• Respond to and triage alerts relating to phishing attacks, impersonation, scams, and brand abuse (e.g. Sublime, Doppel), escalating credible threats where appropriate. • Coordinate day-to-day operation of the bug bounty program, including communication with researchers, issue tracking, reporting, and internal follow-up. • Conduct user access reviews and review security settings, access configurations, and administrative controls across business systems, SaaS platforms, and internal infrastructure, tracking remediation where required. • Support recurring operational security workflows, including documentation, process tracking, and follow-up.

Role Description The Information Security Analyst will support the day-to-day operation of AltoVita’s information security and privacy activities, ensuring compliance and fostering a culture of security awareness. Key Responsibilities - Security and Privacy Operations - Support the maintenance of security, privacy, and compliance documentation. - Assist with tracking security and privacy actions, control improvements, and remediation activities. - Help maintain registers such as risks, issues, actions, policies, vendors, assets, data processing activities, and control evidence. - Coordinate updates between internal teams to ensure agreed actions are progressed. - Support the preparation of security and privacy reports, summaries, and updates for internal stakeholders. - Help ensure security and privacy activities are documented, repeatable, and easy to evidence. - Escalate risks, issues, or delays to the CISO or relevant business owner. - Compliance and Audit Support - Assist with internal and external compliance activities, including ISO 27001, SOC 2, GDPR, and client assurance requirements. - Support evidence gathering for audits, assessments, and control reviews. - Help maintain audit trackers, evidence folders, and compliance records. - Coordinate with internal teams to obtain required documentation and control evidence. - Support follow-up actions from audits, assessments, or client reviews. - Assist with the maintenance of policies, procedures, and standards. - Help ensure compliance activities are well organized and delivered within agreed timelines. - Support the CISO and relevant control owners with audit preparation and remediation tracking. - Policy and Documentation Support - Help maintain clear, practical, and accessible security and privacy documentation. - Support the review and update of information security and privacy policies. - Assist with the creation of standards, procedures, guidance notes, and user-facing materials. - Help ensure documents are version controlled, approved, and communicated appropriately. - Maintain policy review schedules and track required updates. - Draft practical guidance for employees on security and privacy topics. - Support the communication of policy changes across the business. - Help ensure documentation is accurate, consistent, and aligned to business processes. - Security Awareness and Culture - Support the delivery of security and privacy awareness activities across AltoVita. - Carry out security and privacy training administration and ensure 100% completion rates across the business. - Support the development of awareness content, reminders, newsletters, FAQs, and guidance. - Help coordinate phishing simulations and follow-up communications. - Track training completion and awareness participation. - Support campaigns that promote secure behaviors and good privacy practices. - Help make security and privacy feel practical, accessible, and enabling. - Escalate recurring behavioral or process issues to the CISO or relevant business owner. - Privacy Support - Support AltoVita’s privacy activities under the direction of the relevant privacy, legal, or security lead. - Assist with the maintenance of privacy records, including data processing registers and related documentation. - Support the tracking of privacy actions, assessments, and improvement activities. - Help gather information for privacy reviews, data mapping, or data protection impact assessments. - Support internal teams with practical privacy guidance, escalating complex matters where needed. - Assist with record keeping for data subject requests, incidents, or privacy inquiries. - Help ensure privacy documentation remains organized, accurate, and accessible. - Client Assurance and Security Questionnaires - Support the completion of client security and privacy questionnaires, RFP responses, and due diligence requests. - Assist with the preparation of responses to client security and privacy questions. - Maintain a library of approved answers, evidence, and supporting materials. - Coordinate with internal subject matter experts to obtain accurate information. - Ensure responses are consistent with AltoVita’s current controls, policies, and practices. - Help translate technical or compliance information into clear, client-friendly language. - Track open client assurance requests and support timely completion. - Escalate complex, high-risk, or contractual questions to the CISO, Legal, or relevant business owner. - Supplier and Third-Party Support - Support supplier security and privacy processes under the direction of the CISO or relevant business owner. - Assist with supplier due diligence questionnaires and evidence collection. - Help maintain supplier records, risk ratings, and review schedules. - Track supplier security or privacy actions. - Support periodic reviews of key suppliers. - Help ensure supplier documentation is complete and up to date. - Escalate potential supplier risks or concerns to the appropriate owner. - Incident and Risk Support - Support security, privacy, and operational risk processes by helping with coordination, documentation, and follow-up. - Support the logging and tracking of security or privacy incidents. - Help gather relevant information during incident reviews. - Maintain incident notes, timelines, and action trackers. - Support post-incident follow-up and lessons learned activities. - Assist with risk register updates and remediation tracking. - Escalate suspected incidents or risks promptly to the CISO or relevant lead. - Support the documentation of controls, gaps, and agreed improvements. - IT and Access Control Support - Assist with security-related IT and access control activities where required. - Day-to-day execution of access controls. - Support access review processes by gathering user access information. - Help track joiner, mover, and leaver control activities. - Support evidence collection for account provisioning, deprovisioning, and access approvals. - Assist with documentation of access control processes. - Help monitor completion of agreed access management actions. - Oversight and support on internal reviews of security tooling usage, adoption, and documentation. - Escalate access control issues or gaps to IT, system owners, or the CISO. Qualifications - Experience in information security, privacy, compliance, IT, risk, audit, operations, or a related field. - Working knowledge of information security and privacy principles. - Awareness of GDPR, ISO 27001, SOC 2, or similar frameworks. - Strong written and verbal communication skills. - Ability to write clear guidance, summaries, and user-facing content. - Strong organizational skills and attention to detail. - Confidence working with stakeholders across different business functions. - Practical problem-solving approach. Requirements - Ability to maintain trackers, registers, documentation, and evidence records. - Ability to manage multiple tasks and deadlines. - Comfortable using collaboration tools, document repositories, and workflow trackers. Benefits - Opportunity to work in a fast-paced, innovative environment. - Fully remote work with a diverse team from 26 countries. - Support for professional development and training. What Success Looks Like - First 90 Days - Built strong working relationships with the CISO and key internal teams. - Understood AltoVita’s core security, privacy, and compliance activities. - Reviewed existing policies, registers, trackers, and evidence repositories. - Supported current audit, compliance, or client assurance activities. - Helped organize key documentation and improve visibility of open actions. - Identified areas where tracking, evidence, or documentation can be improved. - Started supporting awareness, access review, or supplier assurance activities. - First 6 Months - Helped improve the structure and consistency of security and privacy documentation. - Supported audit and compliance evidence collection in a timely and organized way. - Maintained clear action trackers for control improvements and remediation activities. - Helped improve security and privacy awareness materials. - Supported client assurance responses with accurate and reusable content. - Assisted with supplier due diligence and access review activities. - Improved the quality and availability of evidence for security and privacy controls. - Become a trusted support point for internal security and privacy coordination. - First 12 Months - Helped AltoVita operate a more structured, scalable, and measurable security and privacy function. - Success will be demonstrated through better organized security and privacy records. - Improved evidence readiness for audits and client assurance. - Clearer policy and procedure documentation. - More consistent tracking of risks, actions, and remediation activities. - Improved support for privacy records and data protection activities. - Stronger internal awareness of security and privacy responsibilities. - Faster and more consistent support for client security questionnaires. - Better visibility of supplier assurance and access review activities. - A more mature, well-documented, and business-friendly security and privacy operating model.

Role Description Monitor, investigate, and respond to security events to protect the organisation’s endpoints, identities, and cloud environments. Proactively reduce risk through vulnerability management, security patch coordination, and cloud posture auditing, while contributing to continuous improvement through automation, reporting, and support for audit and vendor assurance activities. Key Accountabilities - Manage and respond to security alerts and escalations to ensure timely identification and mitigation of potential threats. - Conduct regular vulnerability scanning and remediation using Tenable.io to identify and help mitigate risks within existing systems. - Assist with security patching and updates for Windows, macOS, and Linux systems using Microsoft Intune and Quest KACE SMA to maintain system hygiene. - Help maintain a strong CSPM framework by auditing AWS and Azure environments against CIS Benchmarks and established security policies. - Monitor and manage the Microsoft Defender suite to detect and investigate threats across endpoints, identities, and cloud workloads. - Develop and maintain automated security playbooks and workflows to increase the efficiency of incident response and repetitive security tasks. - Execute periodic phishing simulations to evaluate employee awareness and identify high-risk user groups. - Support internal and external audits and participate in vendor onboarding by providing technical evidence and helping ensure security requirements are met. Candidate Profile - Alert triage and incident response capability, including investigation using logs and telemetry. - Practical vulnerability management and patch coordination across Windows, macOS, and Linux environments. - Working knowledge of cloud security posture management across AWS and Azure, including assessment against CIS Benchmarks. - Continuous improvement mindset with interest in automating playbooks/workflows and strengthening controls over time.

• Investigate advanced and persistent attacks using data analysis and data science tools • Analyze customers' web traffic to detect unidentified threats and reduce false positives using Elasticsearch and BigQuery • Research, design, and continuously enhance detection mechanisms to stay ahead of evolving threats • Provide real-time technical support to global customers, delivering professional and timely incident responses • Produce clear, insightful incident reports • Collaborate cross-functionally with R&D and Research teams to optimize the company's detection and mitigation capabilities • Design, plan, and implement internal automation projects to improve team efficiency • Work in a shift-based schedule, including weekends