The Company

At Fora, we’re reimagining what the workplace can be.

We create inspiring, design‑led spaces that blend hospitality, community, and wellbeing—so people can work productively, creatively, and happily.

From our first London workspace over 20 years ago, we’ve grown to 60+ locations across the UK supporting 30,000+ members and partnering with trailblazing brands like Ocado, The British Fashion Council, and Pangaia.

Backed by The Office Group, Blackstone, and Brockton Capital, we’re growing fast and pioneering conscious design, sustainable construction, and workspaces that empower people to work in their own unique way.

At Fora, we’re not just shaping workplaces - we're shaping the future of work.

The role :

Please note this position is 4 days in the office and 1 day working from anywhere.

This role is about making security happen, not writing policies that sit on a shelf.

As an Information Security Analyst, you’ll sit at the point where technology, delivery, and governance meet — embedding pragmatic security assurance into vendor selection, SaaS adoption, and project delivery. Your job is to make sure security risks are identified early, articulated clearly, and driven through to real, implemented controls.

This is a hands‑on, delivery‑focused role. You’ll work closely with engineers, delivery teams, IT operations, and business owners to ensure security commitments translate into action — not just documents.

If you’re technically credible, comfortable challenging designs constructively, and prefer practical outcomes over theoretical risk language, this role is built for you.

What you’ll be doing

🔐 Vendor & SaaS Security Assurance

You’ll lead security assessments for new and existing vendors and SaaS platforms, reviewing areas such as:

• Identity and access controls

• Data protection
• Hosting environments
• Vulnerability management
• Incident response

You’ll translate technical findings into clear risk statements, practical mitigations, and informed acceptance options, maintaining evidence suitable for investor, audit, and assurance review.

🚀 Secure Project Delivery

You’ll engage early in projects and technical change, shaping security before designs are finalised. This includes reviewing architectures and delivery approaches, and constructively challenging areas such as:

• Secrets management and credential handling

• Access lifecycle and permissions
• Key rotation and logging expectations

You’ll work pragmatically with delivery teams (including those using tools like Azure DevOps), integrating security into delivery plans — not adding friction at the end.

🔍 Operational Risk Follow‑Through

You’ll make sure security risks don’t stall after being identified:

• Tracking remediation actions

• Following up on overdue items
• Escalating issues with evidence, impact, and clear options, not abstract theory

📊 Risk & Governance Support

You’ll maintain a decision‑focused risk register, ensuring it reflects real control posture and delivery reality. You’ll help prepare concise risk summaries and evidence packs for senior decision‑makers, and contribute to improving governance processes where they genuinely help clarity, accountability, and delivery.

Why this role is different

• ✅ Not policy‑only
• ✅ Not compliance‑led
• ✅ Focused on real delivery, real controls, and real outcomes