Information Security Governance, Risk and Compliance Analyst

Ready to help us navigate a major shift in technology that brings both exciting opportunities and new security risks? Our Information Security team's mission is to securely enable Trustpilot to be the universal symbol of trust. As our new Governance, Risk and Compliance Analyst, you'll get hands-on with some of our most exciting initiatives yet.

You'll help mature our core compliance frameworks and play a key role in shaping our approach to AI security and governance. From risk-assessing new AI systems to helping us use AI to automate manual GRC workflows, your work will directly strengthen our security posture.

We're an open, inclusive and collaborative team of security enthusiasts who work closely with engineers and data scientists to solve complex problems. If you're a pragmatic technologist who loves balancing risk with fast-paced innovation, we want you to bring your unique perspective and ideas to our team.

You'll partner with our security, risk and engineering teams, to mature our core compliance programs and safely adopt exciting new AI technologies, directly strengthening the trust millions of people place in our platform.

• Drive our ongoing compliance efforts for major industry standards, including SOC 2, ISO27001, ISO42001 and PCI DSS, ensuring we consistently meet commitments to our customers.
• Evaluate and manage the security risks associated with our new artificial intelligence and machine learning systems, allowing our product teams to innovate safely and securely.
• Streamline how we assess the security of our vendors and third-party tools, paying special attention to how we safely integrate external AI technologies into our business.
• Help develop our internal standards for artificial intelligence, keeping us ahead of the curve on new global regulations like the EU AI Act.
• Identify opportunities to replace manual, repetitive risk management tasks with smart, AI-driven automation.
• Refresh our security policies and public-facing documents to clearly communicate our security posture to our customers, partners and auditors.
• Act as an advocate for security awareness across the business, helping colleagues understand how balancing risk and innovation leads to better, safer products.

Who you are:

• You have solid experience managing and auditing against core compliance frameworks, such as SOC 2, ISO27001 and PCI DSS.
• You're well-versed in risk management processes, including risk identification, third-party risk management and vendor security due diligence.
• You have practical experience developing, implementing and managing security policies and procedures.
• You're a pragmatist who knows how to balance security risks with the pace of innovation, bringing a solid understanding of cloud environment risks.
• Bonus points if you're familiar with emerging AI governance frameworks (like the EU AI Act, NIST AI RMF, and ISO/IEC 42001) or have a strong desire to learn them on the job.
• Bonus points if you have experience with, or a keen interest in, using AI to automate manual tasks and drive efficiencies in GRC workflows.

What’s in it for you:

• A range of flexible working options to dedicate time to what matters to you
• Competitive compensation package + bonus
• 25 days holiday per year, with an extra 5 days holiday allocated after your 1 year anniversary (prorated) 
• Two (paid) volunteering days a year to spend your time giving back to the causes that matter to you and your community
• Rich learning and development opportunities are supported through the Trustpilot Academy and Blinkist
• Comprehensive health package, pension, and full access to Headspace, a popular mindfulness app to promote positive mental health
• Paid parental leave
• Central office with  a laid-back vibe and constant buzz of different languages being spoken everywhere you go It’s complete with a coffee bar, canteen, and table tennis and has a wide variety of refreshments available - you can opt-in for breakfast and lunch at an affordable price
• Regular opportunities to connect and get to know your fellow Trusties, including company-wide celebrations and events, ERG activities, and team socials
• Opportunity to join the Trustpilot Social Club for a small monthly fe...