Information Security Analyst

**New Permanent Role – Information Security Analyst**

Location – London
Salary £40k – £50k & Benefits Package
Industry – Information Technology & Services

About the job

My client is a VC-backed, SaaS platform to intelligently monitor, measure and manage vital spend information, communication and activity between in-house legal teams and their Law Firms.

They are currently a team of 40 with ambitious plans. As they grow, so does the volume of information security due diligence place upon prospective clients, existing clients, and their law firms. To manage these requests, we are looking for an Information Security Assurance Analyst to join full time and lead our response. This critical role will straddle the worlds of Sales, Law Firm Operations and Information Security giving the successful candidate a great exposure to the world of SaaS.

For this role you will:

• Support our Information Security Manager in the upkeep of the ISMS, including our annual review and audit of our ISO 27001 and SOC 2 accreditation
• Lead our response to information security due diligence requests (DD) from prospective clients, existing clients, and their law firms
• Lead our DD programme for our suppliers
• Refine our information security due diligence processes, including:
  • Codifying how our DD process works
  • Triaging incoming requests, keeping internal and external stakeholders updated on progress
  • Defining the tech stack, we need to support the DD process (e.g., Monday, Loopio, Confluence)
  • Using best judgement, escalate any issues with DD to the wider team so that they can support resolution
  • Work closely with Sales, Law Firm Operations and Customer Success to shape expectations around the effort required to respond to DD requests

Requirements

We are looking for someone that:

• Has a good understanding of information security and data privacy
• Has a desire to learn
• Is a self-starter with the ability to prioritise work and is not afraid to find solutions for themselves and ask questions when necessary

Nice to Have (but not essential)

• Previous experience in a SaaS business and/or legal-tech start-up
• Knowledge of the legal industry
• Knowledge of SOC 2 and ISO 27001
• Knowledge and exposure to data protection
• Information security supply chain assurance, third party assurance or auditing experience
• Recognised industry certifications such as CompTIA and CISSP would be nice, but not essential

Benefits

Package is highly competitive, with meaningful salary and equity plus:

• 25 days holiday plus bank holidays
• Pension
• Comprehensive private medical insurance with Vitality
• Flexible working options - the company is currently running a hybrid model of 3 days in office, 2 WFH per week
• Regular social events, team lunches and nights out
• Free snacks, drinks and breakfasts
• Central office location in Holborn with flexible working options
• Only the best equipment - the latest MacBook and 27-inch 4K screens
• Whatever books and learning material you need to learn and grow
• Apperio will provide funding for relevant professional development with materials such as books, payment of up to two professional exam fees a year (value not exceeding the equivalent of £1500 per calendar year) on passing, associated membership fees, such as ISACA and ISC2. This is subject to approval from your line manager.