Information Security Risk and Compliance Analyst

The Role

At FrankieOne, where we revolutionise identity verification and onboarding to be swift, seamless, and scalable, your role as an Information Security Risk and Compliance Analyst is crucial and plays a pivotal role in assessing and prioritising information security and cybersecurity risks across an organisation. Your technical skills, combined with your ability to manage risks and ensure compliance, make you a key player in any organisation’s cybersecurity strategy.

You will be at the heart of ensuring continuous compliance and audit readiness, but also manage third-party and security risk and support various external and customer audits and due diligence requests.Our team is specialised and handles our most strategic and high-value projects. We are looking for an individual to own and lead the administration and maintenance of our critical business systems, ensuring compliance, security, and efficiency across the board.

Your Ticket to Success:

You will have excellent analytical and problem-solving skills; be proactive, with the ability to work autonomously, with a sense of urgency and positive attitude, to prioritize and manage multiple tasks in a fast-paced environment.

You will also have strong written and verbal communication skills, along with a proven ability to build and manage relationships with different stakeholders. In this role you will need to help developers, operations teams and internal users understand the importance of good security practices when building, maintaining and using our product and systems.

Responsibilities:

• Maintain continuous compliance with relevant standards (e.g. ISO 27001 and SOC 2)
• Conduct security risk assessments across the organisation and of third-parties
• Maintain up-to-date audit evidence, project plans, risk register and continuous improvement registers etc.
• Support external security audit and customer assessments and conduct internal assessments
• Assisting with Management reviews and reports, Policy management and Security Awareness program
• Key member of the response team in the event of information security incidents and breaches ensuring process and policy is adhered to
• Proactively seek areas for improvement across our processes
• Provide insightful advice and value-added guidance on process and control enhancements.
• Share information with managers to avoid surprises and ensure timely delivery.
• Stay up-to-date with industry procedures and methods.
• Manage security standards, policies, and practices annually to meet corporate demands.
• Respond to inquiries from business units about ongoing operational compliance.
• Collaborate with all areas in the business ensuring compliance with ISO27001 and SOC 2 standards and company policies.

In a Previous Life You Have:

• Worked in remote teams for offshore clients, with 3-5 years of information security experience with emphasis on risk and compliance in a similar sized business.
• 2+ years of expertise conducting ISO 27001 and SOC 2 audits and handling audit responses.
• Good understanding of regulatory compliance requirements (ISO 27001, SOC 2, NIST, PCI, GDPR, etc.).
• Knowledge of security practices like identity and access management, encryption, backups, secure software development life cycle, vulnerability management etc.
• Familiarity with GRC tool techniques and best practices (e.g. Drata, Vanta etc.)
• Proven track record of contributing or managing risk and compliance projects.
• Successfully managed third-party audits, compile evidence, and organise audit responses.

Preferred Qualifications

• Bachelor’s degree in information cybersecurity, risk management, governance, or a related field is highly desirable, but not mandatory.
• ISO 27001 Lead Auditor, CISA, CISM, CRISC or CISSP certification (or working toward certification)