RealVNC is the remote access platform for engineers looking for the most reliable and the most secure solution built by the creators of VNC technology. Over the last 25 years, as the inventors of VNC, we've enabled a global workforce to work wherever works and created the remote access market. Our software is used by hundreds of millions of users worldwide including IT professionals from global companies, such as Intel, IBM, NASA, Shell, DreamWorks and Philips.
Our lead product, VNC Connect, allows users to connect securely to a remote device anywhere in the world, see its screen in real-time, and take control as though sitting in front of it. The product has been deployed across a myriad of use cases, from remote support through to deploying the software onto connected devices such as medical ventilators, set-top boxes, heavy industrial machinery and more.
Backed by leading mid-market private equity firm, Livingbridge since 2021, we are investing in our people to support our highly ambitious growth plans. As part of our people strategy to develop our next generation organisation, we are looking to add new team members that are integral to the success of the business, committed to delivering high quality results, collaboration and innovation to help accelerate company growth.
We're looking for a detail-oriented and proactive Information Security GRC Analyst to join our team, reporting to the Information Security Compliance Officer. You'll help maintain and improve our security compliance across frameworks such as ISO 27001, SOC 2, and HIPAA, with scope expected to broaden over time as we extend into adjacent standards and new market segments.
This is a fantastic opportunity for someone who enjoys structured work, has strong organisational skills, and is keen to develop expertise in information security and compliance. You'll take ownership of key activities including supplier reviews, risk assessments, incident tracking, and audit preparation - working closely with internal teams and external auditors to ensure our policies and processes are effective and up to date.
The ideal candidate will be comfortable managing supplier reviews, risk assessments, and audit preparation, while also driving progress on incidents, vulnerabilities, and non-conformances. If you enjoy working across teams, have a keen eye for detail, and thrive in a structured environment, we'd love to hear from you.
Key responsibilities of this role will include;
-
Management of the RealVNC risk management process across our assets, processes, and third-party suppliers, including risks associated with new markets and use cases as our product footprint evolves, identifying vulnerabilities, working with asset owners to develop remediation plans, reassessing risk scores following remediation, and regular review to assess progress.
- Draft, update and maintain ISMS policies and processes in line with audit findings, regulatory changes, and evolving operational practices, including managing release approvals for policy and process updates.
- Collect, analyse, and report on ISMS metrics, including maintaining key performance indicators and measurement records, contributing to continuous improvement and audit readiness.
- Track and manage non-conformances, ensuring timely resolution and documentation in accordance with internal processes and policies.
- Draft incident reports following security events, ensuring clarity, accuracy, and alignment with regulatory expectations.
- Conduct and document initial and periodic supplier due diligence reviews, including determining what RealVNC data each supplier processes and stores, to ensure ongoing adherence to RealVNC's security standards, risk mitigation strategies, and contractual and regulatory requirements. Support supplier contract management and renewals by ensuring each supplier is reviewed in good time ahead of renewal, so RealVNC can serve notice to decline renewal within the required notice period where appropriate.
- Follow up on incident and lessons learnt action items, coordinating with stakeholders to ensure closure and accountability.
- Monitor and escalate vulnerability remediation, working with technical teams to ensure timely resolution.
- Facilitate the creation of ISMS management review documentation, supporting leadership in strategic decision-making.
- Prepare for and participate in external audits (ISO 27001:2022, SOC 2, HIPAA), including evidence collation and auditor liaison.
- Lead or support internal audits, including scheduling, execution, reporting, and updating relevant process and policy documentation.
-
Administer and maintain the GRC tooling, acting as the internal subject matter expert and supporting cross-functional teams across the business in using the platform effectively to meet their compliance obligations.
You;
-
Have a keen attention to detail and a methodical approach to documentation and process tracking.
-
Are comfortable interpreting and summarising technical incidents for non-technical audiences.
-
Can manage multiple tasks and deadlines, especially in audit preparation and follow-up.
-
Are proactive in chasing actions and ensuring accountability across teams.
-
Demonstrate excellent written and verbal communication skills, especially in formal documentation.
-
Are confident using productivity and collaboration tools (e.g. Excel, Confluence, Jira, SharePoint, Drata or equivalent GRC platform).
-
Are adaptable and willing to learn new compliance frameworks.
-
Can work independently while collaborating effectively with technical and non-technical stakeholders.
As well as the above, if you have any of the desired experience below then we'd like to know about it!
-
Experience working in an ISO 27001-compliant environment or similar regulated setting.
-
Familiarity with risk assessment methodologies and compliance reporting.
-
Experience supporting or participating in internal and external audits.
-
Experience working in a software development or Software as a Service (Saas) company.
-
An interest in emerging or adjacent compliance frameworks, including those relevant to industrial or operational technology environments.
-
Experience with GRC tooling (e.g. Drata, Vanta, OneTrust, or similar) would be an advantage.
This role offers a great opportunity to join our Compliance Team, working for a successful, growing company with a recognised global brand and huge potential and vision. Working with us on our growth journey provides the chance to see first-hand how your individual contributions as part of a dynamic team influence the success of our business. We want to see you grow with us. We're committed to creating a culture where contributions are recognised, careers grow and people thrive together. Through a clear career framework and ongoing development, we can help you unlock your full potential.
We also offer generous benefits, including a contributory pension, EV car leasing scheme, private dental and medical cover.
We work in a hybrid environment where employees combine working remotely and working from the office to facilitate a high-performance working environment - with the ability to collaborate effectively and build a cohesive team bond whilst being able to focus and deliver quality results. With this in mind, you will need to easily be able to commute to Cambridge and / or London.
If you'd like to join RealVNC as an Information Security GRC Analyst, please click on the 'apply for this job' button and fill in your details.
RealVNC has a responsibility to ensure that all staff are eligible to live and work in the UK and if you're invited to interview you'll be required to provide proof of your eligibility to work.
RealVNC is an equal opportunities employer, committed to staff welfare and professional development.
Staffing and Recruitment Agencies
To all Staffing and Recruiting Agencies: Our website is only intended for individuals and preferred suppliers of RealVNC. Staffing and recruiting agencies and individuals being represented by an agency that is not a preferred supplier are not authorized to use this site or to submit profiles, applications or CVs, or to forward CVs directly to employees or any other company location, and any such submissions will be considered unsolicited.
RealVNC does not accept unsolicited CVs or applications from agencies other than preferred suppliers. RealVNC is not responsible for any fees related to unsolicited CVs or applications and explicitly reserve its right to contact candidates presented in such unsolicited CV or application.
