SaaS InfoSec & Compliance Analyst; ISO​/SOC, AI Governance

Role Overview

We are seeking an Information Security Analyst to join Orgvue’s Information Security & Data Protection team. This role is suited to someone with early to mid-level experience who is looking to broaden their exposure across security operations, compliance, and product security in a SaaS environment. You will play an active role in maintaining Orgvue’s security posture and certifications (ISO 27001, ISO 27018, SOC 2 Type II, CSA STAR), while supporting emerging areas such as AI governance and regulatory compliance.

The role reports to the VP of Information Security & Data Protection, with day-to-day direction and mentorship provided by the Senior Information Security Analyst.

• Monitor security events and alerts, investigating and escalating as appropriate
• Support incident response activities, including analysis, documentation, and follow-up actions
• Contribute to the continuous improvement of monitoring and detection capabilities

• Support and help operate the vulnerability management programme across application and infrastructure environments
• Track remediation activities with engineering and infrastructure teams
• Assist with internal risk assessments and supplier/vendor security reviews

• Support the operation and continuous improvement of the Information Security Management System (ISMS)
• Contribute to maintaining compliance with ISO 27001, ISO 27018, SOC 2 Type II, and CSA STAR
• Assist with audit preparation, evidence collection, and internal audit activities
• Produce and maintain security metrics and reporting

• Work with engineering teams to embed security practices into Dev Ops processes and CI/CD pipelines
• Support secure development practices aligned to OWASP principles
• Assist in remediation of penetration testing findings and security assessments
• Contribute to security reviews of application and infrastructure changes

• Support responses to customer security questionnaires, RFPs, and due diligence requests
• Assist in maintaining customer-facing security documentation and Trust Center content
• Help articulate Orgvue’s security controls and practices to non-technical audiences

• Support data protection activities aligned with GDPR and global privacy requirements
• Contribute to responsible AI practices, including documentation, transparency, and risk considerations
• Assist in identifying and managing risks related to data usage and analytics features

• Support delivery of security awareness and training programmes
• Help promote a strong security culture across the organisation

• Good understanding of ISO 27001 / ISO 27002 and practical ISMS implementation
• Familiarity with SOC 2, CSA STAR, and common control frameworks
• Good knowledge of cloud security (AWS and/or Azure)
• Understanding of identity and access management, encryption, logging/monitoring, and least privilege principles
• Awareness of modern SaaS security risks (e.g. multi-tenancy, data isolation, API security)

• Familiarity with secure software development and OWASP Top 10
• Understanding of Dev Ops, CI/CD pipelines, and infrastructure-as-code environments
• Experience working with vulnerability management, scanning tools, or SIEM platforms (e.g. Datadog or equivalent)

• Experience supporting audits or compliance programmes (ISO 27001, SOC 2, etc.)
• Experience conducting risk assessments and control evaluations
• Ability to translate technical controls into clear, customer-facing language

• Exposure to AI governance, data ethics, or emerging AI regulatory requirements
• Experience with Trust Centers or customer assurance functions
• Cloud certifications (AWS / Azure)

• 2–4 years’ experience in an information security or related role
• Experience in a SaaS or cloud-first environment preferred
• Experience working cross-functionally with engineering and product teams
• Exposure to customer-facing security or compliance activities is highly valuable
• Hybrid working – 2 days a week in the…