[Hiring] Information Security Analyst @AltoVita

Role Description

The Information Security Analyst will support the day-to-day operation of AltoVita’s information security and privacy activities, ensuring compliance and fostering a culture of security awareness.

Key Responsibilities

• Security and Privacy Operations
  • Support the maintenance of security, privacy, and compliance documentation.
  • Assist with tracking security and privacy actions, control improvements, and remediation activities.
  • Help maintain registers such as risks, issues, actions, policies, vendors, assets, data processing activities, and control evidence.
  • Coordinate updates between internal teams to ensure agreed actions are progressed.
  • Support the preparation of security and privacy reports, summaries, and updates for internal stakeholders.
  • Help ensure security and privacy activities are documented, repeatable, and easy to evidence.
  • Escalate risks, issues, or delays to the CISO or relevant business owner.
• Compliance and Audit Support
  • Assist with internal and external compliance activities, including ISO 27001, SOC 2, GDPR, and client assurance requirements.
  • Support evidence gathering for audits, assessments, and control reviews.
  • Help maintain audit trackers, evidence folders, and compliance records.
  • Coordinate with internal teams to obtain required documentation and control evidence.
  • Support follow-up actions from audits, assessments, or client reviews.
  • Assist with the maintenance of policies, procedures, and standards.
  • Help ensure compliance activities are well organized and delivered within agreed timelines.
  • Support the CISO and relevant control owners with audit preparation and remediation tracking.
• Policy and Documentation Support
  • Help maintain clear, practical, and accessible security and privacy documentation.
  • Support the review and update of information security and privacy policies.
  • Assist with the creation of standards, procedures, guidance notes, and user-facing materials.
  • Help ensure documents are version controlled, approved, and communicated appropriately.
  • Maintain policy review schedules and track required updates.
  • Draft practical guidance for employees on security and privacy topics.
  • Support the communication of policy changes across the business.
  • Help ensure documentation is accurate, consistent, and aligned to business processes.
• Security Awareness and Culture
  • Support the delivery of security and privacy awareness activities across AltoVita.
  • Carry out security and privacy training administration and ensure 100% completion rates across the business.
  • Support the development of awareness content, reminders, newsletters, FAQs, and guidance.
  • Help coordinate phishing simulations and follow-up communications.
  • Track training completion and awareness participation.
  • Support campaigns that promote secure behaviors and good privacy practices.
  • Help make security and privacy feel practical, accessible, and enabling.
  • Escalate recurring behavioral or process issues to the CISO or relevant business owner.
• Privacy Support
  • Support AltoVita’s privacy activities under the direction of the relevant privacy, legal, or security lead.
  • Assist with the maintenance of privacy records, including data processing registers and related documentation.
  • Support the tracking of privacy actions, assessments, and improvement activities.
  • Help gather information for privacy reviews, data mapping, or data protection impact assessments.
  • Support internal teams with practical privacy guidance, escalating complex matters where needed.
  • Assist with record keeping for data subject requests, incidents, or privacy inquiries.
  • Help ensure privacy documentation remains organized, accurate, and accessible.
• Client Assurance and Security Questionnaires
  • Support the completion of client security and privacy questionnaires, RFP responses, and due diligence requests.
  • Assist with the preparation of responses to client security and privacy questions.
  • Maintain a library of approved answers, evidence, and supporting materials.
  • Coordinate with internal subject matter experts to obtain accurate information.
  • Ensure responses are consistent with AltoVita’s current controls, policies, and practices.
  • Help translate technical or compliance information into clear, client-friendly language.
  • Track open client assurance requests and support timely completion.
  • Escalate complex, high-risk, or contractual questions to the CISO, Legal, or relevant business owner.
• Supplier and Third-Party Support
  • Support supplier security and privacy processes under the direction of the CISO or relevant business owner.
  • Assist with supplier due diligence questionnaires and evidence collection.
  • Help maintain supplier records, risk ratings, and review schedules.
  • Track supplier security or privacy actions.
  • Support periodic reviews of key suppliers.
  • Help ensure supplier documentation is complete and up to date.
  • Escalate potential supplier risks or concerns to the appropriate owner.
• Incident and Risk Support
  • Support security, privacy, and operational risk processes by helping with coordination, documentation, and follow-up.
  • Support the logging and tracking of security or privacy incidents.
  • Help gather relevant information during incident reviews.
  • Maintain incident notes, timelines, and action trackers.
  • Support post-incident follow-up and lessons learned activities.
  • Assist with risk register updates and remediation tracking.
  • Escalate suspected incidents or risks promptly to the CISO or relevant lead.
  • Support the documentation of controls, gaps, and agreed improvements.
• IT and Access Control Support
  • Assist with security-related IT and access control activities where required.
  • Day-to-day execution of access controls.
  • Support access review processes by gathering user access information.
  • Help track joiner, mover, and leaver control activities.
  • Support evidence collection for account provisioning, deprovisioning, and access approvals.
  • Assist with documentation of access control processes.
  • Help monitor completion of agreed access management actions.
  • Oversight and support on internal reviews of security tooling usage, adoption, and documentation.
  • Escalate access control issues or gaps to IT, system owners, or the CISO.

Qualifications

• Experience in information security, privacy, compliance, IT, risk, audit, operations, or a related field.
• Working knowledge of information security and privacy principles.
• Awareness of GDPR, ISO 27001, SOC 2, or similar frameworks.
• Strong written and verbal communication skills.
• Ability to write clear guidance, summaries, and user-facing content.
• Strong organizational skills and attention to detail.
• Confidence working with stakeholders across different business functions.
• Practical problem-solving approach.

Requirements

• Ability to maintain trackers, registers, documentation, and evidence records.
• Ability to manage multiple tasks and deadlines.
• Comfortable using collaboration tools, document repositories, and workflow trackers.

Benefits

• Opportunity to work in a fast-paced, innovative environment.
• Fully remote work with a diverse team from 26 countries.
• Support for professional development and training.

What Success Looks Like

• First 90 Days
  • Built strong working relationships with the CISO and key internal teams.
  • Understood AltoVita’s core security, privacy, and compliance activities.
  • Reviewed existing policies, registers, trackers, and evidence repositories.
  • Supported current audit, compliance, or client assurance activities.
  • Helped organize key documentation and improve visibility of open actions.
  • Identified areas where tracking, evidence, or documentation can be improved.
  • Started supporting awareness, access review, or supplier assurance activities.
• First 6 Months
  • Helped improve the structure and consistency of security and privacy documentation.
  • Supported audit and compliance evidence collection in a timely and organized way.
  • Maintained clear action trackers for control improvements and remediation activities.
  • Helped improve security and privacy awareness materials.
  • Supported client assurance responses with accurate and reusable content.
  • Assisted with supplier due diligence and access review activities.
  • Improved the quality and availability of evidence for security and privacy controls.
  • Become a trusted support point for internal security and privacy coordination.
• First 12 Months
  • Helped AltoVita operate a more structured, scalable, and measurable security and privacy function.
  • Success will be demonstrated through better organized security and privacy records.
  • Improved evidence readiness for audits and client assurance.
  • Clearer policy and procedure documentation.
  • More consistent tracking of risks, actions, and remediation activities.
  • Improved support for privacy records and data protection activities.
  • Stronger internal awareness of security and privacy responsibilities.
  • Faster and more consistent support for client security questionnaires.
  • Better visibility of supplier assurance and access review activities.
  • A more mature, well-documented, and business-friendly security and privacy operating model.