Job Description
Orgvue is an organizational design and planning platform that empowers businesses to transform their workforce by understanding the work people do and the skills they have. Our platform connects strategy to structure, providing clarity of vision, so leaders can build a more adaptable, better performing organization that thrives in a constantly changing world of work.
The world’s largest and best-known enterprises and consulting firms use Orgvue to visualize and model current and future states of the organization and make faster, more informed decisions. The company is headquartered in London, with offices in Philadelphia, The Hague, Toronto, and Sydney.
Role Overview
We are seeking an Information Security Analyst to join Orgvue’s Information Security & Data Protection team. This role is suited to someone with early to mid-level experience who is looking to broaden their exposure across security operations, compliance, and product security in a SaaS environment.
You will play an active role in maintaining Orgvue’s security posture and certifications (ISO 27001, ISO 27018, SOC 2 Type II, CSA STAR), while supporting emerging areas such as AI governance and regulatory compliance.
The role reports to the VP of Information Security & Data Protection, with day-to-day direction and mentorship provided by the Senior Information Security Analyst.
Responsibilities
Security Operations & Risk Management
Monitor security events and alerts, investigating and escalating as appropriate
Support incident response activities, including analysis, documentation, and follow-up actions
Contribute to the continuous improvement of monitoring and detection capabilities
Vulnerability & Risk Management
Support and help operate the vulnerability management programme across application and infrastructure environments
Track remediation activities with engineering and infrastructure teams
Assist with internal risk assessments and supplier/vendor security reviews
Compliance & ISMS
Support the operation and continuous improvement of the Information Security Management System (ISMS)
Contribute to maintaining compliance with ISO 27001, ISO 27018, SOC 2 Type II, and CSA STAR
Assist with audit preparation, evidence collection, and internal audit activities
Produce and maintain security metrics and reporting
Product & Engineering Security
Work with engineering teams to embed security practices into DevOps processes and CI/CD pipelines
Support secure development practices aligned to OWASP principles
Assist in remediation of penetration testing findings and security assessments
Contribute to security reviews of application and infrastructure changes
Customer Trust & External Engagement
Support responses to customer security questionnaires, RFPs, and due diligence requests
Assist in maintaining customer-facing security documentation and Trust Center content
Help articulate Orgvue’s security controls and practices to non-technical audiences
Data Protection & AI Governance
Support data protection activities aligned with GDPR and global privacy requirements
Contribute to responsible AI practices, including documentation, transparency, and risk considerations
Assist in identifying and managing risks related to data usage and analytics features
Security Awareness & Culture
Support delivery of security awareness and training programmes
Help promote a strong security culture across the organisation
Core Knowledge
Good understanding of ISO 27001 / ISO 27002 and practical ISMS implementation
Familiarity with SOC 2, CSA STAR, and common control frameworks
Good knowledge of cloud security (AWS and/or Azure)
Understanding of identity and access management, encryption, logging/monitoring, and least privilege principles
Awareness of modern SaaS security risks (e.g. multi-tenancy, data isolation, API security)
Technical & Engineering Alignment
Familiarity with secure software development and OWASP Top 10
Understanding of DevOps, CI/CD pipelines, and infrastructure-as-code environments
Experience working with vulnerability management, scanning tools, or SIEM platforms (e.g. Datadog or equivalent)
Risk, Compliance & Assurance
Experience supporting audits or compliance programmes (ISO 27001, SOC 2, etc.)
Experience conducting risk assessments and control evaluations
Ability to translate technical controls into clear, customer-facing language
Desirable
Exposure to AI governance, data ethics, or emerging AI regulatory requirements
Experience with Trust Centers or customer assurance functions
Cloud certifications (AWS / Azure)
Experience
2–4 years’ experience in an information security or related role
Experience in a SaaS or cloud-first environment preferred
Experience working cross-functionally with engineering and product teams
Exposure to customer-facing security or compliance activities is highly valuable
Hybrid working - 2 days a week in the London office
Wellbeing: Sanctus Coaching, Virtual fitness sessions, Wellbeing webinars, Annual Wellbeing day
Subsidised Gym Membership
Private Medical Insurance (including Dental and Vision) and Life Assurance
25 days holiday (increasing to 30 days at a rate of 1 extra day per year)
Employer pension contribution of 5% of your gross salary, if you contribute a minimum of 3%
Season ticket Loan
Cycle to Work Scheme
Annual Discretionary Bonus
Here at Orgvue we promote individualism and a diverse workforce to build on our future success
