At a Glance
- Tasks: Support compliance programs and manage security standards to protect our clients.
- Company: Join a forward-thinking company focused on governance, risk, and compliance.
- Benefits: Competitive salary, flexible working hours, and opportunities for professional growth.
- Other info: Dynamic role with a focus on continuous improvement and career advancement.
- Why this job: Make a real impact in information security while collaborating with diverse teams.
- Qualifications: 3 years in information security, experience with compliance frameworks, and strong analytical skills.
The predicted salary is between 45000 - 55000 £ per year.
Requirements
- A minimum of 3 years of experience in an information security role.
- Proven experience in supporting and managing compliance efforts for ISO 27001, SOC 2, and PCI DSS.
- Strong skills in security metrics and reporting.
- Experience with audit processes and evidence collection.
- A proactive, organized, and detail-oriented approach to your work.
- Experience with GRC software is a plus.
- (Desirable) CompTIA Security+.
- (Desirable) Certified Information Systems Auditor (CISA).
- (Desirable) Certified in Risk and Information Systems Control (CRISC).
- (Desirable) Certified Information Systems Security Professional (CISSP).
What the job involves
- In this role you will be instrumental in helping us maintain and mature our governance, risk, and compliance program.
- You'll play a crucial part in ensuring our ongoing adherence to security standards and regulations, building a foundation of trust for our clients and stakeholders.
- This is a hands-on role, ideally suited to someone who can engage with stakeholders across our business.
- Compliance Management: Support the day-to-day management of our compliance programs, with a primary focus on ISO 27001, SOC 2, and PCI DSS/3DS.
- Audit Support: Act as a key liaison for internal and external auditors, helping to gather evidence, prepare for audits, and track the timely remediation of any findings.
- Risk Management: Participate in our risk assessment process, helping to identify, analyse, and document information security risks. You'll also assist in developing and monitoring risk treatment plans.
- Policy & Procedure Maintenance: Help to develop, update, and maintain our information security policies, standards, and procedures to ensure they are current, accurate, and aligned with compliance requirements.
- Evidence Collection & Review: Automate and streamline the collection of evidence for our various compliance frameworks to ensure audit readiness.
- Cross-Functional Collaboration: Work closely with our Engineering, Product and Security Operations teams to embed security controls into our processes and culture.
- Continuous Improvement: Identify opportunities to improve the effectiveness and efficiency of our GRC program and related processes.
Information Security Analyst (Engine by Starling, GRC) employer: Engine by Starling
At Engine by Starling, we pride ourselves on being an exceptional employer that fosters a collaborative and innovative work culture. Our commitment to employee growth is evident through continuous learning opportunities and a supportive environment where your contributions directly impact our governance, risk, and compliance initiatives. Located in a vibrant area, we offer competitive benefits and a chance to work alongside passionate professionals dedicated to maintaining the highest security standards.
StudySmarter Expert Advice🤫
We think this is how you could land Information Security Analyst (Engine by Starling, GRC)
✨Tip Number 1
Network like a pro! Reach out to folks in the industry, attend meetups, and connect with people on LinkedIn. You never know who might have the inside scoop on job openings or can put in a good word for you.
✨Tip Number 2
Prepare for interviews by researching the company and its culture. Understand their compliance needs and be ready to discuss how your experience aligns with their goals. Show them you’re not just another candidate, but the perfect fit!
✨Tip Number 3
Practice your responses to common interview questions, especially those related to compliance and risk management. Use the STAR method (Situation, Task, Action, Result) to structure your answers and highlight your achievements.
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, it shows you’re genuinely interested in joining our team at StudySmarter.
We think you need these skills to ace Information Security Analyst (Engine by Starling, GRC)
Some tips for your application 🫡
Tailor Your CV:Make sure your CV highlights your experience in information security, especially with ISO 27001, SOC 2, and PCI DSS. We want to see how your skills match the role, so don’t be shy about showcasing your relevant achievements!
Craft a Compelling Cover Letter:Your cover letter is your chance to shine! Use it to explain why you’re passionate about information security and how you can contribute to our GRC programme. Keep it engaging and personal – we love to see your personality come through.
Showcase Your Skills:Don’t forget to mention any experience with GRC software or certifications like CompTIA Security+ or CISSP. We’re looking for proactive and detail-oriented candidates, so highlight those traits in your application!
Apply Through Our Website:We encourage you to apply directly through our website. It’s the best way to ensure your application gets into the right hands. Plus, it shows us you’re keen on joining our team at StudySmarter!
How to prepare for a job interview at Engine by Starling
✨Know Your Compliance Standards
Make sure you brush up on ISO 27001, SOC 2, and PCI DSS before the interview. Be ready to discuss how you've supported compliance efforts in your previous roles, as this will show your understanding of the standards and your hands-on experience.
✨Showcase Your Audit Experience
Prepare specific examples of your involvement in audit processes. Talk about how you've gathered evidence, prepared for audits, and tracked remediation efforts. This will demonstrate your proactive approach and attention to detail, which are crucial for this role.
✨Highlight Your Risk Management Skills
Be ready to discuss your experience with risk assessments and how you've identified and documented information security risks. Share any risk treatment plans you've developed or monitored, as this will showcase your analytical skills and ability to contribute to the company's risk management efforts.
✨Emphasise Cross-Functional Collaboration
Since this role involves working closely with various teams, prepare to talk about your experience collaborating with different departments. Highlight how you've embedded security controls into processes and culture, as this will show your ability to engage stakeholders effectively.
