Information Security Analyst

Orgvue is an organizational design and planning platform that empowers businesses to transform their workforce by understanding the work people do and the skills they have. Our platform connects strategy to structure, providing clarity of vision, so leaders can build a more adaptable, better performing organization that thrives in a constantly changing world of work.

The world’s largest and best-known enterprises and consulting firms use Orgvue to visualize and model current and future states of the organization and make faster, more informed decisions. The company is headquartered in London, with offices in Philadelphia, The Hague, Toronto, and Sydney.

Role Overview

We are seeking an Information Security Analyst to join Orgvue’s Information Security & Data Protection team. This role is suited to someone with early to mid-level experience who is looking to broaden their exposure across security operations, compliance, and product security in a SaaS environment. 

You will play an active role in maintaining Orgvue’s security posture and certifications (ISO 27001, ISO 27018, SOC 2 Type II, CSA STAR), while supporting emerging areas such as AI governance and regulatory compliance. 

The role reports to the VP of Information Security & Data Protection, with day-to-day direction and mentorship provided by the Senior Information Security Analyst. 

Responsibilities

Security Operations & Risk Management 

• Monitor security events and alerts, investigating and escalating as appropriate 

• Support incident response activities, including analysis, documentation, and follow-up actions 

• Contribute to the continuous improvement of monitoring and detection capabilities 

Vulnerability & Risk Management 

• Support and help operate the vulnerability management programme across application and infrastructure environments 

• Track remediation activities with engineering and infrastructure teams 

• Assist with internal risk assessments and supplier/vendor security reviews 

Compliance & ISMS 

• Support the operation and continuous improvement of the Information Security Management System (ISMS) 

• Contribute to maintaining compliance with ISO 27001, ISO 27018, SOC 2 Type II, and CSA STAR 

• Assist with audit preparation, evidence collection, and internal audit activities 

• Produce and maintain security metrics and reporting 

Product & Engineering Security 

• Work with engineering teams to embed security practices into DevOps processes and CI/CD pipelines 

• Support secure development practices aligned to OWASP principles 

• Assist in remediation of penetration testing findings and security assessments 

• Contribute to security reviews of application and infrastructure changes 

Customer Trust & External Engagement 

• Support responses to customer security questionnaires, RFPs, and due diligence requests 

• Assist in maintaining customer-facing security documentation and Trust Center content 

• Help articulate Orgvue’s security controls and practices to non-technical audiences 

Data Protection & AI Governance 

• Support data protection activities aligned with GDPR and global privacy requirements 

• Contribute to responsible AI practices, including documentation, transparency, and risk considerations 

• Assist in identifying and managing risks related to data usage and analytics features 

Security Awareness & Culture 

• Support delivery of security awareness and training programmes 

• Help promote a strong security culture across the organisation 

Requirements

Core Knowledge 

• Good understanding of ISO 27001 / ISO 27002 and practical ISMS implementation 
• Familiarity with SOC 2, CSA STAR, and common control frameworks 
• Good knowledge of cloud security (AWS and/or Azure) 
• Understanding of identity and access management, encryption, logging/monitoring, and least privilege principles 
• Awareness of modern SaaS security risks (e.g. multi-tenancy, data isolation, API security) 

Technical & Engineering Alignment 

• Familiarity with secure software development and OWASP Top 10 
• Understanding of DevOps, CI/CD pipelines, and infrastructure-as-code environments 
• Experience working with vulnerability management, scanning tools, or SIEM platforms (e.g. Datadog or equivalent) 

Risk, Compliance & Assurance 

• Experience supporting audits or compliance programmes (ISO 27001, SOC 2, etc.