×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security Data Security

Compliance & Information Security Analyst

Job in Manchester, Greater Manchester, M9, England, UK
Listing for: beqom
Full Time position
Listed on 2026-06-12
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, Data Security
Salary/Wage Range or Industry Benchmark: 60000 - 80000 GBP Yearly GBP 60000.00 80000.00 YEAR
Job Description & How to Apply Below

Join beqom - where tech meets impact

beqom is a high-growth B2B SaaS company that provides industry-leading tools for pay equity and transparency, compensation, and performance management.

Trusted by some of the world’s most respected companies, beqom enables HR and business leaders to navigate global compliance and make smarter pay decisions that attract, retain, and motivate top talent.

Founded in Switzerland and serving clients worldwide, our powerful, enterprise‑ready products are fueled by beqom pay intelligence.

Role Overview

We are seeking an experienced Compliance & Information Security Analyst to own and manage our compliance and third‑party risk management (TPRM) function. This is a hands‑on role that sits at the intersection of information security, legal/contractual review, and vendor risk management.

Truly critical to client trust, support sales cycles, and ensure the company meets its obligations as a responsible data processor and technology provider, the candidate will be the primary point of contact for inbound client governance, risk & compliance (GRC) requests, manage our own vendor and sub‑contractor due diligence programme, and review information security obligations embedded in client and prospect contracts.

What

you'll be doing

Client GRC Questionnaires & Third‑Party Risk Management (TPRM)

  • Receive, triage, and complete inbound GRC / security questionnaires submitted by existing and prospective clients as part of their vendor assessment and TPRM processes.
  • Develop and maintain a master response library to accelerate questionnaire completion, covering areas such as data security, access controls, business continuity, incident response, and privacy.
  • Coordinate with internal stakeholders (Engineering, Product, Operations, Legal) to gather accurate, up‑to‑date technical evidence and supporting documentation.
  • Track questionnaire status, deadlines, and outcomes; maintain a central log and escape blockers in a timely manner.
  • Build relationships with client procurement, risk, and security contacts to manage ongoing TPRM obligations efficiently.

Evidence‑Based GRC Questionnaires

  • Manage questionnaires that require formal documentary evidence — such as policies, audit reports (e.g. SOC 2, ISO 27001), penetration test summaries, data processing agreements, and certifications.
  • Maintain a structured evidence repository, ensuring documents are current, version‑controlled, and accessible for rapid submission.
  • Identify gaps between client evidence requirements and the company’s current documentation; work with the Head of Information Security and Compliance or relevant leads to close those gaps.

Information Security Review of MSAs & Client Contracts

  • Review information security, data protection, and compliance clauses within Master Service Agreements (MSAs) and other commercial contracts from clients and prospects.
  • Identify obligations and requirements (e.g. audit rights, subprocessor notifications, breach notification timescales, data residency, encryption standards) and assess the company’s ability to comply.
  • Liaise with Legal counsel and the Head of Information Security and Compliance to flag materially onerous or non‑standard terms; assist in drafting redlines and proposed alternative language where appropriate.
  • Maintain a tracker of contractual information security obligations to ensure ongoing compliance post‑signature.

Vendor & Sub‑Contractor TPRM

  • Design and operate a structured TPRM programme for the company’s own vendors and sub‑contractors who process client data or have access to company systems.
  • Conduct initial and periodic risk assessments of vendors, including completion of security questionnaires, review of their compliance certifications, and assessment of contractual controls.
  • Categorise vendors by risk tier and ensure appropriate due diligence applied proportionate to the nature and sensitivity of the relationship.
  • Maintain a vendor risk register, tracking assessment outcomes, remediation actions, and review schedules.
  • Report on vendor risk posture to relevant internal stakeholders on a regular cadence.
Skills & Experience
  • Proven experience in a compliance, information security, GRC, or vendor…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search