SteelEye is a fast moving RegTech (Regulatory Technology) start-up that is helping financial companies (e.g. banks, investment firms, brokers, hedge funds, and asset managers) meet their obligations under various global financial regulations.

Our work enhances financial compliance, prevents market abuse, and promotes trust in the financial markets. Our people are passionate about leveraging data and technology to make this happen.

SteelEye is seeking a detail-oriented and motivated  Senior Security Analyst to support key areas of the organisation’s cybersecurity programme. This role is ideal for a security professional with 5-8 years of experience, looking to deepen their knowledge across audit support, threat detection, vendor risk, and client assurance activities within a fast-moving, regulated SaaS environment.

Key Responsibilities:

Audit & Compliance Support

• Assist in the preparation for ISO 27001 and SOC 2 audits and surveillance reviews.
• Manage evidence collection using the Drata compliance platform and ensure timely updates.
• Maintain the control register and help track remediation tasks following audit findings.

Threat Monitoring & Escalation

• Monitor alerts from the 24x7 Rapid7-managed SOC and escalate internally where appropriate.
• Triage alerts that fall outside of the SOC's scope (e.g., environment-specific or customer-reported events).
• Maintain basic incident logs and support post-incident review activities.

Third-Party Risk & Vendor Assessments

• Support the security due diligence process for new suppliers, including reviewing security questionnaires.
• Track vendor responses and work with the business to validate responses as needed.
• Maintain and update the vendor risk register.

Client Security Engagements

• Collaborate with the Sales and Client Services teams to assist with RFPs, DDQs, and security-related questions.
• Support the preparation of standardised responses on security and data handling practices.
• Help fulfil periodic client attestations and documentation requests (e.g., encryption standards, PII handling).

Governance & Meetings

• Participate in weekly Security Team meetings and monthly Security Council forums.
• Contribute to the ongoing development of SteelEye’s cybersecurity roadmap and maturity plans.
• Document meeting outcomes, actions, and updates to programme artefacts as required.

Desirable Qualifications and Skills:

Education: Degree in Information Security, Computer Science, or a related field — or equivalent practical experience.

Experience: 5-8 years in a cybersecurity, GRC, IT audit, or operations role in a SaaS or regulated environment.

Foundational Knowledge:

• ISO 27001 and/or SOC 2 control frameworks
• SIEM/SOAR platforms (Rapid7, Splunk, or similar)
• Audit process or evidence collection tools (e.g., Drata, Vanta, Tugboat)

Technical Exposure (preferred but not required):

• Cloud platforms (e.g., AWS or Azure)
• Endpoint protection (e.g., Sophos, Kandji)
• Email security tools (e.g., Mimecast)

Skills:

• Excellent written and verbal communication skills
• Strong organisation and documentation habits
• Confidence in cross-team collaboration (especially with Engineering, Legal, Sales)|

We'd be excited if you had any of the following in addition:-

• Certifications such as CompTIA Security+, ISO 27001 Foundation, or SSCP
• Experience responding to client questionnaires, RFPs, or vendor assessments
• Comfort engaging in external forums or contributing to internal awareness content

Interview Process: The interview process is structured to assess candidates thoroughly across various competencies and skills relevant to the role. Here's a description of each stage:

• CV Review
• First Stage Overview Interview with our Executive Director of SRE & Security
• Final Interview with Chief Information Security Officer

About SteelEye:

SteelEye is a dynamic B2B FinTech company dedicated to enabling financial institutions, including banks, investment firms, brokers, hedge funds, and asset managers, to efficiently and accurately meet their regulatory obligations under various global financial regulations. As the finance industry’s pioneering integrated trade and communications surveillance solution, SteelEye empowers financial firms with data-driven tools and comprehensive insights, all from a single platform, allowing them to focus on what truly matters.

At SteelEye, we pride ourselves on fostering a diverse, equitable, and inclusive workplace where everyone's contributions are valued. We are committed to being an inclusive employer, embracing individuals of all races, religions, gender identities, sexual orientations, national origins, ages, socioeconomic statuses, medical conditions or disabilities, and other protected statuses. We actively seek talent from diverse backgrounds, experiences, personalities, and perspectives, believing that our differences drive innovation and success.