Security/Privacy Analyst

• Daily management of alerts and reports across security tools (e.g. Trend Vision One, Vanta, Google Workspace Security Console, Google Cloud). * Monitor identified system vulnerabilities and coordinate with operations teams to ensure timely remediation. * Monitor and report on key security KPIs and metrics. * Participate in the identification, investigation, and management of information security incidents. * Maintain and update the organisation's main information security risk register * Assist in technical risk reviews of vendors and partners * Attend Change Advisory Board (CAB) meetings and propose pragmatic, risk-reducing remediations for change requests * Conduct basic internal penetration testing to identify and escalate readily preventable security issues * Creation and management of Data Protection Impact Assessments (DPIAs) for existing and future projects and services * Maintain the Record of Processing Activities (RoPA) database and ensure alignment with operational practices * Support the ongoing maintenance and improvement of the ISMS in line with ISO 27001 requirements * Manage the pipeline of required policy and procedure updates, ensuring documentation remains current and effective * Provide audit support by liaising between auditors and internal teams for both internal and external audits (including SOC 2 and ISO 27001) * Assist in evidence collection, control validation, and remediation tracking * Proven experience in a Security, Compliance, or Privacy Analyst role * Strong working knowledge of SOC 2 and ISO/IEC 27001 frameworks * Familiarity with security monitoring and compliance tools (e.g. Vanta, SIEM platforms, cloud security tools) * Understanding of GDPR and UK data protection regulations * Experience managing DPIAs and RoPA documentation * Ability to interpret vulnerabilities and risks in a practical, business-focused way * Strong organisational skills with attention to detail * Effective communication skills, with the ability to work across technical and non-technical teams * 2 to 3 years experience in a similar role * Experience working in cloud environments (particularly Google Cloud Platform) * Exposure to penetration testing methodologies or vulnerability scanning tools * BA Hons Degree in relevant field or equivalent experience * Relevant certifications (e.g. ISO 27001 Lead Implementer/Auditor, CISM, CISSP, or equivalent) * Experience supporting audits in a fast-paced or scaling organisation * NEST Pension Scheme Your future self will thank you-Cudo contributes to your pension through the NEST scheme, helping you build a comfy nest egg. Unlimited Holiday Policy Take the time you need to rest, recharge, and explore. We trust you to manage your time off responsibly-no cap, just balance. ️ Remote Working Work from wherever you feel most productive-home, café, or co-working space. We're remote-first and proud of it! Tech & Cycle Scheme Swap the commute for fresh air and smarter gear! This scheme helps employees save on bikes and tech essentials-whether you're pedalling to work or powering through your day with new devices. Healthier, greener, and a little more high-tech. Enhanced Sick Pay If you're unwell and out of probation, we've got you covered: * First 13 weeks = full pay * Next 13 weeks = half pay Subject to meeting the criteria in our Absence Policy, it's our way of supporting you through recovery without added stress. Responsibilities The analyst will manage security alerts, monitor system vulnerabilities, and coordinate remediation efforts across the organization. They are also responsible for maintaining the ISMS, supporting audits, and managing data protection documentation like DPIAs and RoPAs.

Security monitoring, Compliance, Privacy analysis, SOC 2, ISO 27001, Vulnerability management, Risk assessment, Data protection, GDPR, Cloud security, Google Cloud Platform, Penetration testing, Audit support, Policy management, Communication skills, Organizational skills