Information Security GRC Analyst in Cambridge

Company RealVNC is the remote access platform for engineers looking for the most reliable and the most secure solution built by the creators of VNC technology. Over the last 25 years, as the inventors of VNC, we've enabled a global workforce to work wherever works and created the remote access market. Our software is used by hundreds of millions of users worldwide including IT professionals from global companies, such as Intel, IBM, NASA, Shell, DreamWorks and Philips. Our lead product, VNC Connect, allows users to connect securely to a remote device anywhere in the world, see its screen in real-time, and take control as though sitting in front of it.

The product has been deployed across a myriad of use cases, from remote support through to deploying the software onto connected devices such as medical ventilators, set‑top boxes, heavy industrial machinery and more. Backed by leading mid‑market private equity firm, Livingbridge since 2021, we are investing in our people to support our highly ambitious growth plans. As part of our people strategy to develop our next generation organisation, we are looking to add new team members that are integral to the success of the business, committed to delivering high quality results, collaboration and innovation to help accelerate company growth.

We're looking for a detail‑oriented and proactive Information Security GRC Analyst to join our team, reporting to the Information Security Compliance Officer. You'll help maintain and improve our security compliance across frameworks such as ISO 27001, SOC 2, and HIPAA, with scope expected to broaden over time as we extend into adjacent standards and new market segments. This is a fantastic opportunity for someone who enjoys structured work, has strong organisational skills, and is keen to develop expertise in information security and compliance.

You'll take ownership of key activities including supplier reviews, risk assessments, incident tracking, and audit preparation – working closely with internal teams and external auditors to ensure our policies and processes are effective and up to date.

• Management of the RealVNC risk management process across our assets, processes, and third‑party suppliers, including risks associated with new markets and use cases as our product footprint evolves, identifying vulnerabilities, working with asset owners to develop remediation plans, reassessing risk scores following remediation, and regular review to assess progress.
• Draft, update and maintain ISMS policies and processes in line with audit findings, regulatory changes, and evolving operational practices, including managing release approvals for policy and process updates.
• Collect, analyse, and report on ISMS metrics, including maintaining key performance indicators and measurement records, contributing to continuous improvement and audit readiness.
• Track and manage non‑conformances, ensuring timely resolution and documentation in accordance with internal processes and policies.
• Draft incident reports following security events, ensuring clarity, accuracy, and alignment with regulatory expectations.
• Conduct and document initial and periodic supplier due diligence reviews, determining what RealVNC data each supplier processes and stores to ensure ongoing adherence to RealVNC's security standards, risk mitigation strategies, and contractual and regulatory requirements.
• Support supplier contract management and renewals by ensuring each supplier is reviewed in good time ahead of renewal, so RealVNC can serve notice to decline renewal within the required notice period where appropriate.
• Follow up on incident and lessons learnt action items, coordinating with stakeholders to ensure closure and accountability.
• Monitor and facilitate vulnerability remediation, working with technical teams to ensure timely resolution.
• Facilitate the creation of ISMS management review documentation, supporting leadership in strategic decision‑making.
• Prepare for and participate in external audits (ISO 27001:2022, SOC 2, HIPAA), including evidence collation and auditor liaison.
• Lead or support internal audits, including scheduling, execution, reporting, and updating relevant process and policy documentation.
• Administer and maintain the GRC tooling, acting as the internal subject‑matter expert and supporting cross‑functional teams across the business in using the platform effectively to meet their compliance obligations.

• Have a keen attention to detail and a methodical approach to documentation and process tracking.
• Are comfortable interpreting and summarising technical incidents for non‑technical audiences.
• Can manage multiple tasks and deadlines, especially in audit preparation and follow‑up.
• Are proactive in chasing actions and ensuring accountability across teams.
• Demonstrate excellent written and verbal communication skills, especially in formal documentation.
• Are confident using productivity and collaboration tools (e.g. Excel, Confluence, Jira, SharePoint, Drata or equivalent GRC platform).
• Are adaptable and willing to learn new compliance frameworks.
• Can work independently while collaborating effectively with technical and non‑technical stakeholders.

• Experience working in an ISO 27001‑compliant environment or similar regulated setting.
• Familiarity with risk assessment methodologies and compliance reporting.
• Experience supporting or participating in internal and external audits.
• Experience working in a software development or Software as a Service (SaaS) company.
• An interest in emerging or adjacent compliance frameworks, including those relevant to industrial or operational technology environments.
• Experience with GRC tooling (e.g. Drata, Vanta, OneTrust, or similar) would be an advantage.

This role offers a great opportunity to join our Compliance Team, working for a successful, growing company with a recognised global brand and huge potential and vision. Working with us on our growth journey provides the chance to see first‑hand how your individual contributions as part of a dynamic team influence the success of our business. We want to see you grow with us. We're committed to creating a culture where contributions are recognised, careers grow and people thrive together. Through a clear career framework and ongoing development, we can help you unlock your full potential. We also offer generous benefits, including a contributory pension, EV car leasing scheme, private dental and medical cover. We work in a hybrid environment where employees combine working remotely and working from the office to facilitate a high‑performance working environment – with the ability to collaborate effectively and build a cohesive team bond while being able to focus and deliver quality results. With this in mind, you will need to easily be able to commute to Cambridge and / or London.

RealVNC is an equal opportunities employer, committed to staff welfare and professional development.