# IS Compliance Analyst **Company:** [Sidetrade](http://jobs.workable.com/companies/4C2ih8168UbNQzRi1AycMR.md) **Location:** Birmingham, United Kingdom **Workplace:** hybrid **Department:** R&D [Apply for this job](http://jobs.workable.com/view/7f5159e0-a225-4801-b89a-c143469efa40) ## Description **Calling all tech enthusiasts!** Want to start a real career in information security compliance, somewhere you will actually talk to engineers, product people and operations teams instead of pushing PDFs around? At Sidetrade, our ISO 27001, SOC 1 and SOC 2 compliance is built one conversation at a time. As Information Security Compliance Analyst, you will be in the middle of those conversations, growing fast under a Manager who will coach you, and you will see how a real ISMS works across an entire SaaS company. Join us at Sidetrade, the leading global SaaS provider recognised by Gartner. **About Sidetrade** Sidetrade is an AI company, listed on Euronext Growth, on a mission to revolutionize the way enterprises unlock value from their customers leveraging its Order-to-Cash Intelligence platform and its [Data Lake](https://datalake.sidetrade.com/). We're proud of our 38 nationalities and these diverse perspectives drive our innovation, one team culture and a customer-first mindset. Sidetrade is positioned as a Gartner® Magic Quadrant™ Leader since 2022. We value passion over perfection. So, if you're eager to learn and bring great energy, we want to hear from you. Be you. Grow with us. Curious about Sidetrade? Catch the Sidetrade Inside Out podcast. ## Requirements **What you will be doing:** - Maintain and update information security policies, standards and procedures with the relevant policy owners across the business. - Support the day-to-day administration of the ISO 27001 ISMS and the SOC 1 / SOC 2 Type II evidence collection and control monitoring activities. - Make Drata work for you: coordinate recurring compliance tasks and automated evidence collection in the GRC console, and keep audit and governance documentation up to date. - Draft first-pass responses to customer and prospect security questionnaires, RFIs and due-diligence requests, using and growing the central answer knowledge base. - Prospect and customer security discussions: prepare briefing materials, join calls in a support capacity, and chase the security commitments and action items afterwards. - Support supplier and third-party security reviews from intake and evidence collection through to follow-up of remediation actions. - Track ISMS KPIs and compliance task completion across stakeholders in Business, Finance, HR, Procurement, IT, Product and R&D / Development. - Help maintain the risk register and the security awareness training program and stay on top of action owners until things are actually done. - Support internal audits and external audit preparation (ISO 27001 surveillance / blank audit, SOC 1, SOC 2) and follow audit findings through to closure. - Build strong working relationships with control owners and policy owners, respond to routine internal security enquiries, and escalate to the Compliance Manager when it matters. - Spot opportunities to improve and automate recurring compliance activities and lift the overall quality of our documentation and audit readiness. **What you will bring:** - Strong organizational skills, attention to detail and ability to meet recurring deadlines. - Excellent written and verbal communication skills in English. - Comfortable working with documentation, spreadsheets and tracking / ticketing systems. - Basic understanding of information security concepts and good security practices. - Genuine curiosity about technology, AI and how systems and teams actually work. You enjoy asking engineers and operations people "how does this really happen?" rather than relying solely on written procedures. - Comfortable initiating conversations with technical and non-technical stakeholders to understand a process before documenting it. - Ability to manage multiple priorities and work both independently and within a small team. - Awareness of Sidetrade's three core certifications: ISO 27001, SOC 1 Type II and SOC 2 Type II. - Build trust across the business by treating every interaction as a chance to strengthen the working relationship, and by finding compliance solutions that respect the operational and commercial constraints of the team in front of you. - ISO 27001 Foundation certification (or willingness to obtain within the first 12 months). - Familiarity with GRC or compliance tooling such as Drata, Vanta or OneTrust. - Previous administrative, compliance, audit support or IT support experience. - Working knowledge of GDPR and general data privacy principles. - Awareness of PCI DSS controls is a plus. - Genuine interest in pursuing a career in cybersecurity, governance, risk or compliance. ## Benefits - Hybrid work model – a flexible mix of in-office and remote days. - Great culture – active Social Club organizing regular team events and activities. - Health & wellness – medical coverage, life insurance, and other wellness programs. - Time off – competitive paid holidays plus public holidays. - Career growth & compensation – competitive salary, equal opportunities, learning & mentorship programs, and advancement support. Because when you thrive, we all succeed! We're committed to providing a welcoming and inclusive experience for every candidate. If you need any accommodation during the hiring process, just let us know. **Agencies** We only accept applications from invited agencies via our Workable portal. Unsolicited CVs sent to managers or HR won't be subject to fees.