Senior Information Security and Compliance Analyst
Résumé du poste par JobGrid
Senior Information Security and Compliance Analyst at Marcura: London, Royaume-Uni; Hybride; Temps plein; IT; Ingénieur sécurité. JobGrid adds normalized role facts, source context, and a path to the employer application page so candidates can compare the listing before applying.
- Location and workplace: London, Royaume-Uni, Hybride
- Role classification: IT, Ingénieur sécurité, Temps plein
- Source freshness: checked by JobGrid on 2026-05-30.
- Application path: candidates continue to the employer application page with non-personal referral tags.
What We Do
Marcura is a global leader in digital solutions for the maritime industry, providing software and services that help shipowners, operators, and maritime professionals streamline operations, reduce costs, and stay compliant. With a strong focus on innovation, data integrity, and security, Marcura’s products support critical workflows such as port cost management, payments, and data intelligence. The company is committed to maintaining robust information security practices to protect sensitive financial and operational data, ensuring trust, resilience, and compliance across its global platform.
Who We Need
We’re searching for a Senior Information Security and Compliance Analyst to join our crew. As our ideal Senior Information Security and Compliance Analyst you will interact with multiple stakeholders within the organization and contribute innovative solutions for security programs and continuous monitoring capabilities. You will also be responsible for the ongoing management of information security policies, procedures, and technical systems in order to maintain the confidentiality, integrity, and availability of all organizational information systems.
What You’ll Do
- Lead in the development/adoption and enforcement of Information Security policies, procedures and standards. Conduct and complete an annual review of required PCI, SOC2 regulations and reports.
- Ensure compliance through adequate training programs and periodic security audits. These audits should be both internal and external in nature.
- Execute and manage vulnerability scanning programs, analyze scan results in depth, prioritize risks based on exploitability and business impact, and work directly with engineering teams to remediate findings.
- Integrate security into the software development lifecycle by performing code reviews, supporting secure coding practices, and implementing automated security testing tools such as SAST and dependency scanning.
- Assess third-party systems and integrations from a technical security perspective, identifying risks in APIs, data flows, and external dependencies.
- Conduct detailed risk assessments, threat modeling exercises, and security architecture reviews for new and existing systems, providing actionable recommendations and technical guidance.
- Develop, implement, and tune detection rules and use cases within security monitoring platforms to improve visibility and reduce false positives.
- Maintain the Company’s Security Policies. These are formal policies that detail and document actual mechanisms and controls and should include at least the following:
- Administrative: Risk analysis and management, documentation management and controls, information access controls and sanctions for failure to comply.
- Personnel Security: Personnel only have access to sensitive information for which they have appropriate authority and clearance.
- Physical Safeguards: Assign security responsibilities, control access to media and the controls in place against unauthorized access to workstations and related equipment.
- Technical Security: Set the access and authorization controls for everyday operations as well as emergency procedures for data.
- Transmission security: Set the standards for access controls, audit trails, event reporting, encryption and integrity controls.
- Take on other tasks and duties as assigned.