Wayflyer is looking for an Information Security Analyst to own critical security functions including risk management, policy development, and incident response. You'll be instrumental in fostering a security-focused culture and ensuring the safety of our systems as we scale.

What You'll Do

Take ownership of security tasks such as risk management and security reviews of SaaS tools and new system implementations.
Deliver Information Security Awareness training, establish a security-focused culture, and implement activities to promote this culture throughout the organization.
Recommend and implement security improvements to existing processes and Wayflyer's SaaS tool stack.
Manage, update, and communicate security policies and documentation in line with ISO 27001 standards.
Respond to day-to-day security questions and incidents from across the organization.
Support compliance initiatives and security audits, including SOC 2 Type II certification maintenance.
Conduct security risk assessments for new business requirements and system changes.
Work closely with IT Teams, TPRM, and Legal departments to ensure safety and compliance.
Implement and maintain security controls including access management, encryption protocols, and monitoring systems.
Collaborate with cross-functional teams to integrate security best practices into development workflows.
Monitor and respond to security events using our logging and monitoring infrastructure.
Assist in developing Information Security metrics and distribute the metrics to relevant stakeholders.

What We're Looking For

Bachelor's degree in Computer Science, Cybersecurity, Engineering, or related field, or equivalent practical experience.
2-3 years of professional experience in Information Security.
Experience with SOC 2 Type II or ISO 27001 audits and compliance frameworks.
Strong understanding of security best practices including encryption, access controls, and network security.
Knowledge of cloud security principles, preferably AWS.
Experience with security tools and technologies such as vulnerability scanning, GRC, SIEM, and monitoring platforms.
Understanding of risk management frameworks and security assessment methodologies.
Familiarity with regulatory requirements including GDPR, Data Protection Act 2018, and PCI-DSS.
Strong problem-solving skills and attention to detail.
Excellent communication abilities and proven track record of successful team collaboration.
Experience with policy development and documentation.
Understanding of secure software development practices and DevSecOps principles.

Nice to Have

Experience in financial services, fintech, and business-to-business organizations.
Enough knowledge and experience to independently deliver well scoped security projects within a team.
Amazing at prioritization, ensuring focus on impactful tasks while supporting teams.
Always looking to learn and grow, and to help others learn and grow by sharing knowledge.
Understanding of why diversity, equality, inclusion and belonging matters.

Technical Stack

AWS
Vulnerability scanning tools
GRC platforms
SIEM
Monitoring platforms

Team & Environment

This role reports directly to the Director of Corporate IT and Information Security.

Benefits & Compensation

25 days of paid annual leave plus public holidays.
Wellbeing support and resources, including a Wellbeing ERG.
Private healthcare, life insurance, and critical illness cover.
Pension plan.
Generous parental and adoptive leave: 6 months paid for Primary Caregivers, 3 months paid for Secondary Caregivers.
Equity scheme.
Work remotely from anywhere in the world for up to 60 calendar days a year.