Cudo Ventures

Role Description - Daily management of alerts and reports across security tools (e.g. Trend Vision One, Vanta, Google Workspace Security Console, Google Cloud). - Monitor identified system vulnerabilities and coordinate with operations teams to ensure timely remediation. - Monitor and report on key security KPIs and metrics. - Participate in the identification, investigation, and management of information security incidents. - Maintain and update the organisation’s main information security risk register. - Assist in technical risk reviews of vendors and partners. - Attend Change Advisory Board (CAB) meetings and propose pragmatic, risk-reducing remediations for change requests. - Conduct basic internal penetration testing to identify and escalate readily preventable security issues. - Creation and management of Data Protection Impact Assessments (DPIAs) for existing and future projects and services. - Maintain the Record of Processing Activities (RoPA) database and ensure alignment with operational practices. - Support the ongoing maintenance and improvement of the ISMS in line with ISO 27001 requirements. - Manage the pipeline of required policy and procedure updates, ensuring documentation remains current and effective. - Provide audit support by liaising between auditors and internal teams for both internal and external audits (including SOC 2 and ISO 27001). - Assist in evidence collection, control validation, and remediation tracking. Qualifications - Proven experience in a Security, Compliance, or Privacy Analyst role. - Strong working knowledge of SOC 2 and ISO/IEC 27001 frameworks. - Familiarity with security monitoring and compliance tools (e.g. Vanta, SIEM platforms, cloud security tools). - Understanding of GDPR and UK data protection regulations. - Experience managing DPIAs and RoPA documentation. - Ability to interpret vulnerabilities and risks in a practical, business-focused way. - Strong organisational skills with attention to detail. - Effective communication skills, with the ability to work across technical and non-technical teams.