All Locations
Bristol, Peterborough, Sheffield, Home based
Vacancy type
Permanent

About the role

The Security Compliance Analyst plays a key role in maintaining and evidencing information security compliance across Zellis Group, which comprises Zellis, Moorepay, Benifex and Hastee. Working across all of the Group’s brands and business units, the role ensures that security controls, processes and documentation consistently meet internal policies, contractual and regulatory obligations, and external standards such as ISO 27001:2022, SOC 2, UK GDPR, NIS2 and Cyber Essentials Plus.

Reporting to the Group Head of Security Compliance, this is a hands-on, delivery-focused role centred on continuous assurance: maintaining audit readiness, evidencing control effectiveness, and tracking remediation through to closure to sustain a consistent compliance posture across the Group. Because the Group’s certifications and attestations are regularly relied upon by customers, the role also provides valuable support to commercial, tender and due-diligence activity.

The role also takes a strong “AI first” approach, making use of approved AI tooling (such as Microsoft Copilot and Claude) to automate evidence collection, accelerate reporting, and help shift the function from point-in-time checks towards always-on, continuous compliance.

Key responsibilities

Compliance Management

  • Maintain compliance evidence repositories and support audit readiness across frameworks such as ISO 27001 and SOC 2.
  • Monitor adherence to information security policies, standards, and procedures.
  • Support individual business units in interpreting and applying compliance controls.
  • Map and harmonise overlapping controls across multiple frameworks (ISO 27001, SOC 2, Cyber Essentials Plus and NIST CSF) to create a single set of evidence, reduce duplication and minimise audit fatigue.
  • Help shift the programme from point-in-time checks towards continuous control monitoring, surfacing compliance drift before it becomes an audit finding.

Certification & Audit Management

  • Assist in coordinating internal and external audit activities for ISO 27001, SOC 2 and other frameworks adopted across the Group.
  • Maintain certification schedules and ensure corrective actions are tracked to closure.
  • Support ISO 27001:2022 surveillance and recertification audits, SOC 2 examinations, and Cyber Essentials Plus assessments across the Group.
  • Support the introduction of new certifications or attestations required by customers or to enter new markets, working with commercial teams to meet agreed timelines.

Internal Security Audits

  • Conduct internal control reviews to test compliance effectiveness.
  • Document findings, non-conformities, and improvement opportunities.
  • Track issue remediation and provide status reporting to management.

Risk Assessment & Reporting

  • Support identification and assessment of compliance-related risks.
  • Assist in preparing risk and compliance dashboards, metrics, and SLA tracking.
  • Contribute data to Group risk registers and compliance scorecards.
  • Help monitor and improve external security ratings (e.g. BitSight, SecurityScorecard) and framework benchmarking (e.g. NIST CSF), feeding results into management reporting.

Third-Party & Supply Chain Assurance

  • Support third-party and supply chain risk management, including reviewing supplier security questionnaires, certifications and evidence.
  • Track contractual security requirements and remediation actions for key suppliers, and contribute to vendor breach impact assessments.
  • Help maintain continuous visibility of critical third parties, rather than relying on point-in-time onboarding checks alone.

Policy & Process Support

  • Maintain localised policy registers and manage documented exceptions.
  • Contribute to drafting and reviewing information security procedures.
  • Monitor staff acknowledgement and review of current policy versions.

Stakeholder Collaboration

  • Act as the compliance point of contact for business-unit security leads and commercial teams.
  • Work with external auditors, certification bodies and assessors throughout audit and certification activities.
  • Collaborate with IT, Engineering, Legal, HR, Operations and other teams to embed compliance into day-to-day processes.

Customer Assurance & Commercial Enablement

  • Respond to customer and prospect security questionnaires, tenders and due diligence requests with accurate, consistent compliance information and evidence extracts.
  • Maintain a reusable library of approved security responses and evidence to speed up sales, renewal and contract-assurance cycles.
  • Help maintain customer-facing trust and assurance materials, so the Group can evidence its security posture consistently.

AI, Automation & Continuous Compliance

  • Apply an “AI first” approach, using approved AI tools (such as Microsoft Copilot and Claude) to automate evidence gathering, draft and review documentation, and analyse control data.
  • Help build and maintain automated compliance dashboards and real-time reporting, giving leadership continuous visibility of the Group’s posture.
  • Support the Group’s responsible use of AI, contributing to AI governance and assurance activities aligned to emerging standards (e.g. NIST AI RMF, ISO/IEC 42001) and the EU AI Act.

Continuous Improvement & Integration

  • Support compliance integration activities during mergers and acquisitions.
  • Participate in access reviews, control testing, and assurance checks.
  • Recommend improvements to enhance consistency, efficiency, and auditability. 

Skills & experience

  • Working knowledge of information security compliance frameworks (ISO 27001, SOC 2, UK GDPR, NIS2 and Cyber Essentials Plus).
  • Solid practical experience of internal and external security auditing, evidence collection and remediation tracking.
  • Experience using AI tools such as Microsoft Copilot and Claude.
  • Experience in preparing documentation for external audits and customer requests.
  • Familiarity with risk assessment methodologies and SLA metric reporting.
  • Excellent analytical, organisational, and written communication skills.
  • Ability to interpret technical controls and convey compliance requirements clearly.
  • Understanding of third-party / supply chain risk management and the supplier assurance lifecycle.
  • Awareness of continuous compliance approaches and GRC / compliance automation tooling (e.g. ServiceNow GRC, Vanta, Drata, Archer or similar).
  • Awareness of external security rating services (e.g. BitSight, SecurityScorecard) and control frameworks such as NIST CSF.
  • Awareness of emerging AI governance and assurance standards (e.g. NIST AI RMF, ISO/IEC 42001 and the EU AI Act). 

Essential Functional / Technical Skills 

  • Around 2–3 years’ experience in information security, compliance or audit, or in a closely related IT, risk or assurance role.
  • Hands-on experience supporting certification programmes such as ISO 27001, SOC 2 and Cyber Essentials Plus.
  • Understanding of data protection and privacy requirements under UK GDPR.
  • Working knowledge of cloud platforms (e.g. Microsoft Azure, AWS or Google Cloud) and common security tooling (e.g. SIEM, EDR/XDR, IAM and PAM).
  • Experience maintaining audit trails, compliance registers, and remediation logs.
  • Experience with business tooling such as Microsoft Teams, Project, ServiceNow, Azure DevOps and Jira would be advantageous.
  • Confident user of AI productivity tools (e.g. Microsoft Copilot, Claude) to accelerate analysis, drafting and evidence handling.
  • Experience responding to customer security questionnaires, tenders or due diligence requests. 

Desirable Qualifications & Certifications

  • A relevant certification such as ISO 27001 Foundation / Internal Auditor, CISMP or CompTIA Security+ (held); progress towards ISO 27001 Lead Auditor / Lead Implementer or CISA would be an advantage.
  • Experience in a regulated, data-rich or SaaS environment – ideally payroll, HR, financial services or similar.
  • Familiarity with operational resilience and continuity expectations (e.g. DORA, NIS2) is an advantage. 

Personal Attributes / Competencies

  • Detail-oriented and disciplined in maintaining documentation and audit evidence.
  • Proactive and accountable in following through on compliance actions.
  • Strong prioritisation skills with the ability to manage multiple audits and requests.
  • Clear communicator, able to engage effectively with both technical and business stakeholders.
  • Collaborative team player, promoting consistency and knowledge sharing across business units.
  • Integrity, reliability, and commitment to maintaining high standards of security assurance.
  • Curious and improvement-minded, keen to adopt new tools and automation to work smarter.
  • Customer-focused, recognising that strong compliance builds customer trust and protects the Group’s reputation.
  •  Adaptable and comfortable working in a fast-paced, evolving environment. 

Benefits & culture

At Zellis Group (Zellis, Moorepay, Benifex, and Hastee) we power exceptional employee experiences by creating AI-enabled products and services within HR, workforce management, payroll, and benefits. Our vision is to be the clear leader in pay, reward, analytics, and people experiences. With over 3,500 colleagues across the UK, Europe, India and the Philippines, we have a significant ambition for growth (organically and through M&A).
Our vision is to be the clear leader in pay, reward, analytics, and people experiences. We're passionate about creating an environment where people want to join, belong to, and be part of a progressive organisation. Our values, which were defined with input from of our colleagues, we live and breathe every day: 
  • Unstoppable together.
  • Always learning.
  • Make it count.
  • Think scale.

Our people are critical to our ongoing success; we’re proud of our inclusive culture that gives you the platform to grow, challenge the status quo and play a crucial role in further enhancing our market position as the leading provider of HR & Payroll software and services. With Zellis you’ll have the chance to stretch and challenge yourself in an environment that’s varied, flexible and hugely supportive.

We also love to reward and recognise our brilliant colleagues. As part of your benefits package, you’ll receive:

  • A competitive base salary, cash car allowance and bonus package.
  • 25 days annual leave, plus your birthday off and the opportunity to buy additional holiday.
  • Private medical insurance.
  • Life assurance 4x salary.
  • Enhanced pension scheme with company contributions up to 8.5%.
  • A huge range of additional flexible benefits across financial & personal wellbeing, lifestyle & leisure.

Other jobs like this

Careers Site Advertising Start Date
01 Jul 2026
All Locations
Bristol, Peterborough, Sheffield, Home based
Vacancy type
Permanent
Careers Site Advertising Start Date
19 Jun 2026
All Locations
Bristol, Peterborough, Sheffield, Home based
Advertising Salary
Competitive + benefits
Vacancy type
Permanent
Careers Site Advertising Start Date
01 Jul 2026
All Locations
Swinton
Advertising Salary
Competitive + commission
Vacancy type
Permanent