Solus Accident Repair Centres
Birchanger, Hertfordshire
Overview At Solus, we are strengthening our technology governance and cyber resilience as we continue to grow. We are looking for an IT Governance, Risk and Compliance (GRC) Analyst to help us maintain a secure, well governed and compliant technology environment across the business. This is a great role for someone who enjoys analysing detail, challenging constructively, influencing stakeholders and helping teams make confident, risk-based decisions. About the role As our IT GRC Analyst, you will support the Cyber Security, Risk and Assurance function with a mixture of governance activity, assurance reviews, supplier assessments and compliance oversight. You will help us meet Aviva Group requirements, regulatory expectations and industry standards while ensuring our technology risks are understood and well managed. Location: Hybrid (Stansted - 3 days per week, 2 days remote) Responsibilities Maintain and improve our IT risk register, ensuring risks are clear, evidenced and tracked Support risk owners with guidance on controls, remediation and governance requirements Complete compliance reviews, control testing and assurance activities Produce risk and compliance reporting for leadership forums Carry out supplier assurance assessments, recommend improvements and escalate risk where needed Keep IT policies and standards up to date and aligned with Aviva and recognised frameworks Provide clear insight to non technical colleagues on risk, controls and potential impacts Support Group assurance activity and represent Solus in relevant forums This is an individual contributor role with a high level of ownership and plenty of opportunity to influence how we operate. Qualifications You will thrive in this role if you have: Knowledge of GRC frameworks such as ISO 27001, NIST CSF, Cyber Essentials or DPA Experience in risk management, governance or cyber/security assurance The ability to analyse complex information and turn it into clear, meaningful insight Confidence challenging and advising colleagues at all levels Strong communication and stakeholder management skills Certifications such as CISM, CRISC or CGRC are desirable but not essential. Who are Solus? Solus, who are owned by Aviva, are one of the UK leaders in vehicle repairs, returning cars to the road in just 11 days on average and a 4.6/5 star customer rating. With an award-winning apprenticeship programme and winners of other recognised industry awards Solus are proud to be shaping the future of vehicle repair. Why Join Solus? We have so much to offer when it comes to being a Solus colleague: Competitive salary based on location, skills, experience, and qualifications. Bonus opportunity tied to your performance and the overall success of Solus. Company pension scheme with employer contributions. 33 days' holiday (including bank holidays), with the option to buy or sell up to 5 days. Save money with up to 40% discount on Aviva products and other retailer discounts. Share in Aviva's success through the Aviva Save As You Earn scheme. Supportive policies including parental and carer's leave. Wellbeing focus with tools like Group Income Protection and 24/7 GP access. At Solus, we value inclusivity and welcome all applicants. If you're excited but don't tick every box, we encourage you to apply-your unique skills might be just what we need. We guarantee an interview for disabled applicants meeting the minimum criteria-just email us after applying to let us know. Ready to join us? Apply online today, and our team will be in touch within 14 days.
04/04/2026
Full time
Overview At Solus, we are strengthening our technology governance and cyber resilience as we continue to grow. We are looking for an IT Governance, Risk and Compliance (GRC) Analyst to help us maintain a secure, well governed and compliant technology environment across the business. This is a great role for someone who enjoys analysing detail, challenging constructively, influencing stakeholders and helping teams make confident, risk-based decisions. About the role As our IT GRC Analyst, you will support the Cyber Security, Risk and Assurance function with a mixture of governance activity, assurance reviews, supplier assessments and compliance oversight. You will help us meet Aviva Group requirements, regulatory expectations and industry standards while ensuring our technology risks are understood and well managed. Location: Hybrid (Stansted - 3 days per week, 2 days remote) Responsibilities Maintain and improve our IT risk register, ensuring risks are clear, evidenced and tracked Support risk owners with guidance on controls, remediation and governance requirements Complete compliance reviews, control testing and assurance activities Produce risk and compliance reporting for leadership forums Carry out supplier assurance assessments, recommend improvements and escalate risk where needed Keep IT policies and standards up to date and aligned with Aviva and recognised frameworks Provide clear insight to non technical colleagues on risk, controls and potential impacts Support Group assurance activity and represent Solus in relevant forums This is an individual contributor role with a high level of ownership and plenty of opportunity to influence how we operate. Qualifications You will thrive in this role if you have: Knowledge of GRC frameworks such as ISO 27001, NIST CSF, Cyber Essentials or DPA Experience in risk management, governance or cyber/security assurance The ability to analyse complex information and turn it into clear, meaningful insight Confidence challenging and advising colleagues at all levels Strong communication and stakeholder management skills Certifications such as CISM, CRISC or CGRC are desirable but not essential. Who are Solus? Solus, who are owned by Aviva, are one of the UK leaders in vehicle repairs, returning cars to the road in just 11 days on average and a 4.6/5 star customer rating. With an award-winning apprenticeship programme and winners of other recognised industry awards Solus are proud to be shaping the future of vehicle repair. Why Join Solus? We have so much to offer when it comes to being a Solus colleague: Competitive salary based on location, skills, experience, and qualifications. Bonus opportunity tied to your performance and the overall success of Solus. Company pension scheme with employer contributions. 33 days' holiday (including bank holidays), with the option to buy or sell up to 5 days. Save money with up to 40% discount on Aviva products and other retailer discounts. Share in Aviva's success through the Aviva Save As You Earn scheme. Supportive policies including parental and carer's leave. Wellbeing focus with tools like Group Income Protection and 24/7 GP access. At Solus, we value inclusivity and welcome all applicants. If you're excited but don't tick every box, we encourage you to apply-your unique skills might be just what we need. We guarantee an interview for disabled applicants meeting the minimum criteria-just email us after applying to let us know. Ready to join us? Apply online today, and our team will be in touch within 14 days.
Graduate Operational Technology (OT) Cyber Security Analyst / Engineer 3 days a week onsite (London or Leicester or Sunderland or Crewe or Derby or Luton) Permanent role with excellent salary + company benefits This person will receive all the training and paid qualifications to move into an Operational Technology Compliance Manager role. We're looking for an ambitious engineering graduate with at least 1 years' experience of working with Operational Technology (OT) who is keen to build a long-term career in cybersecurity for critical infrastructure. Reporting into the Head of Information Security GRC and Group CISO this role sits within the Group Information Security team and offers a unique opportunity to work at the intersection of engineering systems and cybersecurity. You will help ensure that operational technologies across this large global organisation are designed, deployed and maintained securely, supporting the protection of critical transport systems. You will receive structured training, mentoring and financial support to achieve industry-recognised cybersecurity certifications, while gaining hands-on experience working with engineers, technology teams and security specialists across the organisation. This role is ideal for someone who has worked with rail operational systems or similar and wants to transition into the rapidly growing field of Operational Technology security. What You'll Be Doing Working alongside experienced cybersecurity and engineering specialists, you will: Support the implementation of the Operational Technology security strategy across engineering and operational teams. Assist in applying recognised cyber security frameworks such as National Institute of Standards and Technology Cyber Security Framework and IEC 62443 to operational environments. Work with engineering teams to understand how operational systems such as Supervisory Control and Data Acquisition, Programmable Logic Controller, and rail technologies like European Train Control System are designed and operated. Support the review of engineering designs to help ensure security considerations are included throughout the system lifecycle. Assist with vulnerability scanning, security assessments and assurance activities relating to operational technology systems. Work with the Security Operations Centre to help monitor and respond to security risks affecting operational environments. Help develop training materials and guidance for engineering teams on secure system design and operational practices. Contribute to security improvement plans following risk assessments or security testing. Training and Development As part of this role you will receive: Structured training in Operational Technology cybersecurity Mentoring from experienced cybersecurity and engineering professionals Financial support and study time for professional certifications such as: Certified Information Systems Security Professional Certified Information Security Manager ISO/IEC 27001 Lead Auditor Exposure to large-scale operational systems and real-world cybersecurity challenges Opportunities to grow into specialist OT security or cybersecurity leadership roles What We're Looking For Essential Degree in Engineering, Electrical Engineering, Electronic Engineering, Systems Engineering, or a related discipline Some practical experience of Operational Technology environments, such as industrial control systems, automation, or rail systems Understanding of technologies such as PLCs, SCADA, or industrial networks Interest in cybersecurity and protecting critical infrastructure Strong analytical and problem-solving skills Good communication skills and ability to work with both engineering and technology teams Desirable Experience through internships, placements or projects involving operational technology systems Exposure to rail or transport engineering environments Basic awareness of cybersecurity concepts Interest in pursuing professional cybersecurity certifications This role provides an exceptional opportunity to build a career in one of the fastest-growing areas of cybersecurity: Operational Technology security. You will gain experience protecting systems that support real-world infrastructure and transport operations, while receiving the training and professional support needed to develop into a specialist OT cybersecurity professional so if you're interested in this role please send your CV asap.
03/04/2026
Full time
Graduate Operational Technology (OT) Cyber Security Analyst / Engineer 3 days a week onsite (London or Leicester or Sunderland or Crewe or Derby or Luton) Permanent role with excellent salary + company benefits This person will receive all the training and paid qualifications to move into an Operational Technology Compliance Manager role. We're looking for an ambitious engineering graduate with at least 1 years' experience of working with Operational Technology (OT) who is keen to build a long-term career in cybersecurity for critical infrastructure. Reporting into the Head of Information Security GRC and Group CISO this role sits within the Group Information Security team and offers a unique opportunity to work at the intersection of engineering systems and cybersecurity. You will help ensure that operational technologies across this large global organisation are designed, deployed and maintained securely, supporting the protection of critical transport systems. You will receive structured training, mentoring and financial support to achieve industry-recognised cybersecurity certifications, while gaining hands-on experience working with engineers, technology teams and security specialists across the organisation. This role is ideal for someone who has worked with rail operational systems or similar and wants to transition into the rapidly growing field of Operational Technology security. What You'll Be Doing Working alongside experienced cybersecurity and engineering specialists, you will: Support the implementation of the Operational Technology security strategy across engineering and operational teams. Assist in applying recognised cyber security frameworks such as National Institute of Standards and Technology Cyber Security Framework and IEC 62443 to operational environments. Work with engineering teams to understand how operational systems such as Supervisory Control and Data Acquisition, Programmable Logic Controller, and rail technologies like European Train Control System are designed and operated. Support the review of engineering designs to help ensure security considerations are included throughout the system lifecycle. Assist with vulnerability scanning, security assessments and assurance activities relating to operational technology systems. Work with the Security Operations Centre to help monitor and respond to security risks affecting operational environments. Help develop training materials and guidance for engineering teams on secure system design and operational practices. Contribute to security improvement plans following risk assessments or security testing. Training and Development As part of this role you will receive: Structured training in Operational Technology cybersecurity Mentoring from experienced cybersecurity and engineering professionals Financial support and study time for professional certifications such as: Certified Information Systems Security Professional Certified Information Security Manager ISO/IEC 27001 Lead Auditor Exposure to large-scale operational systems and real-world cybersecurity challenges Opportunities to grow into specialist OT security or cybersecurity leadership roles What We're Looking For Essential Degree in Engineering, Electrical Engineering, Electronic Engineering, Systems Engineering, or a related discipline Some practical experience of Operational Technology environments, such as industrial control systems, automation, or rail systems Understanding of technologies such as PLCs, SCADA, or industrial networks Interest in cybersecurity and protecting critical infrastructure Strong analytical and problem-solving skills Good communication skills and ability to work with both engineering and technology teams Desirable Experience through internships, placements or projects involving operational technology systems Exposure to rail or transport engineering environments Basic awareness of cybersecurity concepts Interest in pursuing professional cybersecurity certifications This role provides an exceptional opportunity to build a career in one of the fastest-growing areas of cybersecurity: Operational Technology security. You will gain experience protecting systems that support real-world infrastructure and transport operations, while receiving the training and professional support needed to develop into a specialist OT cybersecurity professional so if you're interested in this role please send your CV asap.
GRC Analyst - Data Protection & GDPR Compliance Fixed Term Contract, 12 months - £45k - £50k Location: Hybrid - Birmingham Your new company: I am looking to recruit a GRC Analyst, focusing on Data Protection and GDPR, to join a leader in the hospitality space, with the role focusing on GRC activities, with a strong focus on information security, privacy, and regulatory assurance across the organisation. The role responsibilities: This role focusses on data protection assurance and GDPR compliance, ensuring personal data is processed lawfully, and in line with regulatory and organisational requirements. Key parts of the role: Reviewing how personal data is used across systems, business processes, and technology solutions. Identifying opportunities to reduce, anonymise, or eliminate personal data processing where it is not essential to business needs. Support the review, development, and rollout of information security and data protection policies. Contribute to the management of information security, third party, and privacy risk registers. Assist with internal and external audits, including GDPR assurance, PCI DSS, and financial audits. Track remediation of identified security, privacy, and compliance issues to ensure timely closure. Support incident and breach response activities, including investigation, documentation, and follow up actions. You will need: Strong understanding of GDPR, the UK Data Protection Act, and privacy and security control requirements. Experience working in GRC, information security, data protection, supplier assurance, or a related compliance role. Ability to interpret and assess technical and organisational controls. Strong analytical skills with excellent attention to detail. Confident written and verbal communication skills, able to engage across legal, technical, and operational teams. Experience contributing to incident or breach investigations. Ability to manage multiple competing priorities and constructively challenge established processes. Minimum 3 years' experience in a relevant role. CIPP/E, CIPM, CompTIA Security+, or BCS Practitioner Certificate in Data Protection, desirable. What you'll get in return: Salary of between £45k-£50k Hybrid working Company discounts A pension contribution matched at 1.5x, up to 5%. Private healthcare, dental plan, cycle to work, and keep-fit schemes. 26 days annual leave plus bank holidays. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at hays.co.uk
01/04/2026
Full time
GRC Analyst - Data Protection & GDPR Compliance Fixed Term Contract, 12 months - £45k - £50k Location: Hybrid - Birmingham Your new company: I am looking to recruit a GRC Analyst, focusing on Data Protection and GDPR, to join a leader in the hospitality space, with the role focusing on GRC activities, with a strong focus on information security, privacy, and regulatory assurance across the organisation. The role responsibilities: This role focusses on data protection assurance and GDPR compliance, ensuring personal data is processed lawfully, and in line with regulatory and organisational requirements. Key parts of the role: Reviewing how personal data is used across systems, business processes, and technology solutions. Identifying opportunities to reduce, anonymise, or eliminate personal data processing where it is not essential to business needs. Support the review, development, and rollout of information security and data protection policies. Contribute to the management of information security, third party, and privacy risk registers. Assist with internal and external audits, including GDPR assurance, PCI DSS, and financial audits. Track remediation of identified security, privacy, and compliance issues to ensure timely closure. Support incident and breach response activities, including investigation, documentation, and follow up actions. You will need: Strong understanding of GDPR, the UK Data Protection Act, and privacy and security control requirements. Experience working in GRC, information security, data protection, supplier assurance, or a related compliance role. Ability to interpret and assess technical and organisational controls. Strong analytical skills with excellent attention to detail. Confident written and verbal communication skills, able to engage across legal, technical, and operational teams. Experience contributing to incident or breach investigations. Ability to manage multiple competing priorities and constructively challenge established processes. Minimum 3 years' experience in a relevant role. CIPP/E, CIPM, CompTIA Security+, or BCS Practitioner Certificate in Data Protection, desirable. What you'll get in return: Salary of between £45k-£50k Hybrid working Company discounts A pension contribution matched at 1.5x, up to 5%. Private healthcare, dental plan, cycle to work, and keep-fit schemes. 26 days annual leave plus bank holidays. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at hays.co.uk
About the role This is a fantastic opportunity to join Southern Water's Cyber Risk & Assurance team, the organisation's second line of defence within the wider Cyber Security function. As a Cyber Risk & Assurance Analyst, you'll play a central role in helping the business understand, manage and reduce cyber risk across critical operations. You'll be responsible for developing and improving cyber risk insights in your area of specialism, driving process and tooling enhancements, and supporting stakeholders across Technology, Legal and the wider business. This is a role for someone who enjoys tackling complex problems, breaking them down into actionable solutions, and collaborating with a wide range of experts. You'll also act as a trusted advisor helping colleagues understand cyber threats, risks and controls, and supporting the wider team in embedding strong cyber risk management practices across Southern Water. What you will be responsible for: You will conduct complex cyber risk assessments, strengthen key controls, deliver clear risk insights, and drive improvements across cyber domains - all while building collaborative relationships across Technology, Security, Legal and the business. Key Responsibilities Maintain an up-to-date understanding of the cyber threat landscape, relevant regulations (including NIS1/NIS2 and GDPR), and emerging risks. Lead, plan and perform complex cyber risk assessments aligned to industry-recognised frameworks, testing the design and effectiveness of cyber controls. Produce high-quality risk assessment reports with clear, actionable conclusions that support timely risk-based decision-making. Identify and deliver improvements across domains such as identity & access management, application security, endpoint security, and network security. Work closely with stakeholders across Security, Technology, Legal, Internal Audit and the wider business to assess control gaps, prioritise remediation actions and track progress to completion. Build strong working relationships across teams to influence, support and strengthen cyber risk management practices. Drive process improvements and enhancements across the Cyber Risk & Assurance function. Additional requirements specific to the role Will work closely with both technical teams and non-technical stakeholders, requiring an ability to communicate complex concepts clearly. Must be comfortable operating in an environment with regulatory, operational and cyber security obligations. Occasional engagement with internal or external audit teams may be required. What you'll bring to the role: Essential Degree-level education or equivalent experience. Strong knowledge of cyber security and information security control best practice. Proven experience in cyber security, risk management or security assessment (10+ years, or advanced degree with 8+ years). In-depth understanding of key frameworks such as NIST (800-37, 800-30, 800-53), ISO 27001/27005, SOC 2, PCI or MITRE ATT&CK. Solid understanding of cloud models, application security, vulnerability and patch management. Experience in regulated and/or unionised environments. Excellent communication skills with the ability to simplify complex findings for senior management. Strong attention to detail and a proactive, positive, innovative mindset. Desirable GRC or security certifications (e.g., CISSP, CISM, CRISC, CISA, GCFE, GSEC, CCSP). Experience with cyber risk modelling (e.g., CyberCube, RMS, Cyence). Hands-on experience with frameworks such as ISO 27001, NIST CSF, NCSC CAF or CIS Controls. Understanding of ICS/OT environments. Southern Water is at the forefront of transforming Britain's water industry, investing significantly to enhance resilience, sustainability, and service excellence. With £7.8bn planned investment for 2025-30, this is an unparalleled opportunity to join a business committed to delivering a generational shift in the way water services are managed. You will be joining at a time of significant change, working alongside a highly skilled leadership team with a clear vision for the future. We offer an environment where senior professionals can make a meaningful impact, influence major strategic decisions, and drive long-term value creation . At Southern Water, we believe diverse perspectives drive innovation. If you're passionate about making a positive impact and think you can bring value to our team, we'd love to hear from you-even if you don't tick every box. Your unique skills and experiences could be exactly what we need. Our Commitment to Diversity We welcome applicants from all backgrounds, identities, and experiences. We do not discriminate based on race, ethnicity, gender, sexual orientation, age, disability, religion, or any other protected characteristic. If you need reasonable adjustments during the recruitment process, please let us know. Additional information: In line with Southern Water's security requirements, successful candidates will be required to provide evidence of their identity, eligibility to work in the UK, criminal record check (DBS) and verification of their employment and/or education history for the past three years. Appointment to this role is subject to the successful completion of all preemployment checks, including security vetting. Please note that if a candidate does not meet the required security standards or fails to pass the vetting process, Southern Water reserves the right to withdraw the offer of employment. Some positions may also require higher levels of security vetting, which may involve providing additional documentation.
01/04/2026
Full time
About the role This is a fantastic opportunity to join Southern Water's Cyber Risk & Assurance team, the organisation's second line of defence within the wider Cyber Security function. As a Cyber Risk & Assurance Analyst, you'll play a central role in helping the business understand, manage and reduce cyber risk across critical operations. You'll be responsible for developing and improving cyber risk insights in your area of specialism, driving process and tooling enhancements, and supporting stakeholders across Technology, Legal and the wider business. This is a role for someone who enjoys tackling complex problems, breaking them down into actionable solutions, and collaborating with a wide range of experts. You'll also act as a trusted advisor helping colleagues understand cyber threats, risks and controls, and supporting the wider team in embedding strong cyber risk management practices across Southern Water. What you will be responsible for: You will conduct complex cyber risk assessments, strengthen key controls, deliver clear risk insights, and drive improvements across cyber domains - all while building collaborative relationships across Technology, Security, Legal and the business. Key Responsibilities Maintain an up-to-date understanding of the cyber threat landscape, relevant regulations (including NIS1/NIS2 and GDPR), and emerging risks. Lead, plan and perform complex cyber risk assessments aligned to industry-recognised frameworks, testing the design and effectiveness of cyber controls. Produce high-quality risk assessment reports with clear, actionable conclusions that support timely risk-based decision-making. Identify and deliver improvements across domains such as identity & access management, application security, endpoint security, and network security. Work closely with stakeholders across Security, Technology, Legal, Internal Audit and the wider business to assess control gaps, prioritise remediation actions and track progress to completion. Build strong working relationships across teams to influence, support and strengthen cyber risk management practices. Drive process improvements and enhancements across the Cyber Risk & Assurance function. Additional requirements specific to the role Will work closely with both technical teams and non-technical stakeholders, requiring an ability to communicate complex concepts clearly. Must be comfortable operating in an environment with regulatory, operational and cyber security obligations. Occasional engagement with internal or external audit teams may be required. What you'll bring to the role: Essential Degree-level education or equivalent experience. Strong knowledge of cyber security and information security control best practice. Proven experience in cyber security, risk management or security assessment (10+ years, or advanced degree with 8+ years). In-depth understanding of key frameworks such as NIST (800-37, 800-30, 800-53), ISO 27001/27005, SOC 2, PCI or MITRE ATT&CK. Solid understanding of cloud models, application security, vulnerability and patch management. Experience in regulated and/or unionised environments. Excellent communication skills with the ability to simplify complex findings for senior management. Strong attention to detail and a proactive, positive, innovative mindset. Desirable GRC or security certifications (e.g., CISSP, CISM, CRISC, CISA, GCFE, GSEC, CCSP). Experience with cyber risk modelling (e.g., CyberCube, RMS, Cyence). Hands-on experience with frameworks such as ISO 27001, NIST CSF, NCSC CAF or CIS Controls. Understanding of ICS/OT environments. Southern Water is at the forefront of transforming Britain's water industry, investing significantly to enhance resilience, sustainability, and service excellence. With £7.8bn planned investment for 2025-30, this is an unparalleled opportunity to join a business committed to delivering a generational shift in the way water services are managed. You will be joining at a time of significant change, working alongside a highly skilled leadership team with a clear vision for the future. We offer an environment where senior professionals can make a meaningful impact, influence major strategic decisions, and drive long-term value creation . At Southern Water, we believe diverse perspectives drive innovation. If you're passionate about making a positive impact and think you can bring value to our team, we'd love to hear from you-even if you don't tick every box. Your unique skills and experiences could be exactly what we need. Our Commitment to Diversity We welcome applicants from all backgrounds, identities, and experiences. We do not discriminate based on race, ethnicity, gender, sexual orientation, age, disability, religion, or any other protected characteristic. If you need reasonable adjustments during the recruitment process, please let us know. Additional information: In line with Southern Water's security requirements, successful candidates will be required to provide evidence of their identity, eligibility to work in the UK, criminal record check (DBS) and verification of their employment and/or education history for the past three years. Appointment to this role is subject to the successful completion of all preemployment checks, including security vetting. Please note that if a candidate does not meet the required security standards or fails to pass the vetting process, Southern Water reserves the right to withdraw the offer of employment. Some positions may also require higher levels of security vetting, which may involve providing additional documentation.
GRC Analyst - Third Party Risk Management Fixed Term Contract, 12 months - £45k - £50k Location: Hybrid - Birmingham Your new company: I am looking to recruit a GRC Analyst, focusing on Third Party Risk Management, to join a leader in the hospitality space, with the role focusing on GRC activities, with a strong focus on information security, privacy, and regulatory assurance across the organisation. The role responsibilities: This role focusses on supplier assurance and third-party risk management, ensuring that vendors handling company data or connecting to company systems operate in line with security, privacy, and compliance expectations. Key parts of the role: Conducting and coordinating security and privacy risk assessments for new and existing third-party suppliers. Evaluating supplier controls relating to data protection, information security, data hosting, subcontractor usage, and system access. Cataloguing and maintaining records of data shared with third parties, including purpose of use, information security classification, data sensitivity, and processing location. Ensuring third party data handling arrangements clearly define data retention, archiving, and deletion requirements in line with policies and regulatory obligations. Maintaining third party risk documentation and tracking remediation actions with suppliers and internal teams. Working closely with Vendor Management, Procurement, Legal, Information Security, and IT to ensure supplier risks are identified early and addressed prior to onboarding or renewal. Escalating high risk supplier findings to the IT Licensing & Compliance Manager and relevant stakeholders. You will need: Strong understanding of GDPR, the UK Data Protection Act, and privacy and security control requirements. Experience working in GRC, information security, data protection, supplier assurance, or a related compliance role. Ability to interpret and assess technical and organisational controls. Strong analytical skills with excellent attention to detail. Confident written and verbal communication skills, able to engage across legal, technical, and operational teams. Experience contributing to incident or breach investigations. Ability to manage multiple competing priorities and constructively challenge established processes. Minimum 3 years' experience in a relevant role. CIPP/E, CIPM, CompTIA Security+, or BCS Practitioner Certificate in Data Protection, desirable. What you'll get in return: Salary of between £45k-£50k Hybrid working Company discounts A pension contribution matched at 1.5x, up to 5%. Private healthcare, dental plan, cycle to work, and keep-fit schemes. 26 days annual leave plus bank holidays. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at hays.co.uk
01/04/2026
Full time
GRC Analyst - Third Party Risk Management Fixed Term Contract, 12 months - £45k - £50k Location: Hybrid - Birmingham Your new company: I am looking to recruit a GRC Analyst, focusing on Third Party Risk Management, to join a leader in the hospitality space, with the role focusing on GRC activities, with a strong focus on information security, privacy, and regulatory assurance across the organisation. The role responsibilities: This role focusses on supplier assurance and third-party risk management, ensuring that vendors handling company data or connecting to company systems operate in line with security, privacy, and compliance expectations. Key parts of the role: Conducting and coordinating security and privacy risk assessments for new and existing third-party suppliers. Evaluating supplier controls relating to data protection, information security, data hosting, subcontractor usage, and system access. Cataloguing and maintaining records of data shared with third parties, including purpose of use, information security classification, data sensitivity, and processing location. Ensuring third party data handling arrangements clearly define data retention, archiving, and deletion requirements in line with policies and regulatory obligations. Maintaining third party risk documentation and tracking remediation actions with suppliers and internal teams. Working closely with Vendor Management, Procurement, Legal, Information Security, and IT to ensure supplier risks are identified early and addressed prior to onboarding or renewal. Escalating high risk supplier findings to the IT Licensing & Compliance Manager and relevant stakeholders. You will need: Strong understanding of GDPR, the UK Data Protection Act, and privacy and security control requirements. Experience working in GRC, information security, data protection, supplier assurance, or a related compliance role. Ability to interpret and assess technical and organisational controls. Strong analytical skills with excellent attention to detail. Confident written and verbal communication skills, able to engage across legal, technical, and operational teams. Experience contributing to incident or breach investigations. Ability to manage multiple competing priorities and constructively challenge established processes. Minimum 3 years' experience in a relevant role. CIPP/E, CIPM, CompTIA Security+, or BCS Practitioner Certificate in Data Protection, desirable. What you'll get in return: Salary of between £45k-£50k Hybrid working Company discounts A pension contribution matched at 1.5x, up to 5%. Private healthcare, dental plan, cycle to work, and keep-fit schemes. 26 days annual leave plus bank holidays. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at hays.co.uk
We are partnering an Energy Data provider who are looking for a hands-on Cyber Security Analyst to join their internal IT & Security team during a pivotal period of change. A true 4-day working week My client operates Monday to Thursday, working week, with Fridays off. Extensive Microsoft Purview experience is required for this role. Responsibilities Own and run our vulnerability and patch management processes Investigate and respond to security incidents (malware, phishing, unauthorised access, etc.) Conduct vulnerability assessments and support remediation efforts Help implement and enforce security policies, standards, and procedures Partner with IT colleagues and business units to ensure secure configurations Support audits, risk assessments, and compliance initiatives (ISO 27001, GDPR, NIST) Act as a key escalation point for security investigations Maximise the effectiveness of Microsoft Defender, Intune, and Purview Promote cyber awareness and best practice across the organisation Collaborate with the Information Security Manager and Compliance Team on GRC activity Stay ahead of emerging threats, vulnerabilities, and industry trends Identify opportunities to improve security tooling, processes, and controls Skills & Experience Needed Microsoft 365 Defender/Security Portal (endpoint and identity protection) Microsoft Purview (data governance and compliance, including Compliance Portal) Proven hands-on experience remediating vulnerabilities and applying patches in a live environment A strong understanding of cybersecurity principles and threat landscapes Experience with endpoint, network, and identity security within Microsoft ecosystems. Strong troubleshooting and analytical skills Effective communication and collaboration across technical and non-technical teams Relevant certifications (eg, Security+, CySA+, SC-200, SSCP) are beneficial Familiarity with Power Platform and Power BI is advantageous A minimum of three years of relevant experience in similar positions. If you're looking to join a forward-thinking organisation, play a key role in strengthening its security infrastructure, and enjoy a better work-life balance with a 4-day work week, please email your CV. Etech Partners needs to collect and use your personal information when you apply for a role. We understand that you care about your privacy, and we take that seriously. Our Privacy Notice describes our policies and practices regarding collection and use of your personal data. By applying for this job you accept the Privacy Policy.
01/04/2026
Full time
We are partnering an Energy Data provider who are looking for a hands-on Cyber Security Analyst to join their internal IT & Security team during a pivotal period of change. A true 4-day working week My client operates Monday to Thursday, working week, with Fridays off. Extensive Microsoft Purview experience is required for this role. Responsibilities Own and run our vulnerability and patch management processes Investigate and respond to security incidents (malware, phishing, unauthorised access, etc.) Conduct vulnerability assessments and support remediation efforts Help implement and enforce security policies, standards, and procedures Partner with IT colleagues and business units to ensure secure configurations Support audits, risk assessments, and compliance initiatives (ISO 27001, GDPR, NIST) Act as a key escalation point for security investigations Maximise the effectiveness of Microsoft Defender, Intune, and Purview Promote cyber awareness and best practice across the organisation Collaborate with the Information Security Manager and Compliance Team on GRC activity Stay ahead of emerging threats, vulnerabilities, and industry trends Identify opportunities to improve security tooling, processes, and controls Skills & Experience Needed Microsoft 365 Defender/Security Portal (endpoint and identity protection) Microsoft Purview (data governance and compliance, including Compliance Portal) Proven hands-on experience remediating vulnerabilities and applying patches in a live environment A strong understanding of cybersecurity principles and threat landscapes Experience with endpoint, network, and identity security within Microsoft ecosystems. Strong troubleshooting and analytical skills Effective communication and collaboration across technical and non-technical teams Relevant certifications (eg, Security+, CySA+, SC-200, SSCP) are beneficial Familiarity with Power Platform and Power BI is advantageous A minimum of three years of relevant experience in similar positions. If you're looking to join a forward-thinking organisation, play a key role in strengthening its security infrastructure, and enjoy a better work-life balance with a 4-day work week, please email your CV. Etech Partners needs to collect and use your personal information when you apply for a role. We understand that you care about your privacy, and we take that seriously. Our Privacy Notice describes our policies and practices regarding collection and use of your personal data. By applying for this job you accept the Privacy Policy.
We are partnering an Energy Data provider who are looking for a hands-on Cyber Security Analyst to join their internal IT & Security team during a pivotal period of change. A true 4-day working week My client operates Monday to Thursday, working week, with Fridays off. Extensive Microsoft Purview experience is required for this role. Responsibilities Own and run our vulnerability and patch management processes Investigate and respond to security incidents (malware, phishing, unauthorised access, etc.) Conduct vulnerability assessments and support remediation efforts Help implement and enforce security policies, standards, and procedures Partner with IT colleagues and business units to ensure secure configurations Support audits, risk assessments, and compliance initiatives (ISO 27001, GDPR, NIST) Act as a key escalation point for security investigations Maximise the effectiveness of Microsoft Defender, Intune, and Purview Promote cyber awareness and best practice across the organisation Collaborate with the Information Security Manager and Compliance Team on GRC activity Stay ahead of emerging threats, vulnerabilities, and industry trends Identify opportunities to improve security tooling, processes, and controls Skills & Experience Needed Microsoft 365 Defender/Security Portal (endpoint and identity protection) Microsoft Purview (data governance and compliance, including Compliance Portal) Proven hands-on experience remediating vulnerabilities and applying patches in a live environment A strong understanding of cybersecurity principles and threat landscapes Experience with endpoint, network, and identity security within Microsoft ecosystems. Strong troubleshooting and analytical skills Effective communication and collaboration across technical and non-technical teams Relevant certifications (eg, Security+, CySA+, SC-200, SSCP) are beneficial Familiarity with Power Platform and Power BI is advantageous A minimum of three years of relevant experience in similar positions. If you're looking to join a forward-thinking organisation, play a key role in strengthening its security infrastructure, and enjoy a better work-life balance with a 4-day work week, please email your CV. Etech Partners needs to collect and use your personal information when you apply for a role. We understand that you care about your privacy, and we take that seriously. Our Privacy Notice describes our policies and practices regarding collection and use of your personal data. By applying for this job you accept the Privacy Policy.
01/04/2026
Full time
We are partnering an Energy Data provider who are looking for a hands-on Cyber Security Analyst to join their internal IT & Security team during a pivotal period of change. A true 4-day working week My client operates Monday to Thursday, working week, with Fridays off. Extensive Microsoft Purview experience is required for this role. Responsibilities Own and run our vulnerability and patch management processes Investigate and respond to security incidents (malware, phishing, unauthorised access, etc.) Conduct vulnerability assessments and support remediation efforts Help implement and enforce security policies, standards, and procedures Partner with IT colleagues and business units to ensure secure configurations Support audits, risk assessments, and compliance initiatives (ISO 27001, GDPR, NIST) Act as a key escalation point for security investigations Maximise the effectiveness of Microsoft Defender, Intune, and Purview Promote cyber awareness and best practice across the organisation Collaborate with the Information Security Manager and Compliance Team on GRC activity Stay ahead of emerging threats, vulnerabilities, and industry trends Identify opportunities to improve security tooling, processes, and controls Skills & Experience Needed Microsoft 365 Defender/Security Portal (endpoint and identity protection) Microsoft Purview (data governance and compliance, including Compliance Portal) Proven hands-on experience remediating vulnerabilities and applying patches in a live environment A strong understanding of cybersecurity principles and threat landscapes Experience with endpoint, network, and identity security within Microsoft ecosystems. Strong troubleshooting and analytical skills Effective communication and collaboration across technical and non-technical teams Relevant certifications (eg, Security+, CySA+, SC-200, SSCP) are beneficial Familiarity with Power Platform and Power BI is advantageous A minimum of three years of relevant experience in similar positions. If you're looking to join a forward-thinking organisation, play a key role in strengthening its security infrastructure, and enjoy a better work-life balance with a 4-day work week, please email your CV. Etech Partners needs to collect and use your personal information when you apply for a role. We understand that you care about your privacy, and we take that seriously. Our Privacy Notice describes our policies and practices regarding collection and use of your personal data. By applying for this job you accept the Privacy Policy.
Product Data Analyst Location: London, Hybrid EC4R 9AD Salary: Competitive, DOE, + Excellent Benefits! Contract Type: Full Time, Permanent What We Can Offer You: 25 Days Annual Leave (Pro-Rata for Part-time and Fixed-Term Roles), Additional Holiday Purchase, Hybrid Working, Life Assurance, Vitality Private Healthcare, Subsidised Gym Memberships, Cycle to Work scheme, Discount Vouchers and Access to Wellbeing Resources Why Do We Want You At Axco, part of Wilmington plc, we re developing data driven products that support the global insurance market, and we re looking for someone who can help shape how those products use and present data. This role will give you the space to design and refine Power BI models, dashboards and analytics that sit at the core of our customer facing tools. You ll work closely with colleagues across product, engineering and data to translate real business needs into clear, reliable insight. If you want to build data solutions that are used, valued and continually iterated on, we d like to hear from you, so apply today! Please note: To complete your application, you will be redirected to Wilmington Plc s career site. At Wilmington Plc, we celebrate individuality and are committed to fostering an inclusive workplace. As a Disability Confident employer, we shortlist all applicants who meet the essential role criteria and guarantee an interview for candidates with disabilities who meet these criteria. For reasonable adjustments or to apply under our interview guarantee scheme, please use the contact details provided once you have clicked apply ! You will be responsible for: • Being part of the product team responsible for developing data solutions for our clients using Power BI and other relevant data and reporting technologies. • Developing internal business analytics on product usage, customer segmentation, feedback analysis, product performance, and customer sentiment. • Exploring new and existing frameworks/techniques for maximising product value from existing datasets for end customers. • Cross-functional collaboration between engineering, data, and product teams to develop new data solutions using advanced BI techniques. • Liaising with Marketing and Sales teams to document and advocate product value for the end customer. • Providing training and support to internal teams and end-users on report features and usage best practices. What s the Best Thing About This Role As part of a small product team, you ll have the opportunity to upskill quickly and make a meaningful impact on the direction of Axco s products. The role offers a high level of autonomy, with the chance to take full ownership of your work and contribute directly to product innovation and strategy. What s the Most Challenging Thing About This Role Working within a small team means you'll often need to take initiative and bring forward your own ideas for continuous improvement. As some frameworks and processes are still being established, you ll play a key role in shaping these foundations so strong problem-solving skills and a proactive mindset are essential. To be successful in this role, you must have: • 3 to 5 years of experience in Power BI development roles or similar. • Designed and implemented efficient and scalable data models that support reporting and analytics requirements. • Used Power Query (or similar tools) for data extraction, transformation, and loading (ETL) processes to prepare data for analysis. • Demonstrable skill in performing data analysis on large datasets and preferably worked in data engineering roles to analyse and transform data for data science. • Built interactive and visually appealing Power BI reports and dashboards that provide actionable insights, and developed complex DAX calculations to meet business logic and reporting needs. • A good understanding of Power BI REST and Client APIs for embedding, automating, and managing reports and datasets (a huge plus). • Experience working closely with software development teams to design and implement software solutions in an agile development process. • A good understanding of optimising Power BI reports and data models for performance and scalability. • Created and maintained comprehensive documentation for data models, reports, and processes in past roles. • Worked closely with cross-functional stakeholders to gather requirements and ensure the successful delivery of BI solutions. To be successful in this role, it would be great if you have: • Familiarity with SQL and data integration techniques. • Experience with Azure services (e.g., Azure Data Factory, Azure SQL Database). • Knowledge of Python or R for data analysis. • Familiarity with Agile development methodologies. • Experience with other BI tools and technologies. • A Bachelor s degree (ideally in Computer Science, Information Systems, or a related field). • Formal qualifications in Power BI and Data Analysis. We know it s not a skill, but the successful candidate must have permission to work in the role s location by the start of their employment. About us Axco is part of Wilmington Plc. Axco is a leading provider of data, analysis and insight to the global insurance and employee benefits industries. Through expert research and data solutions, Axco helps businesses make informed decisions across international markets. Join us and do Work That Means Something At Wilmington plc, we help global customers to do the right business in the right way - providing trusted data, insights, and education to navigate the Governance, Risk and Compliance (GRC) landscape. When you join us, you ll not only make a real difference for our customers, you ll also enjoy flexibility through hybrid working and benefit from a wide range of learning, career, and development opportunities. Whether you're just starting out, returning to work after a break, or looking to take your next step, you ll be doing work with meaning. Join us and make a real difference. Click on APPLY today!
31/03/2026
Full time
Product Data Analyst Location: London, Hybrid EC4R 9AD Salary: Competitive, DOE, + Excellent Benefits! Contract Type: Full Time, Permanent What We Can Offer You: 25 Days Annual Leave (Pro-Rata for Part-time and Fixed-Term Roles), Additional Holiday Purchase, Hybrid Working, Life Assurance, Vitality Private Healthcare, Subsidised Gym Memberships, Cycle to Work scheme, Discount Vouchers and Access to Wellbeing Resources Why Do We Want You At Axco, part of Wilmington plc, we re developing data driven products that support the global insurance market, and we re looking for someone who can help shape how those products use and present data. This role will give you the space to design and refine Power BI models, dashboards and analytics that sit at the core of our customer facing tools. You ll work closely with colleagues across product, engineering and data to translate real business needs into clear, reliable insight. If you want to build data solutions that are used, valued and continually iterated on, we d like to hear from you, so apply today! Please note: To complete your application, you will be redirected to Wilmington Plc s career site. At Wilmington Plc, we celebrate individuality and are committed to fostering an inclusive workplace. As a Disability Confident employer, we shortlist all applicants who meet the essential role criteria and guarantee an interview for candidates with disabilities who meet these criteria. For reasonable adjustments or to apply under our interview guarantee scheme, please use the contact details provided once you have clicked apply ! You will be responsible for: • Being part of the product team responsible for developing data solutions for our clients using Power BI and other relevant data and reporting technologies. • Developing internal business analytics on product usage, customer segmentation, feedback analysis, product performance, and customer sentiment. • Exploring new and existing frameworks/techniques for maximising product value from existing datasets for end customers. • Cross-functional collaboration between engineering, data, and product teams to develop new data solutions using advanced BI techniques. • Liaising with Marketing and Sales teams to document and advocate product value for the end customer. • Providing training and support to internal teams and end-users on report features and usage best practices. What s the Best Thing About This Role As part of a small product team, you ll have the opportunity to upskill quickly and make a meaningful impact on the direction of Axco s products. The role offers a high level of autonomy, with the chance to take full ownership of your work and contribute directly to product innovation and strategy. What s the Most Challenging Thing About This Role Working within a small team means you'll often need to take initiative and bring forward your own ideas for continuous improvement. As some frameworks and processes are still being established, you ll play a key role in shaping these foundations so strong problem-solving skills and a proactive mindset are essential. To be successful in this role, you must have: • 3 to 5 years of experience in Power BI development roles or similar. • Designed and implemented efficient and scalable data models that support reporting and analytics requirements. • Used Power Query (or similar tools) for data extraction, transformation, and loading (ETL) processes to prepare data for analysis. • Demonstrable skill in performing data analysis on large datasets and preferably worked in data engineering roles to analyse and transform data for data science. • Built interactive and visually appealing Power BI reports and dashboards that provide actionable insights, and developed complex DAX calculations to meet business logic and reporting needs. • A good understanding of Power BI REST and Client APIs for embedding, automating, and managing reports and datasets (a huge plus). • Experience working closely with software development teams to design and implement software solutions in an agile development process. • A good understanding of optimising Power BI reports and data models for performance and scalability. • Created and maintained comprehensive documentation for data models, reports, and processes in past roles. • Worked closely with cross-functional stakeholders to gather requirements and ensure the successful delivery of BI solutions. To be successful in this role, it would be great if you have: • Familiarity with SQL and data integration techniques. • Experience with Azure services (e.g., Azure Data Factory, Azure SQL Database). • Knowledge of Python or R for data analysis. • Familiarity with Agile development methodologies. • Experience with other BI tools and technologies. • A Bachelor s degree (ideally in Computer Science, Information Systems, or a related field). • Formal qualifications in Power BI and Data Analysis. We know it s not a skill, but the successful candidate must have permission to work in the role s location by the start of their employment. About us Axco is part of Wilmington Plc. Axco is a leading provider of data, analysis and insight to the global insurance and employee benefits industries. Through expert research and data solutions, Axco helps businesses make informed decisions across international markets. Join us and do Work That Means Something At Wilmington plc, we help global customers to do the right business in the right way - providing trusted data, insights, and education to navigate the Governance, Risk and Compliance (GRC) landscape. When you join us, you ll not only make a real difference for our customers, you ll also enjoy flexibility through hybrid working and benefit from a wide range of learning, career, and development opportunities. Whether you're just starting out, returning to work after a break, or looking to take your next step, you ll be doing work with meaning. Join us and make a real difference. Click on APPLY today!
Role Title: Cyber Risk Analyst Location: Knutsford 3 days on site Duration: 30/10/2026 Rate 404 MUST BE PAYE THROUGH UMBRELLA Role Description: "Role Overview: The Cyber Risk Analysts will work under the guidance of the Lead Consultant to execute the detailed risk assessments and analysis of End-of-Life technologies. In this role, you will collect and analyze data on EOL systems, evaluate cyber risks using the defined methodology, and support the implementation of remediation plans. Key Responsibilities: Perform Risk Assessments: Conduct in-depth cyber risk assessments for identified EOL systems and technologies, following the methodology and framework established by the project. Gather necessary information on assets (software, hardware, applications that are end-of-life or end-of-support) and assess the potential cyber threats, vulnerabilities, and business impacts associated with each5. Document findings meticulously, ensuring each risk item is well-described (likelihood, impact, severity) in the risk register. Required Skills & Competencies: Analytical Skills: Strong analytical and problem-solving skills are essential. The analyst must be able to assess complex IT systems and identify risk factors, interpret vulnerability data, and quantitatively rate risks. Attention to detail is critical for reviewing large lists of EOL assets and ensuring nothing is missed. Cybersecurity Knowledge: Good understanding of foundational cybersecurity principles (confidentiality, integrity, availability) and how outdated technologies can pose threats. Familiarity with common vulnerabilities and exploits affecting older systems (legacy OS, unsupported software) is beneficial. Knowledge of cyber risk frameworks and standards (such as NIST, ISO27001) and basic concepts of risk assessment is expectedxxiv. Qualifications & Certifications: Education: Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field. Equivalent experience in cyber risk or IT security roles can be considered in lieu of a formal degree. Certifications: Relevant industry certifications are not mandatory but highly valued. Certifications demonstrating knowledge of security and risk principles (e.g., CompTIA Security+, Certified Ethical Hacker (CEH), or GIAC/GSEC) would be a plus. Certifications specifically in risk management or governance (such as CRISC, Certified Information Systems Auditor (CISA), or ISO 27001 Lead Auditor/Implementer) are also advantageous for this role, as they indicate a grasp of risk and control assessment practices. Experience: Years of Experience: Approximately 3-5+ years of experience in cybersecurity or IT risk roles. This could include experience as a Cyber Risk Analyst, IT Risk Analyst, Security Analyst, Vulnerability Management Specialist, or GRC (Governance, Risk & Compliance) Analyst. Candidates with slightly more or less experience will be considered based on skill fit, but a baseline understanding from a few years in the field is expected. Risk Assessment Background: Hands-on experience conducting risk assessments or security assessments is required. For example, experience in identifying and assessing risks for IT systems, writing risk or control reports, or supporting risk treatment projects. Familiarity with creating or maintaining risk registers and tracking mitigation actions is important (e.g., experience ensuring "risks and remediation plans are regularly addressed" in previous rolesxxvii). Industry-Specific Experience (Desirable): Experience in the financial services sector or other highly-regulated industries is a plus.
31/03/2026
Contractor
Role Title: Cyber Risk Analyst Location: Knutsford 3 days on site Duration: 30/10/2026 Rate 404 MUST BE PAYE THROUGH UMBRELLA Role Description: "Role Overview: The Cyber Risk Analysts will work under the guidance of the Lead Consultant to execute the detailed risk assessments and analysis of End-of-Life technologies. In this role, you will collect and analyze data on EOL systems, evaluate cyber risks using the defined methodology, and support the implementation of remediation plans. Key Responsibilities: Perform Risk Assessments: Conduct in-depth cyber risk assessments for identified EOL systems and technologies, following the methodology and framework established by the project. Gather necessary information on assets (software, hardware, applications that are end-of-life or end-of-support) and assess the potential cyber threats, vulnerabilities, and business impacts associated with each5. Document findings meticulously, ensuring each risk item is well-described (likelihood, impact, severity) in the risk register. Required Skills & Competencies: Analytical Skills: Strong analytical and problem-solving skills are essential. The analyst must be able to assess complex IT systems and identify risk factors, interpret vulnerability data, and quantitatively rate risks. Attention to detail is critical for reviewing large lists of EOL assets and ensuring nothing is missed. Cybersecurity Knowledge: Good understanding of foundational cybersecurity principles (confidentiality, integrity, availability) and how outdated technologies can pose threats. Familiarity with common vulnerabilities and exploits affecting older systems (legacy OS, unsupported software) is beneficial. Knowledge of cyber risk frameworks and standards (such as NIST, ISO27001) and basic concepts of risk assessment is expectedxxiv. Qualifications & Certifications: Education: Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field. Equivalent experience in cyber risk or IT security roles can be considered in lieu of a formal degree. Certifications: Relevant industry certifications are not mandatory but highly valued. Certifications demonstrating knowledge of security and risk principles (e.g., CompTIA Security+, Certified Ethical Hacker (CEH), or GIAC/GSEC) would be a plus. Certifications specifically in risk management or governance (such as CRISC, Certified Information Systems Auditor (CISA), or ISO 27001 Lead Auditor/Implementer) are also advantageous for this role, as they indicate a grasp of risk and control assessment practices. Experience: Years of Experience: Approximately 3-5+ years of experience in cybersecurity or IT risk roles. This could include experience as a Cyber Risk Analyst, IT Risk Analyst, Security Analyst, Vulnerability Management Specialist, or GRC (Governance, Risk & Compliance) Analyst. Candidates with slightly more or less experience will be considered based on skill fit, but a baseline understanding from a few years in the field is expected. Risk Assessment Background: Hands-on experience conducting risk assessments or security assessments is required. For example, experience in identifying and assessing risks for IT systems, writing risk or control reports, or supporting risk treatment projects. Familiarity with creating or maintaining risk registers and tracking mitigation actions is important (e.g., experience ensuring "risks and remediation plans are regularly addressed" in previous rolesxxvii). Industry-Specific Experience (Desirable): Experience in the financial services sector or other highly-regulated industries is a plus.
GRC Analyst Risk, Audit & Compliance Liverpool 40k - 50k + Benefits/Progression Zachary Daniels are delighted to be partnering with a well-established UK business during a key phase of growth and investment, to recruit a GRC Analyst. This is a role centred around governance, risk management, and compliance, working closely with stakeholders across the business to strengthen frameworks, ensure controls are effective, and support ongoing audit and regulatory requirements. You'll play a key part in embedding a mature security and compliance culture while supporting wider technology and business transformation initiatives. Benefits You'll Enjoy: Competitive salary up to 50,000 (DOE) Generous annual leave entitlement, rising with service Enhanced maternity, paternity, and parental leave Life assurance Regular social events Role Responsibilities: Conduct and support security and operational risk assessments, ensuring mitigation plans are defined and tracked Assist in the development and maintenance of policies, standards, and control frameworks Support internal and external audits, including ISO 27001 and related compliance frameworks Manage and contribute to third-party and supplier risk assessments Monitor and report on risk posture, control effectiveness, and compliance metrics Identify gaps in controls and processes, driving continuous improvement across governance frameworks Work with technical teams to ensure security and compliance requirements are embedded into systems and projects Contribute to incident reviews and post-incident analysis, ensuring improvements are implemented About You: 2+ years' experience in a GRC, risk, audit, or compliance-focused role Strong understanding of risk management methodologies and control environments Experience supporting or participating in audits (e.g. ISO 27001, GDPR, NIST or similar) Exposure to third-party risk management and supplier assurance Understanding of technical security concepts, with the ability to assess and challenge controls Detail-oriented, structured, and comfortable working within governance frameworks Strong communication skills, able to engage effectively with stakeholders across the business This is a great opportunity for someone looking to build a career in GRC, gaining exposure to risk, audit, and compliance within a growing organisation that is investing in its security and governance capability. Apply today with your most up-to-date CV! BH35513
31/03/2026
Full time
GRC Analyst Risk, Audit & Compliance Liverpool 40k - 50k + Benefits/Progression Zachary Daniels are delighted to be partnering with a well-established UK business during a key phase of growth and investment, to recruit a GRC Analyst. This is a role centred around governance, risk management, and compliance, working closely with stakeholders across the business to strengthen frameworks, ensure controls are effective, and support ongoing audit and regulatory requirements. You'll play a key part in embedding a mature security and compliance culture while supporting wider technology and business transformation initiatives. Benefits You'll Enjoy: Competitive salary up to 50,000 (DOE) Generous annual leave entitlement, rising with service Enhanced maternity, paternity, and parental leave Life assurance Regular social events Role Responsibilities: Conduct and support security and operational risk assessments, ensuring mitigation plans are defined and tracked Assist in the development and maintenance of policies, standards, and control frameworks Support internal and external audits, including ISO 27001 and related compliance frameworks Manage and contribute to third-party and supplier risk assessments Monitor and report on risk posture, control effectiveness, and compliance metrics Identify gaps in controls and processes, driving continuous improvement across governance frameworks Work with technical teams to ensure security and compliance requirements are embedded into systems and projects Contribute to incident reviews and post-incident analysis, ensuring improvements are implemented About You: 2+ years' experience in a GRC, risk, audit, or compliance-focused role Strong understanding of risk management methodologies and control environments Experience supporting or participating in audits (e.g. ISO 27001, GDPR, NIST or similar) Exposure to third-party risk management and supplier assurance Understanding of technical security concepts, with the ability to assess and challenge controls Detail-oriented, structured, and comfortable working within governance frameworks Strong communication skills, able to engage effectively with stakeholders across the business This is a great opportunity for someone looking to build a career in GRC, gaining exposure to risk, audit, and compliance within a growing organisation that is investing in its security and governance capability. Apply today with your most up-to-date CV! BH35513
GRC Analyst - Third Party Risk Management Fixed Term Contract, 12 months - 45k - 50k Location: Hybrid - Birmingham Your new company: I am looking to recruit a GRC Analyst, focusing on Third Party Risk Management, to join a leader in the hospitality space, with the role focusing on GRC activities, with a strong focus on information security, privacy, and regulatory assurance across the organisation. The role responsibilities: This role focusses on supplier assurance and third-party risk management, ensuring that vendors handling company data or connecting to company systems operate in line with security, privacy, and compliance expectations. Key parts of the role: Conducting and coordinating security and privacy risk assessments for new and existing third-party suppliers. Evaluating supplier controls relating to data protection, information security, data hosting, subcontractor usage, and system access. Cataloguing and maintaining records of data shared with third parties, including purpose of use, information security classification, data sensitivity, and processing location. Ensuring third party data handling arrangements clearly define data retention, archiving, and deletion requirements in line with policies and regulatory obligations. Maintaining third party risk documentation and tracking remediation actions with suppliers and internal teams. Working closely with Vendor Management, Procurement, Legal, Information Security, and IT to ensure supplier risks are identified early and addressed prior to onboarding or renewal. Escalating high risk supplier findings to the IT Licensing & Compliance Manager and relevant stakeholders. You will need: Strong understanding of GDPR, the UK Data Protection Act, and privacy and security control requirements. Experience working in GRC, information security, data protection, supplier assurance, or a related compliance role. Ability to interpret and assess technical and organisational controls. Strong analytical skills with excellent attention to detail. Confident written and verbal communication skills, able to engage across legal, technical, and operational teams. Experience contributing to incident or breach investigations. Ability to manage multiple competing priorities and constructively challenge established processes. Minimum 3 years' experience in a relevant role. CIPP/E, CIPM, CompTIA Security+, or BCS Practitioner Certificate in Data Protection, desirable. What you'll get in return: Salary of between 45k- 50k Hybrid working Company discounts A pension contribution matched at 1.5x, up to 5%. Private healthcare, dental plan, cycle to work, and keep-fit schemes. 26 days annual leave plus bank holidays. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)
27/03/2026
Full time
GRC Analyst - Third Party Risk Management Fixed Term Contract, 12 months - 45k - 50k Location: Hybrid - Birmingham Your new company: I am looking to recruit a GRC Analyst, focusing on Third Party Risk Management, to join a leader in the hospitality space, with the role focusing on GRC activities, with a strong focus on information security, privacy, and regulatory assurance across the organisation. The role responsibilities: This role focusses on supplier assurance and third-party risk management, ensuring that vendors handling company data or connecting to company systems operate in line with security, privacy, and compliance expectations. Key parts of the role: Conducting and coordinating security and privacy risk assessments for new and existing third-party suppliers. Evaluating supplier controls relating to data protection, information security, data hosting, subcontractor usage, and system access. Cataloguing and maintaining records of data shared with third parties, including purpose of use, information security classification, data sensitivity, and processing location. Ensuring third party data handling arrangements clearly define data retention, archiving, and deletion requirements in line with policies and regulatory obligations. Maintaining third party risk documentation and tracking remediation actions with suppliers and internal teams. Working closely with Vendor Management, Procurement, Legal, Information Security, and IT to ensure supplier risks are identified early and addressed prior to onboarding or renewal. Escalating high risk supplier findings to the IT Licensing & Compliance Manager and relevant stakeholders. You will need: Strong understanding of GDPR, the UK Data Protection Act, and privacy and security control requirements. Experience working in GRC, information security, data protection, supplier assurance, or a related compliance role. Ability to interpret and assess technical and organisational controls. Strong analytical skills with excellent attention to detail. Confident written and verbal communication skills, able to engage across legal, technical, and operational teams. Experience contributing to incident or breach investigations. Ability to manage multiple competing priorities and constructively challenge established processes. Minimum 3 years' experience in a relevant role. CIPP/E, CIPM, CompTIA Security+, or BCS Practitioner Certificate in Data Protection, desirable. What you'll get in return: Salary of between 45k- 50k Hybrid working Company discounts A pension contribution matched at 1.5x, up to 5%. Private healthcare, dental plan, cycle to work, and keep-fit schemes. 26 days annual leave plus bank holidays. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)
GRC Analyst - Data Protection & GDPR Compliance Fixed Term Contract, 12 months - 45k - 50k Location: Hybrid - Birmingham Your new company: I am looking to recruit a GRC Analyst, focusing on Data Protection and GDPR, to join a leader in the hospitality space, with the role focusing on GRC activities, with a strong focus on information security, privacy, and regulatory assurance across the organisation. The role responsibilities: This role focusses on data protection assurance and GDPR compliance, ensuring personal data is processed lawfully, and in line with regulatory and organisational requirements. Key parts of the role: Reviewing how personal data is used across systems, business processes, and technology solutions. Identifying opportunities to reduce, anonymise, or eliminate personal data processing where it is not essential to business needs. Support the review, development, and rollout of information security and data protection policies. Contribute to the management of information security, third party, and privacy risk registers. Assist with internal and external audits, including GDPR assurance, PCI DSS, and financial audits. Track remediation of identified security, privacy, and compliance issues to ensure timely closure. Support incident and breach response activities, including investigation, documentation, and follow up actions. You will need: Strong understanding of GDPR, the UK Data Protection Act, and privacy and security control requirements. Experience working in GRC, information security, data protection, supplier assurance, or a related compliance role. Ability to interpret and assess technical and organisational controls. Strong analytical skills with excellent attention to detail. Confident written and verbal communication skills, able to engage across legal, technical, and operational teams. Experience contributing to incident or breach investigations. Ability to manage multiple competing priorities and constructively challenge established processes. Minimum 3 years' experience in a relevant role. CIPP/E, CIPM, CompTIA Security+, or BCS Practitioner Certificate in Data Protection, desirable. What you'll get in return: Salary of between 45k- 50k Hybrid working Company discounts A pension contribution matched at 1.5x, up to 5%. Private healthcare, dental plan, cycle to work, and keep-fit schemes. 26 days annual leave plus bank holidays. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)
27/03/2026
Full time
GRC Analyst - Data Protection & GDPR Compliance Fixed Term Contract, 12 months - 45k - 50k Location: Hybrid - Birmingham Your new company: I am looking to recruit a GRC Analyst, focusing on Data Protection and GDPR, to join a leader in the hospitality space, with the role focusing on GRC activities, with a strong focus on information security, privacy, and regulatory assurance across the organisation. The role responsibilities: This role focusses on data protection assurance and GDPR compliance, ensuring personal data is processed lawfully, and in line with regulatory and organisational requirements. Key parts of the role: Reviewing how personal data is used across systems, business processes, and technology solutions. Identifying opportunities to reduce, anonymise, or eliminate personal data processing where it is not essential to business needs. Support the review, development, and rollout of information security and data protection policies. Contribute to the management of information security, third party, and privacy risk registers. Assist with internal and external audits, including GDPR assurance, PCI DSS, and financial audits. Track remediation of identified security, privacy, and compliance issues to ensure timely closure. Support incident and breach response activities, including investigation, documentation, and follow up actions. You will need: Strong understanding of GDPR, the UK Data Protection Act, and privacy and security control requirements. Experience working in GRC, information security, data protection, supplier assurance, or a related compliance role. Ability to interpret and assess technical and organisational controls. Strong analytical skills with excellent attention to detail. Confident written and verbal communication skills, able to engage across legal, technical, and operational teams. Experience contributing to incident or breach investigations. Ability to manage multiple competing priorities and constructively challenge established processes. Minimum 3 years' experience in a relevant role. CIPP/E, CIPM, CompTIA Security+, or BCS Practitioner Certificate in Data Protection, desirable. What you'll get in return: Salary of between 45k- 50k Hybrid working Company discounts A pension contribution matched at 1.5x, up to 5%. Private healthcare, dental plan, cycle to work, and keep-fit schemes. 26 days annual leave plus bank holidays. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)
IT Security Analyst Location: Hybrid - Middlesbrough Salary: 50,000 - 60,000 + Benefits 83zero are partnered with a market-leading software company who are on a mission to transform the construction and related industries through their end-to-end digital solutions. With teams across the UK, Europe, USA and India, they are delivering large-scale transformation projects on a global scale and are continuing to expand. We are now looking for a highly organised and detail-driven IT Security Analyst to join their growing security function. This role plays a key part in securing customer trust and supplier integrity, ensuring compliance with recognised frameworks, and supporting wider security initiatives. The Role Own and manage responses to customer security questionnaires (SIG, CAIQ, bespoke). Work cross-functionally with Legal, Compliance, Procurement, Product and Security teams. Maintain the security assurance matrix in line with ISO 27001, Cyber Essentials, and SOC 2. Act as the key point of contact for security assurance queries. Conduct vendor risk assessments against ISO 27001, NIST, and CIS Controls. Manage the third-party due diligence programme, including onboarding and periodic reviews. Track and publish key security metrics such as risk severity, SLA adherence, and turnaround times. Provide audit artefacts and support internal/external audits. Contribute to broader security initiatives and continuous improvement within the organisation. About You 3+ years' experience in Information Security, GRC, or Vendor Risk Management. Strong experience issuing or responding to security questionnaires. Knowledge of ISO 27001 Annex A, SOC 2, and GDPR/CCPA. Excellent communication skills, able to translate technical risk to non-technical stakeholders. Eligible to work in the UK and able to pass background checks. Desirable: Certifications such as CRISC, CISSP, CISA, or ISO 27001 Lead Auditor. Familiarity with SaaS/cloud platforms (AWS, Azure, GCP). Understanding of secure software supply chains (SBOM, SLSA). What's on Offer 50,000 - 55,000 base salary 25 days annual leave + public holidays (increasing with service) Matched pension scheme Private medical insurance & life assurance Fitness allowance Paid study leave & volunteering days Flexible hybrid working Excellent career development and training opportunities
03/10/2025
Full time
IT Security Analyst Location: Hybrid - Middlesbrough Salary: 50,000 - 60,000 + Benefits 83zero are partnered with a market-leading software company who are on a mission to transform the construction and related industries through their end-to-end digital solutions. With teams across the UK, Europe, USA and India, they are delivering large-scale transformation projects on a global scale and are continuing to expand. We are now looking for a highly organised and detail-driven IT Security Analyst to join their growing security function. This role plays a key part in securing customer trust and supplier integrity, ensuring compliance with recognised frameworks, and supporting wider security initiatives. The Role Own and manage responses to customer security questionnaires (SIG, CAIQ, bespoke). Work cross-functionally with Legal, Compliance, Procurement, Product and Security teams. Maintain the security assurance matrix in line with ISO 27001, Cyber Essentials, and SOC 2. Act as the key point of contact for security assurance queries. Conduct vendor risk assessments against ISO 27001, NIST, and CIS Controls. Manage the third-party due diligence programme, including onboarding and periodic reviews. Track and publish key security metrics such as risk severity, SLA adherence, and turnaround times. Provide audit artefacts and support internal/external audits. Contribute to broader security initiatives and continuous improvement within the organisation. About You 3+ years' experience in Information Security, GRC, or Vendor Risk Management. Strong experience issuing or responding to security questionnaires. Knowledge of ISO 27001 Annex A, SOC 2, and GDPR/CCPA. Excellent communication skills, able to translate technical risk to non-technical stakeholders. Eligible to work in the UK and able to pass background checks. Desirable: Certifications such as CRISC, CISSP, CISA, or ISO 27001 Lead Auditor. Familiarity with SaaS/cloud platforms (AWS, Azure, GCP). Understanding of secure software supply chains (SBOM, SLSA). What's on Offer 50,000 - 55,000 base salary 25 days annual leave + public holidays (increasing with service) Matched pension scheme Private medical insurance & life assurance Fitness allowance Paid study leave & volunteering days Flexible hybrid working Excellent career development and training opportunities
IT Security Analyst Location: Hybrid - Buckinghamshire Salary: 50,000 - 55,000 + Benefits 83zero are partnered with a market-leading software company who are on a mission to transform the construction and related industries through their end-to-end digital solutions. With teams across the UK, Europe, USA and India, they are delivering large-scale transformation projects on a global scale and are continuing to expand. We are now looking for a highly organised and detail-driven IT Security Analyst to join their growing security function. This role plays a key part in securing customer trust and supplier integrity, ensuring compliance with recognised frameworks, and supporting wider security initiatives. The Role Own and manage responses to customer security questionnaires (SIG, CAIQ, bespoke). Work cross-functionally with Legal, Compliance, Procurement, Product and Security teams. Maintain the security assurance matrix in line with ISO 27001, Cyber Essentials, and SOC 2. Act as the key point of contact for security assurance queries. Conduct vendor risk assessments against ISO 27001, NIST, and CIS Controls. Manage the third-party due diligence programme, including onboarding and periodic reviews. Track and publish key security metrics such as risk severity, SLA adherence, and turnaround times. Provide audit artefacts and support internal/external audits. Contribute to broader security initiatives and continuous improvement within the organisation. About You 3+ years' experience in Information Security, GRC, or Vendor Risk Management. Strong experience issuing or responding to security questionnaires. Knowledge of ISO 27001 Annex A, SOC 2, and GDPR/CCPA. Excellent communication skills, able to translate technical risk to non-technical stakeholders. Eligible to work in the UK and able to pass background checks. Desirable: Certifications such as CRISC, CISSP, CISA, or ISO 27001 Lead Auditor. Familiarity with SaaS/cloud platforms (AWS, Azure, GCP). Understanding of secure software supply chains (SBOM, SLSA). What's on Offer 50,000 - 55,000 base salary 25 days annual leave + public holidays (increasing with service) Matched pension scheme Private medical insurance & life assurance Fitness allowance Paid study leave & volunteering days Flexible hybrid working Excellent career development and training opportunities
03/10/2025
Full time
IT Security Analyst Location: Hybrid - Buckinghamshire Salary: 50,000 - 55,000 + Benefits 83zero are partnered with a market-leading software company who are on a mission to transform the construction and related industries through their end-to-end digital solutions. With teams across the UK, Europe, USA and India, they are delivering large-scale transformation projects on a global scale and are continuing to expand. We are now looking for a highly organised and detail-driven IT Security Analyst to join their growing security function. This role plays a key part in securing customer trust and supplier integrity, ensuring compliance with recognised frameworks, and supporting wider security initiatives. The Role Own and manage responses to customer security questionnaires (SIG, CAIQ, bespoke). Work cross-functionally with Legal, Compliance, Procurement, Product and Security teams. Maintain the security assurance matrix in line with ISO 27001, Cyber Essentials, and SOC 2. Act as the key point of contact for security assurance queries. Conduct vendor risk assessments against ISO 27001, NIST, and CIS Controls. Manage the third-party due diligence programme, including onboarding and periodic reviews. Track and publish key security metrics such as risk severity, SLA adherence, and turnaround times. Provide audit artefacts and support internal/external audits. Contribute to broader security initiatives and continuous improvement within the organisation. About You 3+ years' experience in Information Security, GRC, or Vendor Risk Management. Strong experience issuing or responding to security questionnaires. Knowledge of ISO 27001 Annex A, SOC 2, and GDPR/CCPA. Excellent communication skills, able to translate technical risk to non-technical stakeholders. Eligible to work in the UK and able to pass background checks. Desirable: Certifications such as CRISC, CISSP, CISA, or ISO 27001 Lead Auditor. Familiarity with SaaS/cloud platforms (AWS, Azure, GCP). Understanding of secure software supply chains (SBOM, SLSA). What's on Offer 50,000 - 55,000 base salary 25 days annual leave + public holidays (increasing with service) Matched pension scheme Private medical insurance & life assurance Fitness allowance Paid study leave & volunteering days Flexible hybrid working Excellent career development and training opportunities
Security Risk Analyst 6-month contract London/Remote Inside IR35 My Customer is looking for a Security Risk Analyst to join their Governance, Risk & Compliance (GRC) team. You will play a key role in strengthening their risk management processes, working primarily with Archer and other GRC tools to support risk assessment, compliance, and governance activities. In this role, you will be responsible for identifying, assessing, and tracking security risks across assets, systems, and third parties, ensuring compliance with internal standards, policies, and regulatory frameworks. Key Skills from the Security Risk Analyst: Strong background in Security Risk and Governance with hands-on experience in Archer (experience with other GRC tools is also valuable). Solid understanding of risk assessment methodologies, security frameworks (NIST, ISO (phone number removed , and compliance requirements (GDPR, PCI DSS, SOX). Strong written communication skills, able to produce clear technical reports and risk documentation. Excellent stakeholder management, able to collaborate across technical and non-technical teams. Beneficial certifications: CISSP, CISA, CISM (or equivalent). ISO27001 / ISMS Accredited qualifications would be beneficial Experience working in financial sector would be beneficial Experience in ensuring internal IT system compliance against agreed standards Key Responsibilities of the Security Risk Analyst: Maintain and improve the security risk assessment framework, procedures, and workflows. Manage and update security questionnaires to align with compliance requirements, industry standards, and regulations. Conduct asset-level and third-party/vendor risk assessments. Analyse and document inherent and residual risks, providing clear recommendations. Produce detailed technical reports highlighting findings, control gaps, and proposed remediation plans. Drive remediation Perform periodic and ad-hoc risk assessments in line with organisational policies. The Security Risk Analyst is required onsite in London, once a week. Apply now to speak with VIQU IT in confidence about the Security Risk Analyst role. Or reach out to Connor Smal via the VIQU IT website. Do you know someone great? We ll thank you with up to £1,000 if your referral is successful (terms apply). For more exciting roles and opportunities like this, please follow us on IT Recruitment.
02/10/2025
Contractor
Security Risk Analyst 6-month contract London/Remote Inside IR35 My Customer is looking for a Security Risk Analyst to join their Governance, Risk & Compliance (GRC) team. You will play a key role in strengthening their risk management processes, working primarily with Archer and other GRC tools to support risk assessment, compliance, and governance activities. In this role, you will be responsible for identifying, assessing, and tracking security risks across assets, systems, and third parties, ensuring compliance with internal standards, policies, and regulatory frameworks. Key Skills from the Security Risk Analyst: Strong background in Security Risk and Governance with hands-on experience in Archer (experience with other GRC tools is also valuable). Solid understanding of risk assessment methodologies, security frameworks (NIST, ISO (phone number removed , and compliance requirements (GDPR, PCI DSS, SOX). Strong written communication skills, able to produce clear technical reports and risk documentation. Excellent stakeholder management, able to collaborate across technical and non-technical teams. Beneficial certifications: CISSP, CISA, CISM (or equivalent). ISO27001 / ISMS Accredited qualifications would be beneficial Experience working in financial sector would be beneficial Experience in ensuring internal IT system compliance against agreed standards Key Responsibilities of the Security Risk Analyst: Maintain and improve the security risk assessment framework, procedures, and workflows. Manage and update security questionnaires to align with compliance requirements, industry standards, and regulations. Conduct asset-level and third-party/vendor risk assessments. Analyse and document inherent and residual risks, providing clear recommendations. Produce detailed technical reports highlighting findings, control gaps, and proposed remediation plans. Drive remediation Perform periodic and ad-hoc risk assessments in line with organisational policies. The Security Risk Analyst is required onsite in London, once a week. Apply now to speak with VIQU IT in confidence about the Security Risk Analyst role. Or reach out to Connor Smal via the VIQU IT website. Do you know someone great? We ll thank you with up to £1,000 if your referral is successful (terms apply). For more exciting roles and opportunities like this, please follow us on IT Recruitment.
Acorn Insurance and Financial Services Limited
Liverpool
Due to a period of exciting growth Acorn are looking for a highly skilled and experienced Senior Information Security Analyst to join our Information Security Team. Within this role you get the opportunity to join a collaborative team and have a chance to blend GRC responsibilities with technical security experience, all whilst working for a market leading insurance company, supporting and maintaining robust security controls and regulatory compliance.
Job Title: Senior Information Security Analyst (12 month FTC)
Location: Liverpool City Centre, Hybrid working available
Working Hours: Monday to Friday, 37.5 hours per week , 9:00 AM – 5:30 PM
Salary: £50,000 - £60,000 pa (DOE).
What you will be doing:
Work with all parties across the business to identify and assess risk and ensure mitigations are tracked to completion.
Lead the development and maintenance of information security policies, standards and procedures in line with regulatory frameworks and industry standards.
Lead third party risk management processes.
Collaborate across all areas of the business to align security policies and processes with business objectives and regulatory obligations.
Work with Security Operations and IT teams to provide oversight of vulnerability assessments and remediation activities.
Lead on security architecture reviews for new systems and services.
Evaluate technical security controls and recommending improvements.
Support the implementation of security tools and technologies.
Provide oversight of the security incident management process.
Provide security metrics for interested parties at all levels.
Lead the security awareness programme to promote a culture of security within all levels of the Group.
Provide support for internal and external security audits.
Lead security governance meetings representing the Information Security team and standing in for the Head of Information Security when required.
Provide subject matter expertise liaising across all business functions.
What we look for:
Minimum 5 years' experience in information security roles.
Strong leadership and mentorship abilities with a strategic mindset.
Experience with risk assessment methodologies.
Excellent analytical and problem-solving skills with attention to detail.
Strong communication skills with the ability to explain complex security concepts to non-technical stakeholders.
Ability to manage risk and compliance projects and drive security initiatives.
Knowledge of information security frameworks such as ISO 27001 or NIST.
Knowledge of vulnerability management processes.
About Acorn Insurance With over 40 years of experience, Acorn Insurance is a specialist provider dedicated to helping individuals secure motor insurance across the UK. We proudly serve more than 50,000 customers, ensuring they find policies that meet their needs and provide the peace of mind that comes with high-quality cover.
At Acorn Insurance, we offer comprehensive training and continuous in-house coaching. You'll receive in-depth, FCA-regulated industry knowledge and all the tools necessary to grow your career with us.
We celebrate diversity and are committed to fostering a culture where everyone feels respected and valued. As a Disability Confident Level 1 and Level 2 employer, we ensure our workplace is accessible and inclusive, encouraging our people to bring their best selves to work every day.
The Acorn Group has been recognised as a Great Place to Work for 2024/5. A record number of employees participated in our survey, overwhelmingly highlighting our welcoming and supportive atmosphere as an excellent place to build a career. We are committed to continuous improvement and have ambitious plans for 2025.
Why Acorn Insurance? Acorn Insurance want to give you more than a job, we want to give you a purpose and a career. So, what can we offer you as an employer? Some of the "your tomorrow" benefits you will receive include: Wellbeing:
Enhanced Annual Leave entitlement starting at 31 days and potentially increasing to 35 days per year depending on grade & length of service (including bank holidays)
Enhanced paternity pay and 16 weeks full maternity pay.
Colleague Assistance programme offers a suite of wellbeing services such as:
6 Free Counselling sessions per year
Unlimited access to a telephone councillor 24/7
Access to a free 4-week programme of cognitive behavioural therapy (CBT) with a trained therapist mentor.
Network of internal qualified mental health first aiders are available to provide support to colleagues.
Financial:
A core level of life assurance with the option to increase cover via salary sacrifice and add your spouse/partner
Ability to access your earnings before payday via Dayforce Wallet.
Company pension scheme
Refer a friend scheme with a £250 bonus for every colleague recommended on passing their probation period.
Access to a flexible benefits platform including an annual flex pot allowance to spend on over 15 benefits of your choice.
Ability to give back. You can opt into donating money to charity to climate positive organisations directly from your salary.
Reward, Recognition and Culture :
Long Service Award paid on 5,10- and 15-years’ service
A reward and recognition hub to celebrate and reward colleagues and peers.
Consistent and engaging company events including company awards, competitions and charity fundraisers.
Budgets for department leaders to use for social and engagement events. Please visit out website to view more of our excellent work benefits!
All roles are subject to DBS and Financial checks, any offer made will be conditional until checks are completed to a satisfactory standard. Unfortunately, due to the length of training and complexity of the role, we can only accept applications from candidates who have at least one year remaining on their (Graduate/ Post study work) visa. Unfortunately, we are unable to provide visa sponsorships. At Acorn, we are committed to creating an inclusive and supportive work environment. We recognise that candidates may have specific needs and are happy to consider reasonable adjustments to the recruitment process and working environment to accommodate individual requirements. Whether it’s modifying equipment, adjusting working hours, or providing additional support, we aim to ensure all employees can perform at their best. If you require any reasonable adjustments, please let us know during the application or interview process, and we will work with you to ensure your needs are met.
25/04/2025
Full time
Due to a period of exciting growth Acorn are looking for a highly skilled and experienced Senior Information Security Analyst to join our Information Security Team. Within this role you get the opportunity to join a collaborative team and have a chance to blend GRC responsibilities with technical security experience, all whilst working for a market leading insurance company, supporting and maintaining robust security controls and regulatory compliance.
Job Title: Senior Information Security Analyst (12 month FTC)
Location: Liverpool City Centre, Hybrid working available
Working Hours: Monday to Friday, 37.5 hours per week , 9:00 AM – 5:30 PM
Salary: £50,000 - £60,000 pa (DOE).
What you will be doing:
Work with all parties across the business to identify and assess risk and ensure mitigations are tracked to completion.
Lead the development and maintenance of information security policies, standards and procedures in line with regulatory frameworks and industry standards.
Lead third party risk management processes.
Collaborate across all areas of the business to align security policies and processes with business objectives and regulatory obligations.
Work with Security Operations and IT teams to provide oversight of vulnerability assessments and remediation activities.
Lead on security architecture reviews for new systems and services.
Evaluate technical security controls and recommending improvements.
Support the implementation of security tools and technologies.
Provide oversight of the security incident management process.
Provide security metrics for interested parties at all levels.
Lead the security awareness programme to promote a culture of security within all levels of the Group.
Provide support for internal and external security audits.
Lead security governance meetings representing the Information Security team and standing in for the Head of Information Security when required.
Provide subject matter expertise liaising across all business functions.
What we look for:
Minimum 5 years' experience in information security roles.
Strong leadership and mentorship abilities with a strategic mindset.
Experience with risk assessment methodologies.
Excellent analytical and problem-solving skills with attention to detail.
Strong communication skills with the ability to explain complex security concepts to non-technical stakeholders.
Ability to manage risk and compliance projects and drive security initiatives.
Knowledge of information security frameworks such as ISO 27001 or NIST.
Knowledge of vulnerability management processes.
About Acorn Insurance With over 40 years of experience, Acorn Insurance is a specialist provider dedicated to helping individuals secure motor insurance across the UK. We proudly serve more than 50,000 customers, ensuring they find policies that meet their needs and provide the peace of mind that comes with high-quality cover.
At Acorn Insurance, we offer comprehensive training and continuous in-house coaching. You'll receive in-depth, FCA-regulated industry knowledge and all the tools necessary to grow your career with us.
We celebrate diversity and are committed to fostering a culture where everyone feels respected and valued. As a Disability Confident Level 1 and Level 2 employer, we ensure our workplace is accessible and inclusive, encouraging our people to bring their best selves to work every day.
The Acorn Group has been recognised as a Great Place to Work for 2024/5. A record number of employees participated in our survey, overwhelmingly highlighting our welcoming and supportive atmosphere as an excellent place to build a career. We are committed to continuous improvement and have ambitious plans for 2025.
Why Acorn Insurance? Acorn Insurance want to give you more than a job, we want to give you a purpose and a career. So, what can we offer you as an employer? Some of the "your tomorrow" benefits you will receive include: Wellbeing:
Enhanced Annual Leave entitlement starting at 31 days and potentially increasing to 35 days per year depending on grade & length of service (including bank holidays)
Enhanced paternity pay and 16 weeks full maternity pay.
Colleague Assistance programme offers a suite of wellbeing services such as:
6 Free Counselling sessions per year
Unlimited access to a telephone councillor 24/7
Access to a free 4-week programme of cognitive behavioural therapy (CBT) with a trained therapist mentor.
Network of internal qualified mental health first aiders are available to provide support to colleagues.
Financial:
A core level of life assurance with the option to increase cover via salary sacrifice and add your spouse/partner
Ability to access your earnings before payday via Dayforce Wallet.
Company pension scheme
Refer a friend scheme with a £250 bonus for every colleague recommended on passing their probation period.
Access to a flexible benefits platform including an annual flex pot allowance to spend on over 15 benefits of your choice.
Ability to give back. You can opt into donating money to charity to climate positive organisations directly from your salary.
Reward, Recognition and Culture :
Long Service Award paid on 5,10- and 15-years’ service
A reward and recognition hub to celebrate and reward colleagues and peers.
Consistent and engaging company events including company awards, competitions and charity fundraisers.
Budgets for department leaders to use for social and engagement events. Please visit out website to view more of our excellent work benefits!
All roles are subject to DBS and Financial checks, any offer made will be conditional until checks are completed to a satisfactory standard. Unfortunately, due to the length of training and complexity of the role, we can only accept applications from candidates who have at least one year remaining on their (Graduate/ Post study work) visa. Unfortunately, we are unable to provide visa sponsorships. At Acorn, we are committed to creating an inclusive and supportive work environment. We recognise that candidates may have specific needs and are happy to consider reasonable adjustments to the recruitment process and working environment to accommodate individual requirements. Whether it’s modifying equipment, adjusting working hours, or providing additional support, we aim to ensure all employees can perform at their best. If you require any reasonable adjustments, please let us know during the application or interview process, and we will work with you to ensure your needs are met.
Job Title: Governance, Risk, Compliance (GRC) Information Security Analyst Salary: Up to £85,000 + Great bonus and benefits package Hybrid Model: 2 days per week in Central London, 3 days remote Office Location: Liverpool Street area About the Client and the Role: My client, a highly prestigious, globally renowned name in financial services is seeking an experienced GRC Analyst to provide analysis of existing and constantly progressing security systems. Responsibilities and Areas of Focus: BAU activities supporting GRC and Information Security Driving risk capture, analysis and reporting Audit oversight ie understanding audit scope and controls being assessed, the resulting Findings and overseeing remediation effort. Detailed auditing and documentation of security projects Analysis and reporting of information security Managing complex data sets and creating detailed reports Presenting/Reporting to key stakeholders (both written and verbal) Risk management frameworks and assessing technology risk. Candidate Experience/Knowledge: Professional background in Information Security Analysis Experience in financial environments Outstanding communication skills (verbal & written) Experience with stakeholders Demonstrable experience auditing and documenting complex information security projects Experience working with Regulatory bodies eg FCA, BoE Knowledge of technology within a financial/trading environment
17/08/2023
Full time
Job Title: Governance, Risk, Compliance (GRC) Information Security Analyst Salary: Up to £85,000 + Great bonus and benefits package Hybrid Model: 2 days per week in Central London, 3 days remote Office Location: Liverpool Street area About the Client and the Role: My client, a highly prestigious, globally renowned name in financial services is seeking an experienced GRC Analyst to provide analysis of existing and constantly progressing security systems. Responsibilities and Areas of Focus: BAU activities supporting GRC and Information Security Driving risk capture, analysis and reporting Audit oversight ie understanding audit scope and controls being assessed, the resulting Findings and overseeing remediation effort. Detailed auditing and documentation of security projects Analysis and reporting of information security Managing complex data sets and creating detailed reports Presenting/Reporting to key stakeholders (both written and verbal) Risk management frameworks and assessing technology risk. Candidate Experience/Knowledge: Professional background in Information Security Analysis Experience in financial environments Outstanding communication skills (verbal & written) Experience with stakeholders Demonstrable experience auditing and documenting complex information security projects Experience working with Regulatory bodies eg FCA, BoE Knowledge of technology within a financial/trading environment
Title: Security Metrics and Data Reporting Analyst Rate 569.29 Per Day, Via Umbrella, Inside IR35 Location: Brentford Number of Position: 2 LOA: Initially 6 months We are currently seeking a Security Metrics and Data Reporting Analyst to join our Cyber Risk Assurance Team. Security Metrics and Data Reporting Analyst will be responsible for implementing Power BI tools and developing techniques along with integration of GRC Tools for measuring and reporting technical performance metrics as well developing and running reports on regular schedules. Other responsibilities include maintaining of performance metrics, collecting, validating, interpreting, and organizing various types of data into meaningful reports and/or summaries for designated audiences.
10/01/2022
Contractor
Title: Security Metrics and Data Reporting Analyst Rate 569.29 Per Day, Via Umbrella, Inside IR35 Location: Brentford Number of Position: 2 LOA: Initially 6 months We are currently seeking a Security Metrics and Data Reporting Analyst to join our Cyber Risk Assurance Team. Security Metrics and Data Reporting Analyst will be responsible for implementing Power BI tools and developing techniques along with integration of GRC Tools for measuring and reporting technical performance metrics as well developing and running reports on regular schedules. Other responsibilities include maintaining of performance metrics, collecting, validating, interpreting, and organizing various types of data into meaningful reports and/or summaries for designated audiences.
SAP Security Analyst Salary- circa £45,000 depending upon skills and experience? Location: Lincoln / Huntingdon Permanent - full time (37 hours per week) Anglian water uses SAP as its core central ERP system. It holds critical data relating to finance, assets, customers and business processes. It is the heart of our IT business landscape and underpins the business operations. Protecting this data from fraud, cyber-attack and misuse is a top priority for the business. The availability and integrity of information is vital to our water operations, as well as our customer and support services.? What will you be doing?? The purpose of this role is to ensure that the risk of fraud and misuse of data held in SAP is minimised and is managed appropriately through the design, build and provisioning of appropriate access that fully meets the needs of our customers. You will work with outsourced IT specialists, project teams and AW business managers to?analyse & understand the risks associated?with their area of the business then design and develop SAP Security authorisation concepts based on SAP best practice and business policies. Review project/change documents. Analyse & understand the risks associated with application security exposures and provide solutions to eliminate or reduce these exposures.?Ensure projects deliver solutions that will fit into the business-as-usual process without adding more risk? Liaise with?internal/external?auditors?to provide necessary information during audits.? This role would also be expected to work on the continuous improvement of SAP security support processes. Key responsibilities include:? Perform a review all access requests to identify risks and feed back to the training team scheduler or requestors when these requests will give users risks that are not currently controlled Ensure correct approvals are provided before access is provisioned and ensure these are kept as evidence for internal and external auditors on the User Provisioning Process. Provide expert advice to SAP training team, business managers and projects around SAP Security user provisioning processes to ensure that security risks are reduced. Provisioning SAP access for business users after completion of training Provide least risk access to our 3rd party partners to ensure risks are kept to a minimum, working with them to provide the correct access for projects and system refreshes etc Administrator for all the SAP systems in Anglian Water's landscape, ensuring that the correct access is provided according to the system and the data contained in each Responsible for the CUA (Central User Administrator) system, this system enables efficient account creation and password resets to all the connected SAP systems . What do you need? Experience in a similar role is preferred Experience of ECC 6, SAP Gateway, Fiori, S4 Hana, Portals, CUA, GRC SAP ADM900 - SAP System Security Fundamentals SAP ADM920 - SAP Identity Management SAP ADM940 - AS ABAP - Authorisation Concept SAPEPE - Fundamentals' (Portal) WCHGRC Overview SAP GRC Ideally would have experience of the following technology:? Service Now?or other on-line service desk systems? Microsoft applications?Excel, Word?or?Access databases? With the above experience in line with our Company Behaviours, we'll need you to 'Build Trust' with those you will work with, 'Do the Right Thing'. What benefits do we offer?? Being a successful water company doesn't come easy! Our people are important to us and we want to make sure that we reward and recognise?all of?the great work that they do. Some of our benefits include:? Bonus scheme? Private health care? Competitive pension scheme? 26 days annual leave rising with length of service? Flexible benefits to support your wellbeing? Flexible working (dependent on your role)? Plus?lots more!? We are passionate and committed to the learning and development of our people making sure they have the right skills and knowledge to be successful and to help achieve their potential. We also take Health and Safety very seriously in everything that we do.? If you are offered a job with us, you'll be subject to the relevant/standard employment checks, including: your right to work in the UK, reference, driving licence and identity check. Depending on your role, you may also be subject to further pre-employment checks.? Working Location The challenges of the pandemic have allowed us to accelerate our AMP7 plans to adopt a more agile workforce. We recognise that work has become a thing we do, rather than a place we go so we're open to remote working as part of the team so don't feel this is a barrier to applying. That said, we'd like you to be comfortable in travelling into our main campus sites at either Lincoln or Huntingdon on occasion.? Closing date: 27/10/2021
04/11/2021
Full time
SAP Security Analyst Salary- circa £45,000 depending upon skills and experience? Location: Lincoln / Huntingdon Permanent - full time (37 hours per week) Anglian water uses SAP as its core central ERP system. It holds critical data relating to finance, assets, customers and business processes. It is the heart of our IT business landscape and underpins the business operations. Protecting this data from fraud, cyber-attack and misuse is a top priority for the business. The availability and integrity of information is vital to our water operations, as well as our customer and support services.? What will you be doing?? The purpose of this role is to ensure that the risk of fraud and misuse of data held in SAP is minimised and is managed appropriately through the design, build and provisioning of appropriate access that fully meets the needs of our customers. You will work with outsourced IT specialists, project teams and AW business managers to?analyse & understand the risks associated?with their area of the business then design and develop SAP Security authorisation concepts based on SAP best practice and business policies. Review project/change documents. Analyse & understand the risks associated with application security exposures and provide solutions to eliminate or reduce these exposures.?Ensure projects deliver solutions that will fit into the business-as-usual process without adding more risk? Liaise with?internal/external?auditors?to provide necessary information during audits.? This role would also be expected to work on the continuous improvement of SAP security support processes. Key responsibilities include:? Perform a review all access requests to identify risks and feed back to the training team scheduler or requestors when these requests will give users risks that are not currently controlled Ensure correct approvals are provided before access is provisioned and ensure these are kept as evidence for internal and external auditors on the User Provisioning Process. Provide expert advice to SAP training team, business managers and projects around SAP Security user provisioning processes to ensure that security risks are reduced. Provisioning SAP access for business users after completion of training Provide least risk access to our 3rd party partners to ensure risks are kept to a minimum, working with them to provide the correct access for projects and system refreshes etc Administrator for all the SAP systems in Anglian Water's landscape, ensuring that the correct access is provided according to the system and the data contained in each Responsible for the CUA (Central User Administrator) system, this system enables efficient account creation and password resets to all the connected SAP systems . What do you need? Experience in a similar role is preferred Experience of ECC 6, SAP Gateway, Fiori, S4 Hana, Portals, CUA, GRC SAP ADM900 - SAP System Security Fundamentals SAP ADM920 - SAP Identity Management SAP ADM940 - AS ABAP - Authorisation Concept SAPEPE - Fundamentals' (Portal) WCHGRC Overview SAP GRC Ideally would have experience of the following technology:? Service Now?or other on-line service desk systems? Microsoft applications?Excel, Word?or?Access databases? With the above experience in line with our Company Behaviours, we'll need you to 'Build Trust' with those you will work with, 'Do the Right Thing'. What benefits do we offer?? Being a successful water company doesn't come easy! Our people are important to us and we want to make sure that we reward and recognise?all of?the great work that they do. Some of our benefits include:? Bonus scheme? Private health care? Competitive pension scheme? 26 days annual leave rising with length of service? Flexible benefits to support your wellbeing? Flexible working (dependent on your role)? Plus?lots more!? We are passionate and committed to the learning and development of our people making sure they have the right skills and knowledge to be successful and to help achieve their potential. We also take Health and Safety very seriously in everything that we do.? If you are offered a job with us, you'll be subject to the relevant/standard employment checks, including: your right to work in the UK, reference, driving licence and identity check. Depending on your role, you may also be subject to further pre-employment checks.? Working Location The challenges of the pandemic have allowed us to accelerate our AMP7 plans to adopt a more agile workforce. We recognise that work has become a thing we do, rather than a place we go so we're open to remote working as part of the team so don't feel this is a barrier to applying. That said, we'd like you to be comfortable in travelling into our main campus sites at either Lincoln or Huntingdon on occasion.? Closing date: 27/10/2021
My client, a global insurance company, is seeking a Cloud Controls Analyst to join its Compliance and Controls team (part of the GRC function) on a long-term contractual basis. This team conduct second line of defence testing for controls including those relating to the Security and Availability Trust Principles within SOC2. The successful Cloud Controls Analyst will support the delivery of cloud control testing in the areas of information & cyber security, technology and cloud infrastructure, conducting design adequacy and operating effectiveness testing of cloud controls for SOC2. Key duties include, but are not limited to: Performing assessment of Cloud controls (focusing on Azure) including; o Control design adequacy o Control operating effectiveness - Cloud control testing (including guard rails resource log analysis etc.) - Developing operating processes and procedures for cloud control testing of structured test papers for all controls tested - Reporting and tracking of cloud control gap remediations as well as ineffective or inadequate controls - Identify opportunities and recommendations to improve the design and implementation of cloud controls - Support the control owners in the design and maintenance and documentation of cloud controls Key words: Information Security, Compliance, security, SOC2 SOC 2, GRC, Trust Principles, cyber security, Cloud, Azure Eames Consulting is acting as an Employment Business in relation to this vacancy.
05/10/2021
Contractor
My client, a global insurance company, is seeking a Cloud Controls Analyst to join its Compliance and Controls team (part of the GRC function) on a long-term contractual basis. This team conduct second line of defence testing for controls including those relating to the Security and Availability Trust Principles within SOC2. The successful Cloud Controls Analyst will support the delivery of cloud control testing in the areas of information & cyber security, technology and cloud infrastructure, conducting design adequacy and operating effectiveness testing of cloud controls for SOC2. Key duties include, but are not limited to: Performing assessment of Cloud controls (focusing on Azure) including; o Control design adequacy o Control operating effectiveness - Cloud control testing (including guard rails resource log analysis etc.) - Developing operating processes and procedures for cloud control testing of structured test papers for all controls tested - Reporting and tracking of cloud control gap remediations as well as ineffective or inadequate controls - Identify opportunities and recommendations to improve the design and implementation of cloud controls - Support the control owners in the design and maintenance and documentation of cloud controls Key words: Information Security, Compliance, security, SOC2 SOC 2, GRC, Trust Principles, cyber security, Cloud, Azure Eames Consulting is acting as an Employment Business in relation to this vacancy.
