Job Description

At Quorum Cyber, we're on a mission to help good people win. Founded in Edinburgh in 2016, we're one of the fastest growing cyber security companies in the UK and North America, serving over 400 customers on four continents.


We protect organisations against the rising threat of cyber-attacks, enabling them to thrive in an increasingly unpredictable and inhospitable digital landscape.



As a Microsoft-only security house, a Microsoft Solutions Partner for Security, a member of the Microsoft Intelligent Security Association (MISA), and winner of the Microsoft Security MSSP of the Year 2025 award, we offer a unified security ecosystem comprised of innovative services, all delivered through our customer platform, Clarity.



In September 2024, Quorum Cyber acquired Canada-based, Microsoft Solutions Partner for Security, Difenda. This was closely followed in December 2024 by the acquisition of US-based, Kivu Consulting, a global cyber security firm with world-leading incident response capabilities.

Position:

-------------

As an Information Security Analyst, you serve as a digital guardian for the organisation, protecting critical information assets and systems from cyber threats. You are part of the Governance, Risk & Compliance team, and report to the Compliance & Information Security Manager. Our team works alongside other parts of the business to carry out audits, compliance continual improvements, investigations and risk assessments. Your role is critical in maintaining security measures that safeguard sensitive data, ensure business continuity, and maintain stakeholder trust. You act as both a strategic advisor and hands-on practitioner, translating complex security concepts into actionable business solutions while staying ahead of an ever-evolving threat landscape.

What I Do Is:

Maintain and support the internal audit schedule and requirements for all QC required frameworks using the GRC platform and planning tool to ensure security controls are in place and operating effectively Assist in the external audit process and support any development or implementation of remediation required Participate in the review, update and validation of our Policies, Procedures and Documentation, ensuring accuracy with current policy and changes in frameworks and regulatory requirements Be a trusted point of contact for reported issues, incidents or concerns and document them according to due process (NCL) Maintain the data incident reporting log, ensuring each incident is fully investigated and taking the necessary actions when required Maintain the TPRM process and Vendor Assurance records in the GRC platform with appropriate risk assessments to highlight any potential risk areas to the business using technical acumen and knowledge relevant to the vendor Support the review of our internal vulnerability management lifecycle by monitoring the tools and ensuring KPI's are reported and met Be a trusted advisor to Compliance's customers, answering questions that come through the Compliance mailbox and other sources about our current frameworks and certifications as well as best practice, participate in projects as and when required Provide Security Awareness Training in line with programs and tooling Keep up to date with knowledge of new technologies and their governance as well as legislative changes relevant to data protection in our geographic locations

Requirements:

-----------------

Experience with Microsoft Security tools Good technical understanding of the Microsoft environment Strong understanding of security principles, concepts, and best practices. Knowledge of operating systems, networking, and cloud computing Excellent written and verbal communication skills Technical Curiosity, general interest in latest technology and threat landscape Strong attention to detail and organisational skills Understanding of compliance and regulatory frameworks (GDPR, ISO 27001, SOC 2, NIST....) Ability to communicate technical information to both technical and non-technical audiences Ability to adapt to changing priorities and technologies Time Management, both day to day and Annual Calendar Great team player and open to collaboration across the business

I Know I Have Done A Great Job If:

Our documents are up to date, and I have collected an accurate record of their reviews and updates and processes in practice through evidence gathering during our audit cycle. This evidence is available on demand for auditors, internal and external Information Security KPI's are fully measured and reported I have worked closely with my colleagues to improve our systems and processes I have maintained great quality documentation that provide auditable records of what was done, when and why My colleagues have received helpful guidance and advice, allowing them to do their jobs more efficiently I have raised my profile inside and outside of Quorum Cyber

Other information:

----------------------

You will get an excellent salary, with world class benefits.


As leading-edge technology company you will have access to the latest technology, and an environment that will encourage and nurture your curiosity. We are passionate about your development, and you will be empowered to advance your skills and expertise.