Compliance Analyst, Security

Company Overview IRIS Software Group is one of the UK’s largest privately held software companies. Acquired by Hg Capital in 2018, its purpose is to be the most trusted provider of mission‑critical software and services—ensuring customers get it right first time, every time. IRIS removes process pain points so professionals in businesses and schools can focus on the work they love. Our solutions for finance, HR & payroll teams, educational organisations, and accountancy firms help clients comply with regulations, drive productivity, and engage key stakeholders.

By simplifying, automating, and providing insights into everyday mission‑critical tasks, IRIS empowers organisations of all sizes to move forward with certainty and confidence. Global footprint: 100,000+ customers across 135 countriesUser impact: 5 million employees on our payroll & HR platforms; 1 in 8 UK employees paid via IRIS; 4 million+ parents/guardians using IRIS school appsMarket leadership: Largest third‑party online filer with the UK Government; used by 91 of the top 100 UK accountancy firms and 54 of the top 100 US CPA firmsAccolades:

Winner of ‘Payroll Innovation’ at the Global Payroll Association Awards for Troncmasters by IRISPurpose of the RoleAs a Compliance Analyst, you will own the end‑to‑end security risk management process, enforce compliance with IRIS policies and industry standards, and maintain our security risk register. You will collaborate closely with technical stakeholders to identify, assess, and mitigate security risks—serving as a critical member of IRIS’s second line of defence.

Main ResponsibilitiesOperate and continuously improve IRIS’s security risk management processAlign risk practices with internal policies, regulatory requirements, and frameworks (ISO 27001, SOC 2, NIST)Review identified risks; assign criticality based on our Risk Matrix and escalate out‑of‑tolerance itemsServe as the central point of contact for security risk matters across the organisationEvaluate compensating controls and treatment plans for compliance effectivenessRecommend and track risk treatment plans in collaboration with risk owners and technical teamsManage security risk exceptions, ensuring proper compensating controls are documentedLead security risk review meetings and follow up on mitigation progressKeep the security risk register up to date at all timesRefine processes and documentation in response to product changes or efficiency opportunitiesSupport internal and external audits by providing risk‑related documentation and evidenceCommunicate clearly with project managers, consultants, support teams, and customersPerson SpecificationQualificationsBachelor’s degree in Computer Science, Information Security, or a related fieldAccreditation in an audit framework (e.

g.

, ISAE‑3402, SOC 1/2, ISO 27001 Lead Implementer) advantageousEssential AttributesCan‑do attitude with a passion for continuous improvementStrong interpersonal skills; able to influence stakeholders at all levelsAbility to translate complex technical or compliance requirements into clear business termsSolid understanding of various audit standards and their respective strengths/limitationsExperience & CompetenciesMinimum 2 years’ hands‑on experience in security risk assessment and managementProven track record maintaining risk registers and producing management risk reportsFamiliarity with ISAE‑3402, SOC 1/2, or ISO 27001 implementations highly desirableExcellent problem‑solving and troubleshooting abilitiesHighly organised with the ability to prioritise and juggle multiple tasks simultaneouslyIRIS Software Group is proud to be backed by Hg, Europe’s leading software investor.

Join us and help organisations get things right first time, every time!