Role Description The Information Security Analyst will support the day-to-day operation of AltoVita’s information security and privacy activities, ensuring compliance and fostering a culture of security awareness. Key Responsibilities - Security and Privacy Operations - Support the maintenance of security, privacy, and compliance documentation. - Assist with tracking security and privacy actions, control improvements, and remediation activities. - Help maintain registers such as risks, issues, actions, policies, vendors, assets, data processing activities, and control evidence. - Coordinate updates between internal teams to ensure agreed actions are progressed. - Support the preparation of security and privacy reports, summaries, and updates for internal stakeholders. - Help ensure security and privacy activities are documented, repeatable, and easy to evidence. - Escalate risks, issues, or delays to the CISO or relevant business owner. - Compliance and Audit Support - Assist with internal and external compliance activities, including ISO 27001, SOC 2, GDPR, and client assurance requirements. - Support evidence gathering for audits, assessments, and control reviews. - Help maintain audit trackers, evidence folders, and compliance records. - Coordinate with internal teams to obtain required documentation and control evidence. - Support follow-up actions from audits, assessments, or client reviews. - Assist with the maintenance of policies, procedures, and standards. - Help ensure compliance activities are well organized and delivered within agreed timelines. - Support the CISO and relevant control owners with audit preparation and remediation tracking. - Policy and Documentation Support - Help maintain clear, practical, and accessible security and privacy documentation. - Support the review and update of information security and privacy policies. - Assist with the creation of standards, procedures, guidance notes, and user-facing materials. - Help ensure documents are version controlled, approved, and communicated appropriately. - Maintain policy review schedules and track required updates. - Draft practical guidance for employees on security and privacy topics. - Support the communication of policy changes across the business. - Help ensure documentation is accurate, consistent, and aligned to business processes. - Security Awareness and Culture - Support the delivery of security and privacy awareness activities across AltoVita. - Carry out security and privacy training administration and ensure 100% completion rates across the business. - Support the development of awareness content, reminders, newsletters, FAQs, and guidance. - Help coordinate phishing simulations and follow-up communications. - Track training completion and awareness participation. - Support campaigns that promote secure behaviors and good privacy practices. - Help make security and privacy feel practical, accessible, and enabling. - Escalate recurring behavioral or process issues to the CISO or relevant business owner. - Privacy Support - Support AltoVita’s privacy activities under the direction of the relevant privacy, legal, or security lead. - Assist with the maintenance of privacy records, including data processing registers and related documentation. - Support the tracking of privacy actions, assessments, and improvement activities. - Help gather information for privacy reviews, data mapping, or data protection impact assessments. - Support internal teams with practical privacy guidance, escalating complex matters where needed. - Assist with record keeping for data subject requests, incidents, or privacy inquiries. - Help ensure privacy documentation remains organized, accurate, and accessible. - Client Assurance and Security Questionnaires - Support the completion of client security and privacy questionnaires, RFP responses, and due diligence requests. - Assist with the preparation of responses to client security and privacy questions. - Maintain a library of approved answers, evidence, and supporting materials. - Coordinate with internal subject matter experts to obtain accurate information. - Ensure responses are consistent with AltoVita’s current controls, policies, and practices. - Help translate technical or compliance information into clear, client-friendly language. - Track open client assurance requests and support timely completion. - Escalate complex, high-risk, or contractual questions to the CISO, Legal, or relevant business owner. - Supplier and Third-Party Support - Support supplier security and privacy processes under the direction of the CISO or relevant business owner. - Assist with supplier due diligence questionnaires and evidence collection. - Help maintain supplier records, risk ratings, and review schedules. - Track supplier security or privacy actions. - Support periodic reviews of key suppliers. - Help ensure supplier documentation is complete and up to date. - Escalate potential supplier risks or concerns to the appropriate owner. - Incident and Risk Support - Support security, privacy, and operational risk processes by helping with coordination, documentation, and follow-up. - Support the logging and tracking of security or privacy incidents. - Help gather relevant information during incident reviews. - Maintain incident notes, timelines, and action trackers. - Support post-incident follow-up and lessons learned activities. - Assist with risk register updates and remediation tracking. - Escalate suspected incidents or risks promptly to the CISO or relevant lead. - Support the documentation of controls, gaps, and agreed improvements. - IT and Access Control Support - Assist with security-related IT and access control activities where required. - Day-to-day execution of access controls. - Support access review processes by gathering user access information. - Help track joiner, mover, and leaver control activities. - Support evidence collection for account provisioning, deprovisioning, and access approvals. - Assist with documentation of access control processes. - Help monitor completion of agreed access management actions. - Oversight and support on internal reviews of security tooling usage, adoption, and documentation. - Escalate access control issues or gaps to IT, system owners, or the CISO. Qualifications - Experience in information security, privacy, compliance, IT, risk, audit, operations, or a related field. - Working knowledge of information security and privacy principles. - Awareness of GDPR, ISO 27001, SOC 2, or similar frameworks. - Strong written and verbal communication skills. - Ability to write clear guidance, summaries, and user-facing content. - Strong organizational skills and attention to detail. - Confidence working with stakeholders across different business functions. - Practical problem-solving approach. Requirements - Ability to maintain trackers, registers, documentation, and evidence records. - Ability to manage multiple tasks and deadlines. - Comfortable using collaboration tools, document repositories, and workflow trackers. Benefits - Opportunity to work in a fast-paced, innovative environment. - Fully remote work with a diverse team from 26 countries. - Support for professional development and training. What Success Looks Like - First 90 Days - Built strong working relationships with the CISO and key internal teams. - Understood AltoVita’s core security, privacy, and compliance activities. - Reviewed existing policies, registers, trackers, and evidence repositories. - Supported current audit, compliance, or client assurance activities. - Helped organize key documentation and improve visibility of open actions. - Identified areas where tracking, evidence, or documentation can be improved. - Started supporting awareness, access review, or supplier assurance activities. - First 6 Months - Helped improve the structure and consistency of security and privacy documentation. - Supported audit and compliance evidence collection in a timely and organized way. - Maintained clear action trackers for control improvements and remediation activities. - Helped improve security and privacy awareness materials. - Supported client assurance responses with accurate and reusable content. - Assisted with supplier due diligence and access review activities. - Improved the quality and availability of evidence for security and privacy controls. - Become a trusted support point for internal security and privacy coordination. - First 12 Months - Helped AltoVita operate a more structured, scalable, and measurable security and privacy function. - Success will be demonstrated through better organized security and privacy records. - Improved evidence readiness for audits and client assurance. - Clearer policy and procedure documentation. - More consistent tracking of risks, actions, and remediation activities. - Improved support for privacy records and data protection activities. - Stronger internal awareness of security and privacy responsibilities. - Faster and more consistent support for client security questionnaires. - Better visibility of supplier assurance and access review activities. - A more mature, well-documented, and business-friendly security and privacy operating model.