Remote, UK

Senior Security Compliance Analyst

The Opportunity

In your role asSenior Security Compliance Analystyou will help us achieve our goals and deliver success on behalf of our customers by:

  • Implementing and embedding our Information Security controls framework and environment in line with industry standards to ensure enterprise-wide security compliance
  • Collaboratively creating, implementing and maintaining security policies, standards and procedures which improve our posture in alignment with industry best practice and internationally recognised compliance standards
  • Ensuring the annual successful execution of all compliance recertification efforts by coordinating our preparation, responses and submissions for certifications such as ISO27001, PCI DSS and SOC2, etc
  • Providing assurance to our customers by coordinating the responses to customer RFP questions and customer audits in the Information Security area
  • Coordinating with and supporting our Legal, Risk and Compliance team in understanding and quantifying security risk, responding to third-party requests and performing security assessments of our suppliers, their products and services
  • Driving our security awareness programme, promoting security within Featurespace and collaborating with our customers and industry partners to develop the maturity and standing of security within our industry
  • Acting as a subject matter expert on compliance requirements and consulting across the enterprise to ensure or products and services are “secure and compliant by design”

This role can be based remotely across the UK, however living within commutable distance to our Cambridge office is a definite plus! If you’re based remotely, you will ideally be happy to travel to our Cambridge office several times throughout the year.

Day to Day

  • Create, review, update and complete information security policy, standards, and guidelines, maintaining document management disciplines and dependency mapping; consulting with and coordinating the input of SMEs as needed
  • Conduct security risk assessments, business impact analyses and recommend appropriate control improvements. Provide oversight and assurance of corrective, preventative or remediation activities, escalating issues at risk of missing deadlines in a timely and efficient manner
  • Maintain the security risk register in collaboration with the Risk and Compliance team which documents and quantifies risks, tracks remediation plans, risk ownership and acceptances, and facilitates regular reviews. prioritisation and overall residual risk reduction
  • Coordinate and lead our responses to customer RFP questions and security audits in a timely and efficient manner, helping to create repeatable, re-usable answers and examples for common questions and ensuring all responses are traceable to SMEs and responsible teams within the organization. Represent the Information Security department directly with customers when required
  • Operate the security assessment aspects of our third-party assurance programme by developing and maintaining questionnaires and collating responses, enhancing the supporting processes where applicable. Coordinate the assessment programme and conduct additional risk-based information security due diligence activities against suppliers to provide appropriate levels of assurance to key stakeholders when needed
  • Stay up to date with the latest security and technology trends and development. Research and evaluate emerging security threats and closely monitor and understand current and potential changes to compliance frameworks and regulations, making recommendations on mitigations and programs for the organization to address them
  • Operate the Security Awareness and Training programme to ensure that security architecture and compliance concepts and best practices are embedded throughout the business. Develop, facilitate and deliver education and training for employees required to uphold compliance and for general security awareness. Ensure compliance training is regularly updated and completion rates monitored
  • Consult with internal teams, clients, auditors, and regulators regarding information security compliance, and related topics as necessary. Act as a subject matter expert when internal teams have questions/need guidance and be a liaison with external compliance advisory firms as well as the governing body and industry communities
  • Liaise with internal teams and stakeholders (e.g. Legal, Privacy, GDPR, Risk and Compliance) in relation to security compliance to ensure coordination of requirements, agreed controls and shared consistent documentation and tooling wherever possible
  • Gain knowledge and understanding of our goals and culture and ensure that our control and compliance framework delivers the information security architecture and compliance strategy aligned with industry best practices and the company security posture defined by the CISO
  • Contribute advice and guidance for departmental security strategies to manage identified risks and ensure adoption and adherence to standards and compliance frameworks
  • Develop and maintain documentation, controls, processes, workflows, metrics, reporting, solutions, and applications/tools as needed to ensure effective operation and visibility of the state of the compliance function
  • Engage as required during actual and simulated incidents and recovery operations
  • Ensure all processes and controls that fall within your area of responsibility are operating effectively and are correctly evidenced
  • Travel periodically as required for customer, company, or relevant events
Apply for job
SCAMP2

Featurespace launches ARIC™ Scam Detect to protect the financial services industry and outsmart scammers

Read more here!

About you

Must haves:

  • Experience with ensuring information security compliance, preferably in highly regulated environments
  • Bachelor’s degree preferred in information assurance, computer science, engineering, or related field
  • Ability to adapt and stretch capabilities and skills to meet the business needs of a fast-growing technology firm
  • Preferably one or more of the following security qualifications: ISO270001 LI/LA, PCIP, ISA, CISA, CISM or similar
  • Deep understanding of information security controls, technologies, policies, processes, and best practices as applied to applications, compute, networking, cloud, and containers
  • Experience / knowledge of Financial Services Compliance such as PCI

Great to haves:

  • Preferably one or more of the following security qualifications: CISSP, PCIP, ISA, CISA, CISM, ISO270001 LI/LA or similar
  • Deep technical understanding of information security controls, technologies, policies, processes, and best practices as applied to applications, compute, networking, cloud, and containers
  • Some experience from a functional technology role e.g. coding or infrastructure support
  • Experience / knowledge of Financial Services Compliance such as PCI

Equal Opportunities

Here at Featurespace we are committed to being a place of equality, inclusion and respect to provide a safe environment for you to bring your authentic self to work. We know that we gain as much strength from our differences as we do our similarities. We value diversity and are dedicated to listening and learning from each other to build and maintain a positive and productive culture. We appreciate this will be an ever-evolving focus for the business to ensure everyone feels supported and has a sense of belonging.

How to apply

If you think you’re a good fit for the role above, we would love to hear from you.

Fill out the short application form, upload your CV and one of the team will get back to you.

If you have any questions or queries regarding this role, or life at Featurespace, please contact [email protected]

Featurespace Job Application Privacy Notice

Featurespace Ltd., is committed to comply with the General Data Protection Legislation and any implementing legislation (the “Data Protection Legislation”) and will process your Personal Data in accordance with the Data Protection Legislation and information security legislation. Any capitalised terms used in this Privacy Notice shall be given the same definition as in the Data Protection Legislation.

This Privacy Notice sets out the basis on which Featurespace Ltd will process Personal Data relating to job applicants.

The Data Controller is Featurespace Ltd., 140 Cambridge Science Park, Milton Road, Cambridge, CB4 0GF, United Kingdom.

Data refers to both Personal Data and Special Categories of Data. Your job application and the Personal Data held within it will be processed to assess your viability for the stated role. We may also process any information that you provide about your health, for the sole purpose of assessing whether any adjustments may need to be made to the recruitment process to accommodate you . If your application is unsuccessful, Featurespace will retain your Data for 24 months after the end of the recruitment process. Your Personal Data is processed in accordance with our legitimate interests of making sound recruitment decisions. You are under no obligation to provide us with your Personal Data. However without this, we cannot assess your job application. We will only process information about your health for the purpose of making reasonable adjustments to the recruitment process (if applicable), in accordance with our legal obligations. You have the following rights in relation to the processing of your Data: The right to be informed about how your Data is processed. You have the right to object to the processing of your Data based on our legitimate interests as outlined above. The right of access, to your Data and supplementary information relating to our use of your Data. In certain circumstances, we reserve the right to charge you for exercising this right. The right to rectification, if your Data is inaccurate or incomplete. In certain circumstances, the right to erasure, request the deletion of, or removal of, your Data. In certain circumstances, the right to restrict processing, block any further processing of your Data. We shall respond to any request made by you without delay and in any case within a month of your request. The right to complain to the Information Commissioner’s Office if you believe that your data protection/privacy rights have been breached. Your application will be submitted and stored on an application database (Greenhouse). Access to your Data on Greenhouse is limited to the relevant persons for your application- our internal recruiters, the hiring manager and interviewer(s). Your CV may be printed and shown to consulted decision makers, any physical copies will be securely and confidentially destroyed after a decision has been made on your application. Your CV is transferred to a third country, outside of the EEA, when it is processed by Greenhouse. Greenhouse meet the technical and organisational data security measures outlined in the GDPR Article 32, and are SOC2 Type II certified. We do not envisage that any decision will be taken about your application using automated means.