Daily management of alerts and reports across security tools (e.g. Trend Vision One, Vanta, Google Workspace Security Console, Google Cloud).
Monitor identified system vulnerabilities and coordinate with operations teams to ensure timely remediation.
Monitor and report on key security KPIs and metrics.
Participate in the identification, investigation, and management of information security incidents.
Maintain and update the organisation’s main information security risk register
Assist in technical risk reviews of vendors and partners
Attend Change Advisory Board (CAB) meetings and propose pragmatic, risk-reducing remediations for change requests
Conduct basic internal penetration testing to identify and escalate readily preventable security issues
Creation and management of Data Protection Impact Assessments (DPIAs) for existing and future projects and services
Maintain the Record of Processing Activities (RoPA) database and ensure alignment with operational practices
Support the ongoing maintenance and improvement of the ISMS in line with ISO 27001 requirements
Manage the pipeline of required policy and procedure updates, ensuring documentation remains current and effective
Provide audit support by liaising between auditors and internal teams for both internal and external audits (including SOC 2 and ISO 27001)
Assist in evidence collection, control validation, and remediation tracking
Proven experience in a Security, Compliance, or Privacy Analyst role
Strong working knowledge of SOC 2 and ISO/IEC 27001 frameworks
Familiarity with security monitoring and compliance tools (e.g. Vanta, SIEM platforms, cloud security tools)
Understanding of GDPR and UK data protection regulations
Experience managing DPIAs and RoPA documentation
Ability to interpret vulnerabilities and risks in a practical, business-focused way
Strong organisational skills with attention to detail
Effective communication skills, with the ability to work across technical and non-technical teams
2 to 3 years experience in a similar role
Experience working in cloud environments (particularly Google Cloud Platform)
Exposure to penetration testing methodologies or vulnerability scanning tools
BA Hons Degree in relevant field or equivalent experience
Relevant certifications (e.g. ISO 27001 Lead Implementer/Auditor, CISM, CISSP, or equivalent)
Experience supporting audits in a fast-paced or scaling organisation
NEST Pension Scheme
Your future self will thank you—Cudo contributes to your pension through the NEST scheme, helping you build a comfy nest egg.
Unlimited Holiday Policy
Take the time you need to rest, recharge, and explore. We trust you to manage your time off responsibly—no cap, just balance.
️ Remote Working
Work from wherever you feel most productive—home, café, or co-working space. We’re remote-first and proud of it!
Tech & Cycle Scheme
Swap the commute for fresh air and smarter gear! This scheme helps employees save on bikes and tech essentials—whether you're pedalling to work or powering through your day with new devices. Healthier, greener, and a little more high-tech.
Enhanced Sick Pay
If you're unwell and out of probation, we've got you covered:
• First 13 weeks = full pay
• Next 13 weeks = half pay
Subject to meeting the criteria in our Absence Policy, it's our way of supporting you through recovery without added stress.
Apply To This Job