Staff Cybersecurity Analyst responsible for safeguarding cloud assets and leading security assessments for Southern Glazer’s. Collaborating with teams to develop cloud security policies and addressing cybersecurity incidents.
About the role
- Compliance & Information Security Analyst at beqom managing GRC and TPRM functions. Overseeing client governance, risk, and compliance requests, and vendor due diligence at a SaaS company.
Responsibilities
- Receive, triage, and complete inbound GRC / security questionnaires submitted by existing and prospective clients as part of their vendor assessment and TPRM processes.
- Develop and maintain a master response library to accelerate questionnaire completion, covering areas such as data security, access controls, business continuity, incident response, and privacy.
- Coordinate with internal stakeholders (Engineering, Product, Operations, Legal) to gather accurate, up-to-date technical evidence and supporting documentation.
- Track questionnaire status, deadlines, and outcomes; maintain a central log and escalate blockers in a timely manner.
- Build relationships with client procurement, risk, and security contacts to manage ongoing TPRM obligations efficiently.
- Manage questionnaires that require formal documentary evidence — such as policies, audit reports (e.g. SOC 2, ISO 27001), penetration test summaries, data processing agreements, and certifications.
- Maintain a structured evidence repository, ensuring documents are current, version-controlled, and accessible for rapid submission.
- Identify gaps between client evidence requirements and the company's current documentation; work with the Head of Information Security and Compliance or relevant leads to close those gaps.
- Review information security, data protection, and compliance clauses within Master Service Agreements (MSAs) and other commercial contracts from clients and prospects.
- Identify obligations and requirements (e.g. audit rights, subprocessor notifications, breach notification timescales, data residency, encryption standards) and assess the company's ability to comply.
- Liaise with Legal counsel and the Head of Information Security and Compliance to flag materially onerous or non-standard terms; assist in drafting redlines and proposed alternative language where appropriate.
- Design and operate a structured TPRM programme for the company's own vendors and sub-contractors who process client data or have access to company systems.
Requirements
- Proven experience in a compliance, information security, GRC, or vendor risk management role, ideally within a SaaS, technology, or regulated industry context.
- Demonstrable experience completing complex security and GRC questionnaires (e.g. SIG, CAIQ, bespoke client questionnaires) and compiling supporting evidence packs.
- Familiarity with common information security frameworks and standards: ISO/IEC 27001, SOC 2, NIST CSF, CIS Controls, GDPR / data protection legislation.
- Experience reviewing and interpreting information security provisions in commercial contracts (MSAs, DPAs, SaaS agreements).
- Strong organisational skills — able to manage multiple concurrent questionnaires and workstreams, prioritise effectively, and meet deadlines.
- Excellent written and verbal communication skills, with the ability to translate technical security concepts for non-technical audiences (legal, sales, procurement).
- Proficiency in maintaining documentation, trackers, and evidence repositories; high attention to detail and accuracy.
- Relevant certification such as CISA, CRISC, CISSP, ISO 27001 Lead Implementer/Auditor, CIPP/E, or equivalent (bonus points).
Benefits
- Flexible working arrangements
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Location requirements
Senior Threat Intelligence Analyst working with Bupa's cybersecurity team. Focused on threat management and defensive strategies to enhance cyber security posture.
Senior Information Security Analyst at Field Nation leading SOC 2 and ISO 27001 compliance programs. Collaborating with teams to embed security and leverage AI in GRC workflows.
Analista de Ciberseguridad en CRG Solutions responsable de monitorear amenazas y gestionar vulnerabilidades en la organización. Identificación de riesgos y mejora continua de la postura de seguridad.
Security Compliance Analyst responsible for ensuring compliance with security regulations and collaborating on security measures across teams.
Senior Technical Expert in Cyber Defense Center at ZEISS analyzing global cyber threats. Collaborating with SOC, CIRT, and ensuring proactive defense strategies.
Information Security Analyst focusing on vulnerability research and data analysis at Flexera. Involves analyzing, verifying vulnerabilities, and maintaining high - quality content standards.
Oversee the testing lifecycle and provide cyber security solutions at Xcel Energy. Engage in various testing techniques and collaborate with teams to enhance quality practices.
Security Analyst II role at Deepwatch focusing on incident handling and cybersecurity analysis. Working with a team to improve security posture and customer experience in a hybrid environment.
Information Security Analyst II at West Bend handling security projects and collaboration with IT teams. Supporting security incidents and enhancing organizational information security policies.