Security Analyst

• Complete security third-party vendor risk reviews for new and existing suppliers, gathering inputs, logging outcomes, and ensuring alignment with the Third-Party Security Management Standard in partnership with Procurement and Legal
• Assist where required the timely completion of high-quality responses to customer and prospect security requests, due diligence questionnaires (DDQs), and information requests
• Proactively assist and help maintain all security and compliance documentation, artifacts, policies, and certifications within our Security Trust Centre (e.g., SafeBase) to enable a self-service experience for customers
• Partner with Sales and Legal to triage requests and ensure security communications are consistent and accelerate the sales cycle
• Collect and track key performance indicators (KPIs) related to customer security review SLAs, document engagement, and overall security assurance efforts for leadership visibility
• Assist with the design, coordination, and delivery of our hybrid cybersecurity awareness program
• Draft and schedule compelling security insights for internal newsletters, Slack, and email, translating complex policy and control requirements into clear, action-oriented guidance for all employees ("Campers")
• Support the operationalisation of the security champions program across business units to extend program reach and reinforce secure-by-default behaviours across the organization
• Assist the GRC team with the ongoing management and maintenance of our key security compliance programs (e.g., ISO 27001, SOC 2), which includes coordinating evidence collection, documentation updates, and control attestations

• 1-3 years of operational experience in a role focused on Security Assurance, Third-Party Risk (TPR) Management, or GRC
• Practical experience assisting with the management of security compliance programs (e.g., SOC 2, ISO 27001, or similar), including coordinating evidence collection from control owners and documenting attestations
• Proven ability to manage and update content within a Security Trust Center platform (like SafeBase or similar), including document organization, access controls, and questionnaire response management
• Practical understanding of the vendor security review lifecycle, including the ability to triage, assess, and document risk findings for internal and external suppliers
• Excellent organization and prioritization skills with a proven track record of strong follow-through and working effectively toward defined service level agreements (SLAs) in a fast-paced environment
• Clear and concise written communication, with the skill to translate complex security concepts (e.g., policy, controls) into practical, action-oriented guidance suitable for technical and non-technical internal teams
• Familiarity with common security frameworks (e.g., SOC 2, ISO 27001, or similar) is a plus, and a high degree of curiosity, a learning mindset, and a positive, security-first attitude are essential

Industry-recognised qualifications (e.g., Security+, CISA, CRISC, CSA or similar)

• Employee Share Options Program
• Programs, coaching, and budgets to help you thrive personally and professionally
• Access to external providers for mental wellbeing and coaching support
• Monthly Camper Life Allowance
• Team budgets dedicated to team building activities and connection
• Intentional quarterly wellbeing pauses
• Extended year-end breaks
• Excellent parental leave and in work support program available from day 1
• 5 Social Impact Days a year
• MacBooks for you to do your best & a work from home office budget to spend on setting up your home office
• Medical insurance coverage for you and your family (Available for US & UK only)