Senior Information Security and Compliance Analyst in London

Marcura is a global leader in digital solutions for the maritime industry, providing software and services that help shipowners, operators, and maritime professionals streamline operations, reduce costs, and stay compliant. With a strong focus on innovation, data integrity, and security, Marcura’s products support critical workflows such as port cost management, payments, and data intelligence. The company is committed to maintaining robust information security practices to protect sensitive financial and operational data, ensuring trust, resilience, and compliance across its global platform.

We’re searching for a Senior Information Security and Compliance Analyst to join our crew. As our ideal candidate, you will interact with multiple stakeholders within the organization and contribute innovative solutions for security programs and continuous monitoring capabilities. You will also be responsible for the ongoing management of information security policies, procedures, and technical systems in order to maintain the confidentiality, integrity, and availability of all organizational information systems.

What You’ll Do:

• Lead in the development/adoption and enforcement of Information Security policies, procedures and standards.
• Conduct and complete an annual review of required PCI, SOC2 regulations and reports.
• Ensure compliance through adequate training programs and periodic security audits, both internal and external.
• Execute and manage vulnerability scanning programs, analyse scan results in depth, prioritise risks based on exploitability and business impact, and work directly with engineering teams to remediate findings.
• Integrate security into the software development lifecycle by performing code reviews, supporting secure coding practices, and implementing automated security testing tools such as SAST and dependency scanning.
• Assess third-party systems and integrations from a technical security perspective, identifying risks in APIs, data flows, and external dependencies.
• Conduct detailed risk assessments, threat modelling exercises, and security architecture reviews for new and existing systems, providing actionable recommendations and technical guidance.
• Develop, implement, and tune detection rules and use cases within security monitoring platforms to improve visibility and reduce false positives.
• Maintain the Company’s Security Policies, detailing mechanisms and controls including:
• Administrative: Risk analysis and management, documentation management and controls, information access controls and sanctions for failure to comply.
• Personnel Security: Personnel only have access to sensitive information for which they have appropriate authority and clearance.
• Physical Safeguards: Assign security responsibilities, control access to media and the controls in place against unauthorised access to workstations and related equipment.
• Technical Security: Set the access and authorisation controls for everyday operations as well as emergency procedures for data.
• Transmission security: Set the standards for access controls, audit trails, event reporting, encryption and integrity controls.
• Take on other tasks and duties as assigned.

Qualifications:

• Bachelor’s degree in a related field.
• 5+ years’ experience working in information security.
• Experience working in a global, distributed environment is a plus.
• Strong understanding of security frameworks and standards (e.g., ISO 27001, NIST, SOC 2).
• Understanding of other technology sub-areas, i.e., server administration, server security, testing and implementation processes and procedures.
• Strong skill in problem solving to identify, communicate, and implement action when needed.
• 2+ years of experience using vulnerability assessment tools, analysing and interpreting assessment results.
• 3+ years of experience with strong understanding of infrastructure technologies and functionalities both on-premises and cloud (e.g., firewalls, Windows/Linux servers, Active Directory, Azure, AWS, GCP).

We’ll give you extra credit for:

• CISSP Certification.
• Experience working in a highly regulated environment.

What You’ll Gain:

• Exposure to strategic, monetisation, and commercial product development.
• Mentorship from experienced product and growth leaders.
• The opportunity to see the full product lifecycle, from discovery to revenue impact.
• The chance to make a measurable impact on business and customer KPIs.