Information Security Analyst
Role details
Job location
Tech stack
Job description
We are looking for a capable and detail-oriented Information Security Analyst to join Kinetic on a permanent basis. Following a significant investment in our security programme, including ISO27001 and PCI/DSS recertification and the embedding of a modern, integrated security toolset, this role is focused on operating and continuously improving that established framework. Kinetic has built a modern, integrated security programme. Now we need the right person to run it, own it, and make it better every day.
What You'll Be Doing
This is a hands-on operational role suited to someone earlier in their security career who is process-driven, comfortable working across platforms, and eager to grow within a well-structured environment. You won't be building the security function from scratch; you'll be the day-to-day custodian of it.
Compliance & GRC Operations (40%)
- Own day-to-day operation of Drata, our GRC platform, ensuring real-time compliance data remains accurate and connected across all integrated tools and applications.
- Maintain the central policy and procedure repository, keeping documentation current and version-controlled.
- Manage onboarding security workflows, ensuring mandatory training is completed and relevant forms signed via automated processes.
- Coordinate internal audits across ISO27001 and PCI/DSS leveraging the SEP2 GRC Wingman service, working with the auditor to validate that controls and processes are operating effectively.
- Support ongoing privacy and data protection obligations including GDPR, DSARs, and breach logging.
- Manage auditor access through Drata and prepare evidence for external audit cycles.
- Maintain and develop the Drata Trust Centre, ensuring it accurately reflects our security posture for customers and prospects.
Customer Security Assurance (25%)
- Handle inbound customer and prospect security queries, using Drata's AI-assisted questionnaire tool to respond accurately and efficiently.
- Complete HECVAT assessments and ad-hoc security questionnaires for higher education tenders.
- Work with sales and customer success to provide security documentation and evidence packs.
- Share Appcheck and Invicti real-time scan data with customer security teams to support deployment confidence and third-party PCI requirements.
Vulnerability & Application Security (25%)
- Manage the Pen Test People portal - tracking active penetration tests, assigning remediation tasks to relevant team members, and monitoring closure.
- Use Appcheck and Invicti to run ad-hoc API and web application scans ahead of new builds and customer deployments, reducing reliance on full annual pen tests.
- Maintain visibility of application dependencies and exposure through the Appcheck dashboard.
- Monitor endpoint security alerts and detections via CrowdStrike, escalating threats and coordinating response as required.
- Coordinate remediation activity with engineering teams and track progress to closure.
Risk & Continuous Improvement (10%)
- Provide business leaders with guidance on security in an AI-enabled operating environment.
- Maintain the risk register and support ongoing risk management processes through Drata.
- Identify control gaps or process drift and escalate appropriately.
- Support security awareness activity across the business.
- Keep policies and procedures up to date as the business and threat landscape evolve.
Requirements
- 2-4 years in an information security, IT compliance, or GRC-adjacent role.
- Working knowledge of ISO27001 - exposure to audit evidence gathering or internal audit processes.
- Familiarity with GRC platforms (Drata experience a bonus, but any similar platform is transferable).
- Understanding of PCI/DSS and GDPR obligations in a SaaS context.
- Comfortable managing vulnerability findings and coordinating remediation with technical teams.
- Strong organisational skills - able to juggle multiple compliance threads and deadlines simultaneously.
- Clear, confident communicator - able to handle customer-facing security queries professionally and accurately., * Experience with application security scanning tools (Appcheck, Invicti, or similar).
- Endpoint detection and response (EDR) platform experience, ideally CrowdStrike Falcon.
- Penetration test management or remediation tracking experience.
- HECVAT or security tender questionnaire experience.
- Relevant certifications: CompTIA Security+, CC (ISC²), ISO27001 Lead Auditor/Implementer, or working towards them.
- Higher education sector familiarity.
- Cloud environment exposure (Azure and/or AWS)., * Process-driven and methodical - you find satisfaction in keeping compliance in good shape year-round, not just at audit time.
- Platform-native - comfortable learning and getting the most out of integrated tooling.
- Collaborative and responsive to engineering, sales, and customer success colleagues.
- Knows when to escalate rather than overreach.
- Curious about security and motivated to develop expertise over time.
Benefits & conditions
Pulled from the full job description
- Employee discount
- Employee assistance programme
- Company pension, At Kinetic, we believe work should come with rewards that make a real difference. Here's just a taste of what you can expect when you join us:
- 25 days holiday (plus bank holidays) - with extra days the longer you're with us
- Two paid wellbeing days each year, with a budget to enjoy some time out with someone important to you
- Enhanced pension contributions to support your future
- Two paid days a year to give back through volunteering, charity work, or sustainability projects with our Green Team
- Salary sacrifice schemes for electric vehicles and cycle-to-work
- 24/7 access to our Employee Assistance Programme for confidential advice and support
- A full annual health check to keep you at your best
- A flexible benefits platform - from life assurance and learning opportunities to retail discounts and cinema tickets
- A genuine people-first culture where your growth and wellbeing come first
- Performance-related bonus scheme to reward your contribution
- Regular socials - from team get-togethers to all-company celebrations, with each department owning a budget for their events
- The opportunity to attend group conferences, away days and learning forums both in the UK and abroad - network with other talent
We've created a welcoming office environment, with well-stocked kitchens offering free breakfast, fresh fruit, hot and cold drinks, and a range of tuck shop goodies to keep you fuelled throughout the day.
Kinetic is an equal opportunity employer, fostering diversity and committed to creating an inclusive environment for all employees.