InfoSec Governance & Delivery Lead (Hybrid)

The role is 4 days in the office and 1 day working from anywhere. As an Information Security Analyst, you will sit at the point where technology, delivery, and governance meet – embedding pragmatic security assurance into vendor selection, SaaS adoption, and project delivery. Your job is to make sure security risks are identified early, articulated clearly, and driven through to real, implemented controls. This is a hands-on, delivery-focused role. You will work closely with engineers, delivery teams, IT operations, and business owners to ensure security commitments translate into action – not just documents.

If you are technically credible, comfortable challenging designs constructively, and prefer practical outcomes over theoretical risk language, this role is built for you.

What you’ll be doing:

• Vendor & SaaS Security Assurance
• Identity and access controls
• Data protection
• Hosting environments
• Vulnerability management
• Incident response

Translate technical findings into clear risk statements, practical mitigations, and informed acceptance options, maintaining evidence suitable for investor, audit, and assurance review.

Secure Project Delivery:

• Secrets management and credential handling
• Access lifecycle and permissions
• Key rotation and logging expectations

You will engage early in projects and technical change, shaping security before designs are finalised. You will work pragmatically with delivery teams (including those using tools like Azure DevOps), integrating security into delivery plans – not adding friction at the end.

Operational Risk Follow-Through:

• Tracking remediation actions
• Following up on overdue items
• Escalating issues with evidence, impact, and clear options – not abstract theory

Risk & Governance Support:

• Maintain a decision-focused risk register, ensuring it reflects real control posture and delivery reality.
• Prepare concise risk summaries and evidence packs for senior decision-makers and contribute to improving governance processes where they genuinely help clarity, accountability, and delivery.

Why this role is different:

• Not policy-only
• Not compliance-led
• Focused on real delivery, real controls, and real outcomes

Requirements:

Essential experience:

• Hands-on experience in information security roles spanning technical and assurance responsibilities
• Experience assessing vendors, SaaS platforms, or third parties
• Strong understanding of:
• Cloud and SaaS security
• Identity and access management
• Secrets management and key rotation
• Vulnerability management
• Comfortable working with engineers and delivery teams
• Able to communicate risk clearly, pragmatically, and credibly

Desirable:

• Experience supporting investor-led, audit, or assurance requirements
• Familiarity with modern delivery tooling (e.g. Azure DevOps)
• Exposure to secure design or architecture reviews
• Comfortable in fast-moving environments with low tolerance for heavy process

Benefits:

At Fora, we believe work should enhance your life – not compete with it. Our benefits support your wellbeing, fuel your ambitions, and give you the freedom to live and work your way.

• Work Your Way: Core working hours with flexibility – because life doesn’t run 9-5. Two weeks ‘Work from Anywhere’ – swap your desk for a beach, a mountain, or anywhere that inspires you.
• Time to Rest & Recharge: 28 days’ annual leave + bank holidays. Your birthday off – celebrate you. Buy additional annual leave to create even more time for what matters.
• Wellbeing & Security: 5% matched pension scheme – supporting your future. Life assurance for peace of mind. Discounted gym membership to keep you feeling your best. Health cash plan – supporting day-to-day medical expenses. Mental wellbeing support – confidential in-person or online therapy sessions.
• Smarter, Greener Commuting: Cycle to Work Scheme. Season Ticket Loan to make your journey easier and more affordable.
• Perks That Make You Smile: 25% off at Fora cafés – your morning coffee just got better. 2 volunteer days/year.