Information Security Compliance Specialist
Octopus Deploy sets the standard for Continuous Delivery, empowering software teams to deliver value in an agile way. Over 4,000 organizations globally – including Ubisoft, ASOS, Xero, monday.com, Stack Overflow, NASA, and Disney – rely on our Continuous Delivery, GitOps, and release orchestration solutions.
Founded in Australia in 2012, our team of over 270 Octonauts now spans the globe. We combine high growth and big ambitions with a sustainable, balanced working environment. Our revenue has grown consistently between 30–50% every year for the past 8 years, and we’ve been profitable for 10 out of the past 11 years. [In 2024, Octopus Deploy acquired Argo maintainers, Codefresh, the leaders in enterprise GitOps.] Octopus now provides the industry's most comprehensive Continuous Delivery solution for organizations operating at scale.
We’ve been remote-first since 2015 and work with an uncommon level of transparency. You can read our public handbook to learn how we work. We have a transparent approach to compensation that ensures people doing the same work with the same skill get paid the same, with well-defined career pathways. We foster a supportive, collaborative, and high-trust environment. We leave our job titles at the door and focus on doing what’s best for our customers and team. Our leaders never shy away from answering the tough questions at our all-hands calls or in 1:1s. We conduct interviews and onboarding virtually as part of being a remote-first company.
In this role, you will play a pivotal part in safeguarding our organization by performing comprehensive cyber security risk assessments on internal projects, external services, products, and vendors. As part of our Legal, Compliance, & IT team you'll engage closely with our customers, ensuring transparency about our security measures, and collaborate with various teams to conduct risk workshops, identify vulnerabilities, and implement effective solutions.
If you possess a deep understanding of globally recognized cyber security standards, exceptional communication skills, and hands-on experience in policy formulation and internal audits, we invite you to apply and contribute to our innovative, security-focused environment.
A Typical Day Might Include:
Performing cyber security risk assessments on internal projects of external services, products, or vendors.
Working with our customers to provide information on the security of our business and product.
Monitoring compliance performance metrics and responding to alerts in our compliance systems.
Performing risk workshops to assist teams in identifying, assessing, and remediating cyber security risks.
Maintaining a cyber security risk register and tracking remediation actions to completion.
Reviewing and maintaining cyber security governance documentation and assessing compliance.
Assisting with cyber security awareness activities and initiatives.
You'll Be A Great Fit If You:
Have experience performing cyber security risk reviews, third party assessments and vendor due diligence.
Understand internationally recognised cyber security standards such as ISO27001 and SOC 2, and overlapping regulations such as GDPR.
Are familiar with writing cyber security policy and process documentation and performing internal audit functions.
Understand data privacy concepts and practices and are familiar with global privacy regulations.
Are comfortable communicating cyber security concepts and requirements to a wide variety of audiences.
Possess a knowledge of DevOps, software development, or SaaS would be advantageous.
Compensation:
Octopus has an internally open and transparent system for compensation. Any Octonaut can view the compensation for any role at any level. This ensures people doing the same work with the same skill get paid the same.
The compensation for this role is:
£45000-£55,000 GBP
Benefits include a minimum of 25 days annual leave, up to 10 days of paid sick and carers leave, 12 weeks of fully paid parental leave with flexible return options, pension contributions of up to 5%, and stock options. Learn more.
Below is the interview process you can expect for this role. We know interviewing can seem daunting, but rest assured we designed our interview process to move quickly while still getting you all the information you need.
👋🏼Initial chat
[30 min] Talent acquisition screen: Meet with your Talent Acquisition team and get a feel for what it would be like to be an Octonaut!
💻Hiring Manager & Peer Chat
[60 min] Hiring Manager & Peer Chat: Meet your team for a conversation about your experience, the role and team.
🧑💻Head of Department Chat
[60 min] Meet our VP Legal & Compliance: Explore the role in more detail, answer some additional questions of ours, and we'll answer any of yours
Our public employee handbook is the best place to learn more about life at Octopus. It includes our values, how we structure teams, career progression, leave and benefits, and much more.
If you're enthusiastic about this position, even if you don’t meet all the criteria above, we wholeheartedly encourage you to submit your application. Our talent team is in-house, and we recognize that every individual brings something unique. We take the time to review every application and consider how you might add to the team.
We know your time is precious. If you apply, we promise to update you at least once per week about the status of your application and to give you clear expectations for each step in the journey.
[Note to Search Firms/Agencies]
Octopus Deploy does not compensate search firms for unsolicited assistance unless they have a written search agreement with Octopus Deploy and the requisition is position-specific. Any resumes, curriculum vitae and other unsolicited assistance from search firms that do not have a written search agreement or position-specific requisition submitted to any Associate of Octopus Deploy will be deemed the sole property of Octopus Deploy and no fee will be paid in the event the candidate is hired by Octopus Deploy.
About the job
Apply for this position
Information Security Compliance Specialist
Octopus Deploy sets the standard for Continuous Delivery, empowering software teams to deliver value in an agile way. Over 4,000 organizations globally – including Ubisoft, ASOS, Xero, monday.com, Stack Overflow, NASA, and Disney – rely on our Continuous Delivery, GitOps, and release orchestration solutions.
Founded in Australia in 2012, our team of over 270 Octonauts now spans the globe. We combine high growth and big ambitions with a sustainable, balanced working environment. Our revenue has grown consistently between 30–50% every year for the past 8 years, and we’ve been profitable for 10 out of the past 11 years. [In 2024, Octopus Deploy acquired Argo maintainers, Codefresh, the leaders in enterprise GitOps.] Octopus now provides the industry's most comprehensive Continuous Delivery solution for organizations operating at scale.
We’ve been remote-first since 2015 and work with an uncommon level of transparency. You can read our public handbook to learn how we work. We have a transparent approach to compensation that ensures people doing the same work with the same skill get paid the same, with well-defined career pathways. We foster a supportive, collaborative, and high-trust environment. We leave our job titles at the door and focus on doing what’s best for our customers and team. Our leaders never shy away from answering the tough questions at our all-hands calls or in 1:1s. We conduct interviews and onboarding virtually as part of being a remote-first company.
In this role, you will play a pivotal part in safeguarding our organization by performing comprehensive cyber security risk assessments on internal projects, external services, products, and vendors. As part of our Legal, Compliance, & IT team you'll engage closely with our customers, ensuring transparency about our security measures, and collaborate with various teams to conduct risk workshops, identify vulnerabilities, and implement effective solutions.
If you possess a deep understanding of globally recognized cyber security standards, exceptional communication skills, and hands-on experience in policy formulation and internal audits, we invite you to apply and contribute to our innovative, security-focused environment.
A Typical Day Might Include:
Performing cyber security risk assessments on internal projects of external services, products, or vendors.
Working with our customers to provide information on the security of our business and product.
Monitoring compliance performance metrics and responding to alerts in our compliance systems.
Performing risk workshops to assist teams in identifying, assessing, and remediating cyber security risks.
Maintaining a cyber security risk register and tracking remediation actions to completion.
Reviewing and maintaining cyber security governance documentation and assessing compliance.
Assisting with cyber security awareness activities and initiatives.
You'll Be A Great Fit If You:
Have experience performing cyber security risk reviews, third party assessments and vendor due diligence.
Understand internationally recognised cyber security standards such as ISO27001 and SOC 2, and overlapping regulations such as GDPR.
Are familiar with writing cyber security policy and process documentation and performing internal audit functions.
Understand data privacy concepts and practices and are familiar with global privacy regulations.
Are comfortable communicating cyber security concepts and requirements to a wide variety of audiences.
Possess a knowledge of DevOps, software development, or SaaS would be advantageous.
Compensation:
Octopus has an internally open and transparent system for compensation. Any Octonaut can view the compensation for any role at any level. This ensures people doing the same work with the same skill get paid the same.
The compensation for this role is:
£45000-£55,000 GBP
Benefits include a minimum of 25 days annual leave, up to 10 days of paid sick and carers leave, 12 weeks of fully paid parental leave with flexible return options, pension contributions of up to 5%, and stock options. Learn more.
Below is the interview process you can expect for this role. We know interviewing can seem daunting, but rest assured we designed our interview process to move quickly while still getting you all the information you need.
👋🏼Initial chat
[30 min] Talent acquisition screen: Meet with your Talent Acquisition team and get a feel for what it would be like to be an Octonaut!
💻Hiring Manager & Peer Chat
[60 min] Hiring Manager & Peer Chat: Meet your team for a conversation about your experience, the role and team.
🧑💻Head of Department Chat
[60 min] Meet our VP Legal & Compliance: Explore the role in more detail, answer some additional questions of ours, and we'll answer any of yours
Our public employee handbook is the best place to learn more about life at Octopus. It includes our values, how we structure teams, career progression, leave and benefits, and much more.
If you're enthusiastic about this position, even if you don’t meet all the criteria above, we wholeheartedly encourage you to submit your application. Our talent team is in-house, and we recognize that every individual brings something unique. We take the time to review every application and consider how you might add to the team.
We know your time is precious. If you apply, we promise to update you at least once per week about the status of your application and to give you clear expectations for each step in the journey.
[Note to Search Firms/Agencies]
Octopus Deploy does not compensate search firms for unsolicited assistance unless they have a written search agreement with Octopus Deploy and the requisition is position-specific. Any resumes, curriculum vitae and other unsolicited assistance from search firms that do not have a written search agreement or position-specific requisition submitted to any Associate of Octopus Deploy will be deemed the sole property of Octopus Deploy and no fee will be paid in the event the candidate is hired by Octopus Deploy.