At Kinetic we’re redefining operational excellence in higher education, conferencing, and events. As the leading provider of software solutions for student accommodation, event management, catering, and residential services, we help institutions streamline operations, elevate customer experiences, and unlock their full potential.
With over 25 years of experience and trusted by more than 350 institutions worldwide, our software empowers universities and venues to run smarter, faster, and more collaboratively. From bustling campuses to dynamic corporate environments, our technology adapts to the rhythm of each organisation — helping them thrive in a fast-changing world.
But we’re more than just software. We’re a team of passionate problem-solvers, innovators, and collaborators who care deeply about our customers and each other. Our culture is built on empowerment, community, and continuous growth. We believe in giving people the tools, support, and freedom to do their best work — and have fun while doing it.
Joining Kinetic means being part of a purpose-driven business where your ideas matter, your development is supported, and your impact is real. If you’re ready to help shape the future of operational technology in education and events, we’d love to meet you.
We are looking for a capable and detail-oriented Information Security Analyst to join Kinetic on a permanent basis. Following a significant investment in our security programme, including ISO27001 and PCI/DSS recertification and the embedding of a modern, integrated security toolset, this role is focused on operating and continuously improving that established framework. Kinetic has built a modern, integrated security programme. Now we need the right person to run it, own it, and make it better every day.
This is a hands-on operational role suited to someone earlier in their security career who is process-driven, comfortable working across platforms, and eager to grow within a well-structured environment. You won't be building the security function from scratch; you'll be the day-to-day custodian of it.
Own day-to-day operation of Drata, our GRC platform, ensuring real-time compliance data remains accurate and connected across all integrated tools and applications.
Maintain the central policy and procedure repository, keeping documentation current and version-controlled.
Manage onboarding security workflows, ensuring mandatory training is completed and relevant forms signed via automated processes.
Coordinate internal audits across ISO27001 and PCI/DSS leveraging the SEP2 GRC Wingman service, working with the auditor to validate that controls and processes are operating effectively.
Support ongoing privacy and data protection obligations including GDPR, DSARs, and breach logging.
Manage auditor access through Drata and prepare evidence for external audit cycles.
Maintain and develop the Drata Trust Centre, ensuring it accurately reflects our security posture for customers and prospects.
Handle inbound customer and prospect security queries, using Drata's AI-assisted questionnaire tool to respond accurately and efficiently.
Complete HECVAT assessments and ad-hoc security questionnaires for higher education tenders.
Work with sales and customer success to provide security documentation and evidence packs.
Share Appcheck and Invicti real-time scan data with customer security teams to support deployment confidence and third-party PCI requirements.
Manage the Pen Test People portal — tracking active penetration tests, assigning remediation tasks to relevant team members, and monitoring closure.
Use Appcheck and Invicti to run ad-hoc API and web application scans ahead of new builds and customer deployments, reducing reliance on full annual pen tests.
Maintain visibility of application dependencies and exposure through the Appcheck dashboard.
Monitor endpoint security alerts and detections via CrowdStrike, escalating threats and coordinating response as required.
Coordinate remediation activity with engineering teams and track progress to closure.
Provide business leaders with guidance on security in an AI-enabled operating environment.
Maintain the risk register and support ongoing risk management processes through Drata.
Identify control gaps or process drift and escalate appropriately.
Support security awareness activity across the business.
Keep policies and procedures up to date as the business and threat landscape evolve.
2–4 years in an information security, IT compliance, or GRC-adjacent role.
Working knowledge of ISO27001 — exposure to audit evidence gathering or internal audit processes.
Familiarity with GRC platforms (Drata experience a bonus, but any similar platform is transferable).
Understanding of PCI/DSS and GDPR obligations in a SaaS context.
Comfortable managing vulnerability findings and coordinating remediation with technical teams.
Strong organisational skills — able to juggle multiple compliance threads and deadlines simultaneously.
Clear, confident communicator — able to handle customer-facing security queries professionally and accurately.
Experience with application security scanning tools (Appcheck, Invicti, or similar).
Endpoint detection and response (EDR) platform experience, ideally CrowdStrike Falcon.
Penetration test management or remediation tracking experience.
HECVAT or security tender questionnaire experience.
Relevant certifications: CompTIA Security+, CC (ISC²), ISO27001 Lead Auditor/Implementer, or working towards them.
Higher education sector familiarity.
Cloud environment exposure (Azure and/or AWS).
Process-driven and methodical — you find satisfaction in keeping compliance in good shape year-round, not just at audit time.
Platform-native — comfortable learning and getting the most out of integrated tooling.
Collaborative and responsive to engineering, sales, and customer success colleagues.
Knows when to escalate rather than overreach.
Curious about security and motivated to develop expertise over time.
At Kinetic, we believe work should come with rewards that make a real difference. Here’s just a taste of what you can expect when you join us:
25 days holiday (plus bank holidays) - with extra days the longer you’re with us
Two paid wellbeing days each year, with a budget to enjoy some time out with someone important to you
Enhanced pension contributions to support your future
Two paid days a year to give back through volunteering, charity work, or sustainability projects with our Green Team
Salary sacrifice schemes for electric vehicles and cycle-to-work
24/7 access to our Employee Assistance Programme for confidential advice and support
A full annual health check to keep you at your best
A flexible benefits platform - from life assurance and learning opportunities to retail discounts and cinema tickets
A genuine people-first culture where your growth and wellbeing come first
Performance-related bonus scheme to reward your contribution
Regular socials - from team get-togethers to all-company celebrations, with each department owning a budget for their events
The opportunity to attend group conferences, away days and learning forums both in the UK and abroad - network with other talent
We’ve created a welcoming office environment, with well-stocked kitchens offering free breakfast, fresh fruit, hot and cold drinks, and a range of tuck shop goodies to keep you fuelled throughout the day.
Kinetic is an equal opportunity employer, fostering diversity and committed to creating an inclusive environment for all employees.