At a Glance
- Tasks: Join our team to enhance security operations and protect data in a dynamic SaaS environment.
- Company: Orgvue, a leading organisational design platform with a focus on innovation and adaptability.
- Benefits: Enjoy hybrid working, wellbeing initiatives, private medical insurance, and generous holiday allowance.
- Other info: Diverse workplace promoting individualism and excellent career growth opportunities.
- Why this job: Make a real impact on security practices while growing your skills in a supportive environment.
- Qualifications: 2-4 years in information security; familiarity with ISO standards and cloud security is a plus.
The predicted salary is between 40000 - 50000 € per year.
Orgvue is an organizational design and planning platform that empowers businesses to transform their workforce by understanding the work people do and the skills they have. Our platform connects strategy to structure, providing clarity of vision, so leaders can build a more adaptable, better performing organization that thrives in a constantly changing world of work.
The world’s largest and best-known enterprises and consulting firms use Orgvue to visualize and model current and future states of the organization and make faster, more informed decisions. The company is headquartered in London, with offices in Philadelphia, The Hague, Toronto, and Sydney.
We are seeking an Information Security Analyst to join Orgvue’s Information Security & Data Protection team. This role is suited to someone with early to mid-level experience who is looking to broaden their exposure across security operations, compliance, and product security in a SaaS environment. You will play an active role in maintaining Orgvue’s security posture and certifications (ISO 27001, ISO 27018, SOC 2 Type II, CSA STAR), while supporting emerging areas such as AI governance and regulatory compliance. The role reports to the VP of Information Security & Data Protection, with day-to-day direction and mentorship provided by the Senior Information Security Analyst.
Responsibilities
- Security Operations & Risk Management
- Monitor security events and alerts, investigating and escalating as appropriate
- Support incident response activities, including analysis, documentation, and follow-up actions
- Contribute to the continuous improvement of monitoring and detection capabilities
- Vulnerability & Risk Management
- Support and help operate the vulnerability management programme across application and infrastructure environments
- Track remediation activities with engineering and infrastructure teams
- Assist with internal risk assessments and supplier/vendor security reviews
- Compliance & ISMS
- Support the operation and continuous improvement of the Information Security Management System (ISMS)
- Contribute to maintaining compliance with ISO 27001, ISO 27018, SOC 2 Type II, and CSA STAR
- Assist with audit preparation, evidence collection, and internal audit activities
- Produce and maintain security metrics and reporting
- Product & Engineering Security
- Work with engineering teams to embed security practices into DevOps processes and CI/CD pipelines
- Support secure development practices aligned to OWASP principles
- Assist in remediation of penetration testing findings and security assessments
- Contribute to security reviews of application and infrastructure changes
- Customer Trust & External Engagement
- Support responses to customer security questionnaires, RFPs, and due diligence requests
- Assist in maintaining customer-facing security documentation and Trust Center content
- Help articulate Orgvue’s security controls and practices to non-technical audiences
- Data Protection & AI Governance
- Support data protection activities aligned with GDPR and global privacy requirements
- Contribute to responsible AI practices, including documentation, transparency, and risk considerations
- Assist in identifying and managing risks related to data usage and analytics features
- Security Awareness & Culture
- Support delivery of security awareness and training programmes
- Help promote a strong security culture across the organisation
Requirements
- Core Knowledge
- Good understanding of ISO 27001 / ISO 27002 and practical ISMS implementation
- Familiarity with SOC 2, CSA STAR, and common control frameworks
- Good knowledge of cloud security (AWS and/or Azure)
- Understanding of identity and access management, encryption, logging/monitoring, and least privilege principles
- Aware of modern SaaS security risks (e.g. multi-tenancy, data isolation, API security)
- Technical & Engineering Alignment
- Familiarity with secure software development and OWASP Top 10
- Understanding of DevOps, CI/CD pipelines, and infrastructure-as-code environments
- Experience working with vulnerability management, scanning tools, or SIEM platforms (e.g. Datadog or equivalent)
- Risk, Compliance & Assurance
- Experience supporting audits or compliance programmes (ISO 27001, SOC 2, etc.)
- Experience conducting risk assessments and control evaluations
- Ability to translate technical controls into clear, customer-facing language
- Desirable
- Exposure to AI governance, data ethics, or emerging AI regulatory requirements
- Experience with Trust Centers or customer assurance functions
- Cloud certifications (AWS / Azure)
Experience
- 2–4 years’ experience in an information security or related role
- Experience in a SaaS or cloud-first environment preferred
- Experience working cross-functionally with engineering and product teams
- Exposure to customer-facing security or compliance activities is highly valuable
Benefits
- Hybrid working - 2 days a week in the London office
- Wellbeing: Sanctus Coaching, Virtual fitness sessions, Wellbeing webinars, Annual Wellbeing day
- Subsidised Gym Membership
- Private Medical Insurance (including Dental and Vision) and Life Assurance
- 25 days holiday (increasing to 30 days at a rate of 1 extra day per year)
- Employer pension contribution of 5% of your gross salary, if you contribute a minimum of 3%
- Season ticket Loan
- Cycle to Work Scheme
- Annual Discretionary Bonus
Here at Orgvue we promote individualism and a diverse workforce to build on our future success.
Information Security Analyst in London employer: Orgvue
Orgvue is an exceptional employer that fosters a dynamic and inclusive work culture, offering employees the chance to grow their skills in a cutting-edge SaaS environment. With a strong focus on wellbeing, hybrid working options, and comprehensive benefits including private medical insurance and generous holiday allowances, Orgvue supports its team members in achieving a healthy work-life balance while contributing to meaningful projects in information security. Located in London, employees benefit from a vibrant city atmosphere and opportunities for professional development within a forward-thinking organisation.
StudySmarter Expert Advice🤫
We think this is how you could land Information Security Analyst in London
✨Tip Number 1
Network like a pro! Reach out to folks in the industry, attend meetups, and connect with people on LinkedIn. You never know who might have the inside scoop on job openings or can refer you directly.
✨Tip Number 2
Prepare for interviews by researching Orgvue and its security practices. Understand their compliance standards like ISO 27001 and SOC 2. This shows you're genuinely interested and ready to contribute from day one!
✨Tip Number 3
Practice your responses to common interview questions, especially around security operations and risk management. Use the STAR method (Situation, Task, Action, Result) to structure your answers and highlight your experience effectively.
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, it shows you’re keen on joining the Orgvue team!
We think you need these skills to ace Information Security Analyst in London
Some tips for your application 🫡
Tailor Your CV:Make sure your CV is tailored to the Information Security Analyst role. Highlight relevant experience and skills that match the job description, especially around security operations and compliance. We want to see how you can contribute to our team!
Craft a Compelling Cover Letter:Your cover letter is your chance to shine! Use it to explain why you're passionate about information security and how your background aligns with Orgvue's mission. Keep it concise but impactful – we love a good story!
Show Off Your Knowledge:In your application, don’t shy away from showcasing your understanding of ISO standards and cloud security. Mention any relevant tools or frameworks you've worked with, as this will show us you're ready to hit the ground running.
Apply Through Our Website:We encourage you to apply directly through our website. It’s the best way for us to receive your application and ensures you’re considered for the role. Plus, it gives you a chance to explore more about what we do at Orgvue!
How to prepare for a job interview at Orgvue
✨Know Your Security Standards
Make sure you brush up on ISO 27001, SOC 2, and CSA STAR before the interview. Being able to discuss these standards confidently will show that you understand the compliance landscape and can contribute to maintaining Orgvue’s security posture.
✨Showcase Your Technical Skills
Be prepared to talk about your experience with cloud security, especially AWS or Azure. Highlight any familiarity with vulnerability management tools or SIEM platforms like Datadog, as this will demonstrate your hands-on experience in a SaaS environment.
✨Understand the Role of AI in Security
Since the role involves supporting AI governance, it’s crucial to have a grasp of data protection activities aligned with GDPR. Be ready to discuss how you would approach risks related to data usage and analytics features, as this is a hot topic in the industry.
✨Communicate Clearly
You’ll need to articulate complex security concepts to non-technical audiences. Practice explaining technical controls in simple terms, as this skill will be vital when responding to customer security questionnaires or during team collaborations.
