Job Description

Orgvue is an organizational design and planning platform that empowers businesses to transform their workforce by understanding the work people do and the skills they have. Our platform connects strategy to structure, providing clarity of vision, so leaders can build a more adaptable, better performing organization that thrives in a constantly changing world of work.

The world’s largest and best-known enterprises and consulting firms use Orgvue to visualize and model current and future states of the organization and make faster, more informed decisions. The company is headquartered in London, with offices in Philadelphia, The Hague, Toronto, and Sydney.

We are seeking an Information Security Analyst to join Orgvue’s Information Security & Data Protection team. This role is suited to someone with early to mid-level experience who is looking to broaden their exposure across security operations, compliance, and product security in a SaaS environment.

You will play an active role in maintaining Orgvue’s security posture and certifications (ISO 27001, ISO 27018, SOC 2 Type II, CSA STAR), while supporting emerging areas such as AI governance and regulatory compliance.

The role reports to the VP of Information Security & Data Protection, with day-to-day direction and mentorship provided by the Senior Information Security Analyst.

Responsibilities

Security Operations & Risk Management

• Monitor security events and alerts, investigating and escalating as appropriate

• Support incident response activities, including analysis, documentation, and follow-up actions

• Contribute to the continuous improvement of monitoring and detection capabilities

Vulnerability & Risk Management

• Support and help operate the vulnerability management programme across application and infrastructure environments

• Track remediation activities with engineering and infrastructure teams

• Assist with internal risk assessments and supplier/vendor security reviews

Compliance & ISMS

• Support the operation and continuous improvement of the Information Security Management System (ISMS)

• Contribute to maintaining compliance with ISO 27001, ISO 27018, SOC 2 Type II, and CSA STAR

• Assist with audit preparation, evidence collection, and internal audit activities

• Produce and maintain security metrics and reporting

Product & Engineering Security

• Work with engineering teams to embed security practices into DevOps processes and CI/CD pipelines

• Support secure development practices aligned to OWASP principles

• Assist in remediation of penetration testing findings and security assessments

• Contribute to security reviews of application and infrastructure changes

Customer Trust & External Engagement

• Support responses to customer security questionnaires, RFPs, and due diligence requests

• Assist in maintaining customer-facing security documentation and Trust Center content

• Help articulate Orgvue’s security controls and practices to non-technical audiences

Data Protection & AI Governance

• Support data protection activities aligned with GDPR and global privacy requirements

• Contribute to responsible AI practices, including documentation, transparency, and risk considerations

• Assist in identifying and managing risks related to data usage and analytics features

Security Awareness & Culture

• Support delivery of security awareness and training programmes

• Help promote a strong security culture across the organisation

Requirements

Core Knowledge

• Good understanding of ISO 27001 / ISO 27002 and practical ISMS implementation
• Familiarity with SOC 2, CSA STAR, and common control frameworks
• Good knowledge of cloud security (AWS and/or Azure)
• Understanding of identity and access management, encryption, logging/monitoring, and least privilege principles
• Awareness of modern SaaS security risks (e.g. multi-tenancy, data isolation, API security)

Technical & Engineering Alignment

• Familiarity with secure software development and OWASP Top 10
• Understanding of DevOps, CI/CD pipelines, and infrastructure-as-code environments
• Experience working with vulnerability management, scanning tools, or SIEM platforms (e.g. Datadog or equivalent)

Risk, Compliance & Assurance

• Experience supporting audits or compliance programmes (ISO 27001, SOC 2, etc.)
• Experience conducting risk assessments and control evaluations
• Ability to translate technical controls into clear, customer-facing language

Desirable

• Exposure to AI governance, data ethics, or emerging AI regulatory requirements
• Experience with Trust Centers or customer assurance functions
• Cloud certifications (AWS / Azure)

Experience

• 2–4 years’ experience in an information security or related role

• Experience in a SaaS or cloud-first environment preferred

• Experience working cross-functionally with engineering and product teams

• Exposure to customer-facing security or compliance activities is highly valuable

Benefits

• Hybrid working - 2 days a week in the London office
• Wellbeing: Sanctus Coaching, Virtual fitness sessions, Wellbeing webinars, Annual Wellbeing day

• Subsidised Gym Membership
• Private Medical Insurance (including Dental and Vision) and Life Assurance
• 25 days holiday (increasing to 30 days at a rate of 1 extra day per year)
• Employer pension contribution of 5% of your gross salary, if you contribute a minimum of 3%
• Season ticket Loan
• Cycle to Work Scheme
• Annual Discretionary Bonus

Here at Orgvue we promote individualism and a diverse workforce to build on our future success