Information Security & SOC 2 Support Analyst

RedCompass Labs enables good payments and helps stop the bad. We are experts in ISO20022-based payments, instant payments, cross-border payments, payments interoperability and financial crime. We use the latest Applied AI, micro‑services technology and deep payment knowledge to deliver payment transformation projects. These solutions help our clients accelerate their payments modernization programs, reducing costs and regulatory risk. With offices in London, Warsaw, Antwerp, Tokyo, Miami, Toronto, and Pune, we support clients worldwide.

Role Description

To provide operational and administrative support to the Head of Information Security in maintaining and maturing the Information Security Management System (ISMS), ensuring ongoing compliance with ISO 27001 and SOC 2 standards. This role will focus on evidence collection, documentation, audit readiness, incident response coordination, and day‑to‑day management of compliance artefacts and processes.

Key Responsibilities

• Assist in maintaining and updating ISMS documentation, including Statements of Applicability, risk treatment plans, and control records.
• Support the tracking and publishing of compliance artefacts in Vanta and other platforms.
• Own policy review, update and renewal process, tracked through Vanta.
• Monitor policy acknowledgements and ensure timely completion across the organization.

Audit & Certification Support

• Coordinate evidence collection and documentation for ISO 27001 and SOC 2 Type 1 & 2 audits.
• Help manage audit schedules, track remediation actions, and liaise with external auditors and vendors.
• Prepare and organise audit‑ready documentation and support effectiveness reviews.

Incident Management & Security Operations

• Support incident response planning and maintain logs, monitoring records, and configuration documentation.
• Track corrective actions from audits and ensure closure with supporting evidence.
• Assist in change control board meetings and processes.

AI Governance & Risk Management (Support)

• Help maintain AI risk assessment guidelines and vendor risk checklists.
• Assist with documentation and reporting for AI governance activities.

Business Continuity and Disaster Recovery

• Conduct risk assessments and business impact analyses to identify critical systems, processes and dependencies.
• Assist in the creation, review, and maintenance of Business Continuity and Disaster Recovery plans aligned with SOC 2 requirements and organizational risk posture.
• Coordinate and participate in regular BCP and DR testing exercises (e.g., tabletop exercises, failover tests) and document outcomes for audit readiness.

Administrative & Reporting Support

• Prepare quarterly security and compliance reports for review with Head of Information Security.
• Maintain records of audit status, risk posture, and compliance maturity.
• Support the alignment of security initiatives with organisational goals.

In addition to core operational duties, the role includes oversight of compliance and risk tracking activities within the Vanta platform. This includes:

• Monitoring and Managing Open Risk Items: Regularly reviewing Vanta dashboards to identify outstanding risk items, ensuring timely follow‑up and resolution in collaboration with relevant stakeholders.
• Tracking Test Status and Remediation Actions: Ensuring that scheduled tests (e.g., access reviews, vulnerability scans, control validations) are completed on time. Following up on failed or overdue tests and coordinating remediation efforts.
• Reporting and Escalation: Providing regular updates to leadership on the status of open risks and test outcomes, highlighting areas of concern and recommending mitigation strategies.

Skills & Experience Required

• Knowledge of ISO 27001 and SOC 2 Frameworks
• Documentation & Reporting Skills
• Incident Response & Security Operations Support
• Risk Assessment & Business Impact Analysis
• Attention to Detail
• Stakeholder Coordination
• Organisational & Time Management
• Experience with Compliance Platforms (e.g., Vanta)

Preferred

• Experience with Audit Preparation or External Audit Liaison
• Knowledge of Business Continuity & Disaster Recovery Planning
• Familiarity with AI Governance or Emerging Tech Risk
• Security Awareness Training or Policy Management
• Process Improvement Mindset
• Basic Technical Understanding

Contract of employment with RedCompass Labs includes the following competitive benefits package:

• Up to 10% of annual earnings as a personal performance bonus
• Life insurance
• Group Income Protection
• Health Insurance for you and your family
• Dental Insurance for you and your family
• Pension: the pension is currently 4% employer and 4% employee. You can also contribute more and to a private pension.
• 28 days annual holiday plus Public & Bank holidays and Company Holiday Day

RedCompass Labs is committed to promoting and supporting a diverse and inclusive workplace, ensuring fair and equitable treatment for all.