Find a job
Information Security Analyst
Apply Now
Job Board
Companies
Orgvue Limited

Information Security Analyst

Full-Time No home office possible
Apply Now
Orgvue Limited

Role Overview

We are seeking an Information Security Analyst to join Orgvue’s Information Security & Data Protection team. This role is suited to someone with early to mid-level experience who is looking to broaden their exposure across security operations, compliance, and product security in a SaaS environment. You will play an active role in maintaining Orgvue’s security posture and certifications (ISO 27001, ISO 27018, SOC 2 Type II, CSA STAR), while supporting emerging areas such as AI governance and regulatory compliance. The role reports to the VP of Information Security & Data Protection, with day-to-day direction and mentorship provided by the Senior Information Security Analyst.

Responsibilities

Security Operations & Risk Management

  • Monitor security events and alerts, investigating and escalating as appropriate
  • Support incident response activities, including analysis, documentation, and follow-up actions
  • Contribute to the continuous improvement of monitoring and detection capabilities

Vulnerability & Risk Management

  • Support and help operate the vulnerability management programme across application and infrastructure environments
  • Track remediation activities with engineering and infrastructure teams
  • Assist with internal risk assessments and supplier/vendor security reviews

Compliance & ISMS

  • Support the operation and continuous improvement of the Information Security Management System (ISMS)
  • Contribute to maintaining compliance with ISO 27001, ISO 27018, SOC 2 Type II, and CSA STAR
  • Assist with audit preparation, evidence collection, and internal audit activities
  • Produce and maintain security metrics and reporting

Product & Engineering Security

  • Work with engineering teams to embed security practices into DevOps processes and CI/CD pipelines
  • Support secure development practices aligned to OWASP principles
  • Assist in remediation of penetration testing findings and security assessments
  • Contribute to security reviews of application and infrastructure changes

Customer Trust & External Engagement

  • Support responses to customer security questionnaires, RFPs, and due diligence requests
  • Assist in maintaining customer-facing security documentation and Trust Center content
  • Help articulate Orgvue’s security controls and practices to non-technical audiences

Data Protection & AI Governance

  • Support data protection activities aligned with GDPR and global privacy requirements
  • Contribute to responsible AI practices, including documentation, transparency, and risk considerations
  • Assist in identifying and managing risks related to data usage and analytics features

Security Awareness & Culture

  • Support delivery of security awareness and training programmes
  • Help promote a strong security culture across the organisation

Core Knowledge

  • Goodunderstanding of ISO 27001 / ISO 27002 and practical ISMS implementation
  • Familiarity with SOC 2, CSA STAR, and common control frameworks
  • Good knowledge of cloud security (AWS and/or Azure)
  • Understanding of identity and access management, encryption, logging/monitoring, and least privilege principles
  • Awareness of modern SaaS security risks (e.g. multi-tenancy, data isolation, API security)

Technical & Engineering Alignment

  • Familiarity with secure software development and OWASP Top 10
  • Understanding of DevOps, CI/CD pipelines, and infrastructure-as-code environments
  • Experience working with vulnerability management, scanning tools, or SIEM platforms (e.g. Datadog or equivalent)

Risk, Compliance & Assurance

  • Experience supporting audits or compliance programmes (ISO 27001, SOC 2, etc.)
  • Experience conducting risk assessments and control evaluations
  • Ability to translate technical controls into clear, customer-facing language

Desirable

  • Exposure to AI governance, data ethics, or emerging AI regulatory requirements
  • Experience with Trust Centers or customer assurance functions
  • Cloud certifications (AWS / Azure)

Experience

  • 2–4 years’ experience in an information security or related role
  • Experience in a SaaS or cloud-first environment preferred
  • Experience working cross-functionally with engineering and product teams
  • Exposure to customer-facing security or compliance activities is highly valuable
  • Hybrid working – 2 days a week in the London office
  • Wellbeing: Sanctus Coaching, Virtual fitness sessions, Wellbeing webinars, Annual Wellbeing day
  • Subsidised Gym Membership
  • Private Medical Insurance (including Dental and Vision) and Life Assurance
  • 25 days holiday (increasing to 30 days at a rate of 1 extra day per year)
  • Employer pension contribution of 5% of your gross salary, if you contribute a minimum of 3%
  • Season ticket Loan
  • Cycle to Work Scheme
  • Annual Discretionary Bonus

Benefits

  • Hybrid working – 2 days a week in the London office
  • Wellbeing: Sanctus Coaching, Virtual fitness sessions, Wellbeing webinars, Annual Wellbeing day
  • Subsidised Gym Membership
  • Private Medical Insurance (including Dental and Vision) and Life Assurance
  • 25 days holiday (increasing to 30 days at a rate of 1 extra day per year)
  • Employer pension contribution of 5% of your gross salary, if you contribute a minimum of 3%
  • Season ticket Loan
  • Cycle to Work Scheme
  • Annual Discretionary Bonus
#J-18808-Ljbffr
Orgvue Limited

Contact Detail:

Orgvue Limited Recruiting Team

View Orgvue Limited Profile
footer-logo
Company
Login Career About Us
Product
Exams Explanations For Companies Magazine
Help
Help Center Premium Login
© StudySmarter
Terms
Privacy