About the Role
We are seeking an IT Governance & Service Assurance Analyst to support customer ISO 27001 and SOC 2 obligations, provide ongoing governance and service assurance for managed customers, and assist with our Virtual IT Manager (ViT) service delivery. This role focuses on IT security controls, audit evidence, governance documentation, customer reporting, and service follow-up activities.
Key Responsibilities
Governance, Compliance & Audit Support
- Support ISO 27001 and SOC 2 audits, focusing on IT and technical security controls
- Configure and manage customer environments in Drata or similar GRC platforms (e.g. Vanta)
- Perform recurring audit evidence gathering on monthly, quarterly, bi-annual, and annual cycles
- Retrieve evidence from Microsoft 365 (Entra ID, Intune), security tools, backup systems, and monitoring platforms
- Coordinate with internal technical teams where evidence cannot be gathered directly
- Work directly with external auditors to provide evidence and resolve audit queries
- Track audit gaps, remediation actions, and follow-ups through to closure
Virtual IT Manager (ViT) Service Support
- Provide administrative and coordination support for the Virtual IT Manager (ViT) service
- Assist with the creation, review, and ongoing maintenance of customer security policy documentation
- Support annual review of Business Continuity (BCP) and Disaster Recovery (DR) policies
- Attend ViT customer meetings alongside the senior resource
- Take detailed meeting notes, capture actions, and manage follow-ups
- Track and coordinate longer-running customer initiatives such as fleet refreshes, relocations, strategic initiatives, and security uplift programs
Service Reporting & Assurance
- Prepare monthly customised customer reports
- Gather data from multiple systems including ticketing, monitoring, and security platforms
- Provide commentary on trends and changes
- Support future initiatives to automate reporting and improve data consistency
Skills & Experience
- Experience supporting ISO 27001 and/or SOC 2 audits (IT controls)
- Strong working knowledge of Microsoft 365, including Entra ID and Intune
- Familiarity with MFA, SSO, Conditional Access, endpoint protection, patching, backups, and disaster recovery
- Hands-on experience with Drata or similar GRC platforms is highly desirable
- Strong documentation skills and exceptional attention to detail
