Compliance Analyst, Security

Company Overview

IRIS Software Group is one of the UK’s largest privately held software companies. Acquired by Hg Capital in 2018, its purpose is to be the most trusted provider of mission‑critical software and services—ensuring customers get it right first time, every time.

IRIS removes process pain points so professionals in businesses and schools can focus on the work they love. Our solutions for finance, HR & payroll teams, educational organisations, and accountancy firms help clients comply with regulations, drive productivity, and engage key stakeholders. By simplifying, automating, and providing insights into everyday mission‑critical tasks, IRIS empowers organisations of all sizes to move forward with certainty and confidence.

• Global footprint:

  100,000+ customers across 135 countries

• User impact:

  5 million employees on our payroll & HR platforms; 1 in 8 UK employees paid via IRIS; 4 million+ parents/guardians using IRIS school apps

• Market leadership:

  Largest third‑party online filer with the UK Government; used by 91 of the top 100 UK accountancy firms and 54 of the top 100 US CPA firms

• Accolades:

  Winner of ‘Payroll Innovation’ at the Global Payroll Association Awards for Troncmasters by IRIS

Purpose of the Role

Compliance Analyst

Main Responsibilities

• Operate and continuously improve IRIS’s security risk management process
• Align risk practices with internal policies, regulatory requirements, and frameworks (ISO 27001, SOC 2, NIST)
• Review identified risks; assign criticality based on our Risk Matrix and escalate out‑of‑tolerance items
• Serve as the central point of contact for security risk matters across the organisation
• Evaluate compensating controls and treatment plans for compliance effectiveness
• Recommend and track risk treatment plans in collaboration with risk owners and technical teams
• Manage security risk exceptions, ensuring proper compensating controls are documented
• Lead security risk review meetings and follow up on mitigation progress
• Keep the security risk register up to date at all times
• Refine processes and documentation in response to product changes or efficiency opportunities
• Support internal and external audits by providing risk‑related documentation and evidence
• Communicate clearly with project managers, consultants, support teams, and customers

Person Specification

Qualifications

• Bachelor’s degree in Computer Science, Information Security, or a related field
• Accreditation in an audit framework (e.g., ISAE‑3402, SOC 1/2, ISO 27001 Lead Implementer) advantageous

Essential Attributes

• Can‑do attitude with a passion for continuous improvement
• Strong interpersonal skills; able to influence stakeholders at all levels
• Ability to translate complex technical or compliance requirements into clear business terms
• Solid understanding of various audit standards and their respective strengths/limitations

Experience & Competencies

• Minimum 2 years’ hands‑on experience in security risk assessment and management
• Proven track record maintaining risk registers and producing management risk reports
• Familiarity with ISAE‑3402, SOC 1/2, or ISO 27001 implementations highly desirable
• Excellent problem‑solving and troubleshooting abilities
• Highly organised with the ability to prioritise and juggle multiple tasks simultaneously

IRIS Software Group