InfoSec Analyst

Who are we? We are a female-founded scale-up, currently made up of around 100 AltoVitians. Our fully-remote team hails from 26 different countries and collectively speaks 29 languages. Most of the time, it is our differences that are celebrated (whether they are in cultures, personalities, preferences or passions). However, despite those differences, there are a few principal attributes that we share which define an AltoVitian. AltoVitians are tenacious, humble, and thoughtful. Being humble is important because it enables us to keep learning every day, and tenacity is necessary because in a high performing environment as fast-paced as AltoVita, taking it slow is simply not an option!Today is a particularly exciting time to join our team, we closed our Series A financing round in late 2022 and will be starting the Series B rounds in the coming year. This next chapter won’t always be a smooth ride, but it will be filled with innovation, excitement and opportunities, so if you are ready for the challenge (and the fun!) of growing with us, we would love to hear from you.What we doAltoVita is a multi-award winning accommodation platform that enables enterprises to consolidate accommodation programmes through the power of proprietary technology paired with a human centric approach.AltoVita’s unique offering sets us apart in the market, providing a network of 10 million+ verified and vetted properties are all duty of care compliant, backed by a four-tier quality control process; located in over 35,000 cities & 165 countries world-wide. With our award-winning enterprise software and human-centric approach, we deliver smart and sustainable solutions to global talent mobility & business travel managers worldwide.Our Client Development team plays a vital role as trusted advisors and partners to our clients. Embodying our consultative philosophy, this dedicated team proactively shares new market insights, analyzes data, and empowers our clients with the tools and knowledge to make informed decisions, ensuring our clients are always equipped to make the best choices for their corporate housing needs.AltoVita’s technology provides a cloud-based bridge between the highly fragmented property distribution system and multinational Global 2000 companies. A proprietary two-way API integration with a standardised sourcing process reduces the legacy, inefficient 48-to-72-hour bidding process down to a few minutes, saving valuable time and money.Corporate clients love the bespoke user interface seamlessly configured to their mobility policies, and employees enjoy a greater sense of choice and support in their relocation journey.Key ResponsibilitiesSecurity and Privacy OperationsSupport the day-to-day operation of AltoVita’s information security and privacy activities as well as the mindset transformation. One that scales as the business grows, earns the trust of partners and regulators, and reflects the values we hold around protecting the people we serve.Responsibilities include:Supporting the maintenance of security, privacy and compliance documentation.Assisting with tracking security and privacy actions, control improvements and remediation activities.Helping maintain registers such as risks, issues, actions, policies, vendors, assets, data processing activities and control evidence.Coordinating updates between internal teams to ensure agreed actions are progressed.Supporting the preparation of security and privacy reports, summaries and updates for internal stakeholders.Helping ensure security and privacy activities are documented, repeatable and easy to evidence.Escalating risks, issues or delays to the CISO or relevant business owner.Compliance and Audit SupportAssist with internal and external compliance activities, including ISO 27001, SOC 2, GDPR and client assurance requirements.Responsibilities include:Supporting evidence gathering for audits, assessments and control reviews.Helping maintain audit trackers, evidence folders and compliance records.Coordinating with internal teams to obtain required documentation and control evidence.Supporting follow-up actions from audits, assessments or client reviews.Assisting with the maintenance of policies, procedures and standards.Helping ensure compliance activities are well organised and delivered within agreed timelines.Supporting the CISO and relevant control owners with audit preparation and remediation tracking.Policy and Documentation SupportHelp maintain clear, practical and accessible security and privacy documentation.Responsibilities include:Supporting the review and update of information security and privacy policies.Assisting with the creation of standards, procedures, guidance notes and user-facing materials.Helping ensure documents are version controlled, approved and communicated appropriately.Maintaining policy review schedules and tracking required updates.Drafting practical guidance for employees on security and privacy topics.Supporting the communication of