Information security compliance analyst

Are you passionate and knowledgeable about information security compliance initiatives? Do you want to join one of the UK’s most exciting tech start-ups and work with a great team building an exciting product with a global impact?

Flourish is the world’s leading data storytelling platform. It enables anyone to create beautiful graphics and interactive stories without coding. Since its launch in 2018, more than 750,000 registered users have produced around 10 million graphics, which have racked up more than 20 billion views. Our customers range from leading newsrooms and corporations to NGOs, universities and government departments all over the world.

Flourish was recently acquired by Canva to empower the world to tell stories with data. Our team, mostly based in London, will continue growing Flourish as a separate product while also adding more data storytelling features natively in Canva.

(Some of) the Flourish team at our London office

The role

This is a full-time, permanent position. You will be part of the Ops team, reporting to our information security manager.

  • You will help to update and improve the information security management system, including (but not limited to): ensuring that emerging rules and guidelines are properly documented, when required, managing risks (using a risk assessment tool), regularly liaising with senior stakeholders to ensure feedback is collated, recorded and actioned, as needed.

  • You will support our information security manager in coordinating internal and external compliance audits, and help to record and monitor post-audit actions through to completion.

  • You will help to support company information security awareness initiatives by informing and advising the team about their responsibilities relating to general security and common security frameworks (i.e. ISO 27001, GDPR).

  • You will actively support customer security information requests, which will involve working closely with the Customer success and Sales teams, and responding in a timely manner.

About you

You are a proactive self-starter with excellent communication and organization skills, who has the capability and confidence to contribute ideas and work on your own initiative. You are passionate about information security and are keen to apply and expand your knowledge in a compliance role. You will have a good general understanding of technology, however, this is not a technical position. You are excited by the prospect of working in an ambitious, product-oriented team.

Must-have knowledge and experience

  • Ideally some prior experience in an information security GRC position
  • BSc/MSc Computer Science or IT-related academic qualification (with cyber/information security modules) OR equivalent work experience
  • Strong knowledge of ISO 27001 (through formal training or otherwise)
  • Strong general knowledge of information security terminology and processes

Nice-to-have skills

  • Working knowledge of data protection and GDPR

Personal attributes

  • Strong written and verbal team communication skills
  • Patient, organised and detail-oriented
  • Ability to work independently , as well as in a team
  • Excited by Flourish and its mission

About us

  • Our company: Flourish is a small team combining decades of collective experience in development, data, design, visualization and journalism/publishing. Read more about the team

  • Our culture: We’re a friendly and supportive group that values kindness, honesty and fun. We’re open and try new things with enthusiasm. And we’re high-momentum, focused on delivering magical products that our users love. We socialise as a team at least once a month.

  • Our interview process: We make our hiring process fast and straightforward. Typically there is a brief initial call, followed by a take home test and an interview with our InfoSec Manager.

  • Our location: We are largely a UK-based team, with a few exceptions. Our office in Shoreditch is a fun and exciting place to work.

Our office in Shoreditch has a relaxed and collaborative vibe


  • Competitive salary
  • Staff equity plan
  • Good company culture and schedule. We’re fast-paced but we don’t work crazy “startup” hours.
  • Lots of potential for career progression
  • 30 days’ annual holiday, plus additional days for flexibility and volunteering time
  • Regular team activities and socials
  • Benefits including budget/time for development and wellbeing

To apply

Send a CV, and a covering letter explaining why you’re interested in this role and how you meet the description above, to Please use the subject line “Information security compliance analyst”. Got questions about the job? Feel free to email us for a chat.

We’re committed to equality and diversity in the tech industry, so we’ll be especially happy to see applications from under-represented backgrounds.

Sorry, but we won’t be able to sponsor visas for this role: please do not apply if you do not already have the right to work in the UK or The Netherlands. We are not accepting applications from recruitment agencies for this role.

Not right for you?

Please spread the word instead! And join our mailing list to stay posted about Flourish. Or check out our other job openings.