working with different teams across the business.
• Has strong attention to detail.
• Can explain security and privacy topics in simple, practical terms.
• Is curious and willing to learn.
• Understands when to escalate issues.
• Brings a pragmatic and positive approach.
• Is comfortable operating in a fast-moving scale-up environment.
• Wants to help build a strong security and privacy culture.

Essential Skills and Experience

• Experience in information security, privacy, compliance, IT, risk, audit, operations or a related field.
• Working knowledge of information security and privacy principles.
• Awareness of GDPR, ISO 27001, SOC 2 or similar frameworks.
• Ability to maintain trackers, registers, documentation and evidence records.
• Strong written and verbal communication skills.
• Ability to write clear guidance, summaries and user-facing content.
• Strong organisational skills and attention to detail.
• Ability to manage multiple tasks and deadlines.
• Confidence working with stakeholders across different business functions.
• Practical problem-solving approach.
• Comfortable using collaboration tools, document repositories and workflow trackers.

Desirable Skills and Experience

• Exposure to ISO 27001, SOC 2, GDPR or other compliance environments.
• Experience supporting audits, assessments or evidence collection.
• Familiarity with security awareness or training activities.
• Experience supporting client security questionnaires or RFP responses.
• Exposure to vendor risk management or supplier due diligence.
• Familiarity with GRC tools or compliance platforms.
• Basic understanding of access management, MFA, endpoint protection and cloud security principles.
• Relevant certification or willingness to work towards one, such as: ISO 27001 Foundation, CompTIA Security+, CIPP/E, CIPM, ITIL Foundation, SOC 2 or audit-related training.

What Success Looks Like

• First 90 Days Within the first 90 days, the Information Security Analyst will have:
• Built strong working relationships with the CISO and key internal teams.
• Understood AltoVita’s core security, privacy and compliance activities.
• Reviewed existing policies, registers, trackers and evidence repositories.
• Supported current audit, compliance or client assurance activities.
• Helped organise key documentation and improve visibility of open actions.
• Identified areas where tracking, evidence or documentation can be improved.
• Started supporting awareness, access review or supplier assurance activities.

• First 6 Months Within 6 months, the Information Security Analyst will have:
• Helped improve the structure and consistency of security and privacy documentation.
• Supported audit and compliance evidence collection in a timely and organised way.
• Maintained clear action trackers for control improvements and remediation activities.
• Helped improve security and privacy awareness materials.
• Supported client assurance responses with accurate and reusable content.
• Assisted with supplier due diligence and access review activities.
• Improved the quality and availability of evidence for security and privacy controls.
• Become a trusted support point for internal security and privacy coordination.

• First 12 Months Within 12 months, the Information Security and Privacy Analyst will have helped AltoVita operate a more structured, scalable and measurable security and privacy function. Success will be demonstrated through:
• Better organised security and privacy records.
• Improved evidence readiness for audits and client assurance.
• Clearer policy and procedure documentation.
• More consistent tracking of risks, actions and remediation activities.
• Improved support for privacy records and data protection activities.
• Stronger internal awareness of security and privacy responsibilities.
• Faster and more consistent support for client security questionnaires.
• Better visibility of supplier assurance and access review activities.
• A more mature, well-documented and business-friendly security and privacy operating model.

Critically, success is measured, not assumed. Training completion rates, adoption metrics and observable behavioural shifts are tracked and reported alongside documentation and roadmap delivery. Changing mindsets requires evidence and this role owns that shift and evidence.