At a Glance
- Tasks: Join our team to enhance security and compliance in a dynamic SaaS environment.
- Company: Orgvue, a forward-thinking company focused on information security and data protection.
- Benefits: Enjoy hybrid working, wellness programmes, private medical insurance, and generous holiday allowance.
- Other info: Collaborative culture with opportunities for mentorship and professional development.
- Why this job: Make a real impact on security practices while growing your career in tech.
- Qualifications: 2-4 years in information security; familiarity with ISO standards and cloud security is a plus.
The predicted salary is between 40000 - 50000 £ per year.
We are seeking an Information Security Analyst to join Orgvue’s Information Security & Data Protection team. This role is suited to someone with early to mid-level experience who is looking to broaden their exposure across security operations, compliance, and product security in a SaaS environment. You will play an active role in maintaining Orgvue’s security posture and certifications (ISO 27001, ISO 27018, SOC 2 Type II, CSA STAR), while supporting emerging areas such as AI governance and regulatory compliance. The role reports to the VP of Information Security & Data Protection, with day-to-day direction and mentorship provided by the Senior Information Security Analyst.
Responsibilities
- Security Operations & Risk Management
- Monitor security events and alerts, investigating and escalating as appropriate
- Support incident response activities, including analysis, documentation, and follow-up actions
- Contribute to the continuous improvement of monitoring and detection capabilities
- Vulnerability & Risk Management
- Support and help operate the vulnerability management programme across application and infrastructure environments
- Track remediation activities with engineering and infrastructure teams
- Assist with internal risk assessments and supplier/vendor security reviews
- Compliance & ISMS
- Support the operation and continuous improvement of the Information Security Management System (ISMS)
- Contribute to maintaining compliance with ISO 27001, ISO 27018, SOC 2 Type II, and CSA STAR
- Assist with audit preparation, evidence collection, and internal audit activities
- Produce and maintain security metrics and reporting
- Product & Engineering Security
- Work with engineering teams to embed security practices into DevOps processes and CI/CD pipelines
- Support secure development practices aligned to OWASP principles
- Assist in remediation of penetration testing findings and security assessments
- Contribute to security reviews of application and infrastructure changes
- Customer Trust & External Engagement
- Support responses to customer security questionnaires, RFPs, and due diligence requests
- Assist in maintaining customer-facing security documentation and Trust Center content
- Help articulate Orgvue’s security controls and practices to non-technical audiences
- Data Protection & AI Governance
- Support data protection activities aligned with GDPR and global privacy requirements
- Contribute to responsible AI practices, including documentation, transparency, and risk considerations
- Assist in identifying and managing risks related to data usage and analytics features
- Security Awareness & Culture
- Support delivery of security awareness and training programmes
- Help promote a strong security culture across the organisation
Core Knowledge
- Good understanding of ISO 27001 / ISO 27002 and practical ISMS implementation
- Familiarity with SOC 2, CSA STAR, and common control frameworks
- Good knowledge of cloud security (AWS and/or Azure)
- Understanding of identity and access management, encryption, logging/monitoring, and least privilege principles
- Aware of modern SaaS security risks (e.g. multi-tenancy, data isolation, API security)
Technical & Engineering Alignment
- Familiarity with secure software development and OWASP Top 10
- Understanding of DevOps, CI/CD pipelines, and infrastructure-as-code environments
- Experience working with vulnerability management, scanning tools, or SIEM platforms (e.g. Datadog or equivalent)
Risk, Compliance & Assurance
- Experience supporting audits or compliance programmes (ISO 27001, SOC 2, etc.)
- Experience conducting risk assessments and control evaluations
- Ability to translate technical controls into clear, customer-facing language
Desirable
- Exposure to AI governance, data ethics, or emerging AI regulatory requirements
- Experience with Trust Centers or customer assurance functions
- Cloud certifications (AWS / Azure)
Experience
- 2–4 years’ experience in an information security or related role
- Experience in a SaaS or cloud-first environment preferred
- Experience working cross-functionally with engineering and product teams
- Exposure to customer-facing security or compliance activities is highly valuable
Hybrid working – 2 days a week in the London office
Wellbeing: Sanctus Coaching, Virtual fitness sessions, Wellbeing webinars, Annual Wellbeing day
Benefits:
- Subsidised Gym Membership
- Private Medical Insurance (including Dental and Vision) and Life Assurance
- 25 days holiday (increasing to 30 days at a rate of 1 extra day per year)
- Employer pension contribution of 5% of your gross salary, if you contribute a minimum of 3%
- Season ticket Loan
- Cycle to Work Scheme
- Annual Discretionary Bonus
SaaS InfoSec & Compliance Analyst (ISO/SOC2, AI Governance) employer: Orgvue
Orgvue is an exceptional employer that prioritises employee wellbeing and professional growth, offering a hybrid working model that allows for flexibility while fostering collaboration in the vibrant London office. With comprehensive benefits including private medical insurance, generous holiday allowances, and wellness initiatives, employees are supported both personally and professionally as they contribute to maintaining Orgvue's robust security posture in a dynamic SaaS environment.
StudySmarter Expert Advice🤫
We think this is how you could land SaaS InfoSec & Compliance Analyst (ISO/SOC2, AI Governance)
✨Tip Number 1
Network like a pro! Reach out to folks in the InfoSec and compliance space on LinkedIn. Join relevant groups and participate in discussions. You never know who might have a lead on that perfect role!
✨Tip Number 2
Prepare for interviews by brushing up on your knowledge of ISO standards and SOC 2 compliance. Be ready to discuss how you can contribute to maintaining security postures and certifications. Show them you mean business!
✨Tip Number 3
Don’t just apply anywhere; focus on companies that align with your values and interests, like Orgvue. Use our website to find roles that excite you and tailor your approach to each one. It’s all about quality over quantity!
✨Tip Number 4
Follow up after interviews! A quick thank-you email can go a long way. Mention something specific from your conversation to remind them of your enthusiasm and fit for the role. Keep yourself top of mind!
We think you need these skills to ace SaaS InfoSec & Compliance Analyst (ISO/SOC2, AI Governance)
Some tips for your application 🫡
Tailor Your CV:Make sure your CV reflects the skills and experiences that match the job description. Highlight your knowledge of ISO standards, compliance, and any relevant SaaS experience. We want to see how you fit into our world!
Craft a Compelling Cover Letter:Your cover letter is your chance to shine! Use it to explain why you're passionate about information security and how your background aligns with our needs. Let us know what excites you about working with us at StudySmarter.
Showcase Your Technical Skills:Don’t forget to mention your familiarity with cloud security, vulnerability management, and secure software development practices. We love seeing candidates who can speak our language and understand the tech side of things!
Apply Through Our Website:We encourage you to apply directly through our website. It’s the best way for us to receive your application and ensures you don’t miss out on any important updates from our team. We can’t wait to hear from you!
How to prepare for a job interview at Orgvue
✨Know Your Standards
Familiarise yourself with ISO 27001, SOC 2, and CSA STAR. Be ready to discuss how these frameworks apply to the role and share any relevant experiences you have in maintaining compliance or supporting audits.
✨Showcase Your Technical Skills
Brush up on your knowledge of cloud security, especially AWS and Azure. Be prepared to talk about your experience with vulnerability management tools and how you've contributed to secure software development practices.
✨Prepare for Scenario Questions
Think of examples where you've monitored security events or supported incident response activities. Use the STAR method (Situation, Task, Action, Result) to structure your answers and demonstrate your problem-solving skills.
✨Communicate Clearly
Practice explaining complex security concepts in simple terms. You'll likely need to articulate Orgvue’s security controls to non-technical audiences, so being able to break down jargon will be a huge plus.
