At a Glance
- Tasks: Join our team to enhance security operations and compliance in a dynamic SaaS environment.
- Company: Orgvue, a leader in information security and data protection.
- Benefits: Enjoy hybrid working, wellness programmes, and generous holiday allowance.
- Other info: Great career growth opportunities and a vibrant company culture.
- Why this job: Make a real impact on security while growing your skills in a supportive environment.
- Qualifications: 2-4 years in information security; familiarity with ISO standards and cloud security is a plus.
The predicted salary is between 40000 - 48000 £ per year.
We are seeking an Information Security Analyst to join Orgvue’s Information Security & Data Protection team. This role is suited to someone with early to mid-level experience who is looking to broaden their exposure across security operations, compliance, and product security in a SaaS environment. You will play an active role in maintaining Orgvue’s security posture and certifications (ISO 27001, ISO 27018, SOC 2 Type II, CSA STAR), while supporting emerging areas such as AI governance and regulatory compliance. The role reports to the VP of Information Security & Data Protection, with day-to-day direction and mentorship provided by the Senior Information Security Analyst.
Responsibilities
- Security Operations & Risk Management
- Monitor security events and alerts, investigating and escalating as appropriate
- Support incident response activities, including analysis, documentation, and follow-up actions
- Contribute to the continuous improvement of monitoring and detection capabilities
- Vulnerability & Risk Management
- Support and help operate the vulnerability management programme across application and infrastructure environments
- Track remediation activities with engineering and infrastructure teams
- Assist with internal risk assessments and supplier/vendor security reviews
- Compliance & ISMS
- Support the operation and continuous improvement of the Information Security Management System (ISMS)
- Contribute to maintaining compliance with ISO 27001, ISO 27018, SOC 2 Type II, and CSA STAR
- Assist with audit preparation, evidence collection, and internal audit activities
- Produce and maintain security metrics and reporting
- Product & Engineering Security
- Work with engineering teams to embed security practices into DevOps processes and CI/CD pipelines
- Support secure development practices aligned to OWASP principles
- Assist in remediation of penetration testing findings and security assessments
- Contribute to security reviews of application and infrastructure changes
- Customer Trust & External Engagement
- Support responses to customer security questionnaires, RFPs, and due diligence requests
- Assist in maintaining customer-facing security documentation and Trust Center content
- Help articulate Orgvue’s security controls and practices to non-technical audiences
- Data Protection & AI Governance
- Support data protection activities aligned with GDPR and global privacy requirements
- Contribute to responsible AI practices, including documentation, transparency, and risk considerations
- Assist in identifying and managing risks related to data usage and analytics features
- Security Awareness & Culture
- Support delivery of security awareness and training programmes
- Help promote a strong security culture across the organisation
Core Knowledge
- Good understanding of ISO 27001 / ISO 27002 and practical ISMS implementation
- Familiarity with SOC 2, CSA STAR, and common control frameworks
- Good knowledge of cloud security (AWS and/or Azure)
- Understanding of identity and access management, encryption, logging/monitoring, and least privilege principles
- Aware of modern SaaS security risks (e.g. multi-tenancy, data isolation, API security)
Technical & Engineering Alignment
- Familiarity with secure software development and OWASP Top 10
- Understanding of DevOps, CI/CD pipelines, and infrastructure-as-code environments
- Experience working with vulnerability management, scanning tools, or SIEM platforms (e.g. Datadog or equivalent)
Risk, Compliance & Assurance
- Experience supporting audits or compliance programmes (ISO 27001, SOC 2, etc.)
- Experience conducting risk assessments and control evaluations
- Ability to translate technical controls into clear, customer-facing language
Desirable
- Exposure to AI governance, data ethics, or emerging AI regulatory requirements
- Experience with Trust Centers or customer assurance functions
- Cloud certifications (AWS / Azure)
Experience
- 2–4 years’ experience in an information security or related role
- Experience in a SaaS or cloud-first environment preferred
- Experience working cross-functionally with engineering and product teams
- Exposure to customer-facing security or compliance activities is highly valuable
Benefits
- Hybrid working – 2 days a week in the London office
- Wellbeing: Sanctus Coaching, Virtual fitness sessions, Wellbeing webinars, Annual Wellbeing day
- Subsidised Gym Membership
- Private Medical Insurance (including Dental and Vision) and Life Assurance
- 25 days holiday (increasing to 30 days at a rate of 1 extra day per year)
- Employer pension contribution of 5% of your gross salary, if you contribute a minimum of 3%
- Season ticket Loan
- Cycle to Work Scheme
- Annual Discretionary Bonus
Information Security Analyst employer: Orgvue
Orgvue is an exceptional employer that prioritises employee wellbeing and professional growth, offering a hybrid working model in the vibrant city of London. With comprehensive benefits including private medical insurance, generous holiday allowances, and wellness initiatives, employees are supported both personally and professionally. The collaborative work culture fosters continuous learning and engagement in cutting-edge areas such as AI governance and data protection, making it an ideal environment for those looking to advance their careers in information security.
StudySmarter Expert Advice🤫
We think this is how you could land Information Security Analyst
✨Tip Number 1
Network like a pro! Reach out to folks in the industry, attend meetups, and connect with people on LinkedIn. You never know who might have the inside scoop on job openings or can refer you directly.
✨Tip Number 2
Prepare for interviews by researching Orgvue’s security practices and recent projects. Show us that you’re genuinely interested in the company and how you can contribute to their security posture.
✨Tip Number 3
Practice your responses to common interview questions, especially those related to security operations and compliance. We want to see that you can articulate your knowledge clearly and confidently.
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, it shows us you’re serious about joining the team.
We think you need these skills to ace Information Security Analyst
Some tips for your application 🫡
Tailor Your CV:Make sure your CV reflects the skills and experiences that match the Information Security Analyst role. Highlight any relevant experience with ISO standards, cloud security, or vulnerability management to catch our eye!
Craft a Compelling Cover Letter:Your cover letter is your chance to shine! Use it to explain why you're passionate about information security and how your background aligns with our needs. Don’t forget to mention any specific projects or achievements that showcase your expertise.
Show Your Enthusiasm for Learning:We love candidates who are eager to learn and grow! Mention any courses, certifications, or self-study you've done related to security operations, compliance, or AI governance. It shows us you’re proactive and ready to dive into the role.
Apply Through Our Website:We encourage you to apply directly through our website. It’s the best way to ensure your application gets to the right people. Plus, you’ll find all the details about the role and our company culture there!
How to prepare for a job interview at Orgvue
✨Know Your Security Standards
Familiarise yourself with ISO 27001, SOC 2, and CSA STAR. Be ready to discuss how these standards apply to the role and share any relevant experiences you have in maintaining compliance or supporting audits.
✨Showcase Your Technical Skills
Brush up on your knowledge of cloud security, especially AWS and Azure. Be prepared to talk about your experience with vulnerability management tools and how you've contributed to secure software development practices.
✨Prepare for Scenario-Based Questions
Expect questions that assess your problem-solving skills in real-world scenarios. Think of examples where you've monitored security events, responded to incidents, or worked cross-functionally with engineering teams to improve security measures.
✨Communicate Clearly with Non-Technical Audiences
Practice explaining complex security concepts in simple terms. You might be asked to articulate Orgvue’s security controls to non-technical stakeholders, so being able to translate technical jargon into clear language is key.
