ISO Compliance Analyst | Security, CTC clearance |Remote UK ONLY
The Governance, Risk and Compliance Analyst supports the daily activities. The ISCO team is a small, passionate, and genuinely friendly team. The GRC Analyst is an integral role to the success of the team and requires a strong understanding of security controls, with the ability to effectively assess and communicate technical security requirements. The role is focused on leading third-party vendor due diligence, supporting internal and external audit requests, executing governance, and working closely with business stakeholders to align security measures commensurate with risk.
What’s on offer to you?
- Fully remote
- Excellent benefits and career opportunities
- Obtain full CTC clearance
What You Will Be Doing
- Working closely with the Information Security Manager and UK Director of Information Security.
- Supporting the maintenance of the integrated Business Management System (ISO 27001, ISO 9001 & ISO 14001).
- Manage third-party security vendor due diligence. Liaising with business units and external stakeholders to perform assessments and identify risk, whilst maintaining monitoring activities of existing vendors, ensuring that all requests are handled in line with industry standards and best practice.
- Participate and execute governance activities including metrics gathering and reporting, and the performance of recurring internal assessment activities.
- Supporting the development, documentation and maintenance of policies, procedures, and standards across the organisation.
- Identifying and reporting on gaps related to security and compliance, and other tasks to support information security processes, infrastructure and ensuring measures are fit for purpose.
- Building and maintaining close relationships with the business units, stakeholders, and providers of any outsourced contracts.
- Being a Security and Compliance Champion in promoting and developing awareness of different security and compliance risks and best practices across the company.
What You Will Need to Succeed In This Role
- Prior experience in a security governance, risk, and compliance role within the technology sector, preferably a SaaS organisation.
- Demonstrable experience of third-party vendor due diligence – conducting risk assessments, liaising with legal to ensure security requirements are captured (essential)
- Strong familiarity with industry frameworks such as ISO standards, NIST, and SOC reports.
- Exceptional attention to detail and organisational skills.
- Good governance experience – organising meetings/training, writing agendas, taking minutes, managing action logs.
- Working knowledge of common audit and compliance tools. Experience with a OneTrust is a plus.
- Experience in working on Microsoft products and can learn new systems quickly.
- Experience in working on an ISO standard (preferably ISO 27001, 9001, 14001 or any other relevant certifications) – a good knowledge of ISO structures, gathering evidence for audits and gap analysis.
- Industry recognised qualifications in security or similar (CISSP, CISM, CRISC or CISA)
Keywords: ISO |Security | CISSP | Remote | Security | Remote |