At a Glance
- Tasks: Support compliance efforts for ISO 27001, SOC 2, and PCI DSS while engaging with stakeholders.
- Company: Join a forward-thinking company dedicated to security and compliance excellence.
- Benefits: Competitive salary, flexible working options, and opportunities for professional growth.
- Other info: Dynamic role with opportunities for continuous improvement and cross-functional collaboration.
- Why this job: Make a real impact in security and compliance, building trust with clients and stakeholders.
- Qualifications: 3+ years in information security, with experience in compliance management and audit processes.
The predicted salary is between 45000 - 55000 £ per year.
Requirements
- A minimum of 3 years of experience in an information security role.
- Proven experience in supporting and managing compliance efforts for ISO 27001, SOC 2, and PCI DSS.
- Strong skills in security metrics and reporting.
- Experience with audit processes and evidence collection.
- A proactive, organized, and detail-oriented approach to your work.
- Experience with GRC software is a plus.
- (Desirable) CompTIA Security+.
- (Desirable) Certified Information Systems Auditor (CISA).
- (Desirable) Certified in Risk and Information Systems Control (CRISC).
- (Desirable) Certified Information Systems Security Professional (CISSP).
What the job involves
- In this role you will be instrumental in helping us maintain and mature our governance, risk, and compliance program.
- You'll play a crucial part in ensuring our ongoing adherence to security standards and regulations, building a foundation of trust for our clients and stakeholders.
- This is a hands-on role, ideally suited to someone who can engage with stakeholders across our business.
- Compliance Management: Support the day-to-day management of our compliance programs, with a primary focus on ISO 27001, SOC 2, and PCI DSS/3DS.
- Audit Support: Act as a key liaison for internal and external auditors, helping to gather evidence, prepare for audits, and track the timely remediation of any findings.
- Risk Management: Participate in our risk assessment process, helping to identify, analyse, and document information security risks. You'll also assist in developing and monitoring risk treatment plans.
- Policy & Procedure Maintenance: Help to develop, update, and maintain our information security policies, standards, and procedures to ensure they are current, accurate, and aligned with compliance requirements.
- Evidence Collection & Review: Automate and streamline the collection of evidence for our various compliance frameworks to ensure audit readiness.
- Cross-Functional Collaboration: Work closely with our Engineering, Product and Security Operations teams to embed security controls into our processes and culture.
- Continuous Improvement: Identify opportunities to improve the effectiveness and efficiency of our GRC program and related processes.
Security & Compliance Analyst (ISO27001, SOC 2, PCI DSS) employer: Engine by Starling
As a Security & Compliance Analyst, you will thrive in a dynamic work environment that prioritises employee growth and development. Our company fosters a collaborative culture where your contributions are valued, and you will have access to ongoing training and certification opportunities, ensuring you stay at the forefront of industry standards. Located in a vibrant area, we offer a supportive atmosphere that encourages innovation and teamwork, making us an exceptional employer for those seeking meaningful and rewarding careers.
StudySmarter Expert Advice🤫
We think this is how you could land Security & Compliance Analyst (ISO27001, SOC 2, PCI DSS)
✨Tip Number 1
Network like a pro! Reach out to folks in the industry on LinkedIn or at events. A friendly chat can lead to opportunities that aren’t even advertised yet.
✨Tip Number 2
Show off your skills! Prepare a portfolio or case studies that highlight your experience with ISO 27001, SOC 2, and PCI DSS. This will give you an edge during interviews.
✨Tip Number 3
Practice makes perfect! Do mock interviews with friends or use online platforms. Get comfortable talking about your experience and how it relates to the role.
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, we love seeing candidates who are proactive!
We think you need these skills to ace Security & Compliance Analyst (ISO27001, SOC 2, PCI DSS)
Some tips for your application 🫡
Tailor Your CV:Make sure your CV highlights your experience with ISO 27001, SOC 2, and PCI DSS. We want to see how your skills match the role, so don’t be shy about showcasing your relevant achievements!
Craft a Compelling Cover Letter:Your cover letter is your chance to shine! Use it to explain why you’re passionate about security and compliance, and how your proactive approach can help us maintain our governance programme.
Showcase Your Skills:Don’t forget to mention any experience with GRC software or certifications like CompTIA Security+ or CISA. We love seeing candidates who are keen on continuous improvement and professional development!
Apply Through Our Website:We encourage you to apply directly through our website. It’s the best way for us to receive your application and ensures you’re considered for the role. Plus, it shows you’re serious about joining our team!
How to prepare for a job interview at Engine by Starling
✨Know Your Compliance Frameworks
Make sure you brush up on ISO 27001, SOC 2, and PCI DSS before the interview. Be ready to discuss your experience with these frameworks and how you've supported compliance efforts in the past. This shows that you’re not just familiar with the terms but have practical knowledge.
✨Showcase Your Audit Experience
Prepare specific examples of your involvement in audit processes. Talk about how you gathered evidence, prepared for audits, and addressed findings. This will demonstrate your hands-on experience and ability to work with auditors effectively.
✨Highlight Your Risk Management Skills
Be ready to discuss your approach to risk assessment and management. Share examples of how you've identified and documented security risks, and how you’ve contributed to developing risk treatment plans. This will show your proactive and detail-oriented nature.
✨Emphasise Cross-Functional Collaboration
Since this role involves working closely with various teams, prepare to talk about your experience collaborating with different departments. Highlight any successful projects where you embedded security controls into processes, showcasing your ability to engage stakeholders across the business.
