Location: London, United Kingdom
Department: Engineering
AltoVita is a female-founded scale-up with approximately 100 employees across 26 countries, speaking 29 languages collectively. The company is a multi-award winning accommodation platform that enables enterprises to consolidate accommodation programmes through proprietary technology and a human-centric approach. AltoVita recently closed Series A financing and will be entering Series B rounds. The company operates a network of 10 million+ verified properties across 35,000+ cities in 165 countries worldwide.
Security and Privacy Operations
Support day-to-day operation of AltoVita's information security and privacy activities
Maintain security, privacy and compliance documentation
Track security and privacy actions, control improvements and remediation activities
Maintain registers including risks, issues, actions, policies, vendors, assets, data processing activities and control evidence
Coordinate updates between internal teams to ensure progress on agreed actions
Prepare security and privacy reports, summaries and updates for internal stakeholders
Ensure security and privacy activities are documented, repeatable and easy to evidence
Escalate risks, issues or delays to the CISO or relevant business owner
Compliance and Audit Support
Support internal and external compliance activities including ISO 27001, SOC 2, GDPR and client assurance requirements
Gather evidence for audits, assessments and control reviews
Maintain audit trackers, evidence folders and compliance records
Coordinate with internal teams to obtain required documentation and control evidence
Support follow-up actions from audits, assessments or client reviews
Assist with maintenance of policies, procedures and standards
Ensure compliance activities are well organised and delivered within agreed timelines
Support CISO and control owners with audit preparation and remediation tracking
Policy and Documentation Support
Maintain clear, practical and accessible security and privacy documentation
Review and update information security and privacy policies
Assist with creation of standards, procedures, guidance notes and user-facing materials
Ensure documents are version controlled, approved and communicated appropriately
Maintain policy review schedules and track required updates
Draft practical guidance for employees on security and privacy topics
Support communication of policy changes across the business
Ensure documentation is accurate, consistent and aligned to business processes
Security Awareness and Culture
Carry out security and privacy training administration and ensure 100% completion rates across the business
Support development of awareness content, reminders, newsletters, FAQs and guidance
Coordinate phishing simulations and follow-up communications
Track training completion and awareness participation
Support campaigns that promote secure behaviours and good privacy practices
Make security and privacy feel practical, accessible and enabling
Escalate recurring behavioural or process issues to the CISO or relevant business owner
Privacy Support
Assist with maintenance of privacy records, including data processing registers and related documentation
Track privacy actions, assessments and improvement activities
Gather information for privacy reviews, data mapping or data protection impact assessments
Provide practical privacy guidance to internal teams, escalating complex matters where needed
Assist with record keeping for data subject requests, incidents or privacy enquiries
Ensure privacy documentation remains organised, accurate and accessible
Client Assurance and Security Questionnaires
Support completion of client security and privacy questionnaires, RFP responses and due diligence requests
Prepare responses to client security and privacy questions
Maintain library of approved answers, evidence and supporting materials
Coordinate with internal subject matter experts to obtain accurate information
Ensure responses are consistent with AltoVita's current controls, policies and practices
Translate technical or compliance information into clear, client-friendly language
Track open client assurance requests and support timely completion
Escalate complex, high-risk or contractual questions to the CISO, Legal or relevant business owner
Supplier and Third-Party Support
Assist with supplier due diligence questionnaires and evidence collection
Maintain supplier records, risk ratings and review schedules
Track supplier security or privacy actions
Support periodic reviews of key suppliers
Ensure supplier documentation is complete and up to date
Escalate potential supplier risks or concerns to the appropriate owner
Incident and Risk Support