68 jobs found

Chaucer Underwriting Services Limited is looking for an Information Security Governance Risk and Compliance Analyst to enhance audit findings tracking across multiple jurisdictions. This mid-level position includes responsibilities like coordinating security compliance and maintaining accurate registers. The successful candidate should demonstrate strong organizational skills and superb communication abilities. This role not only supports ISO27001 certifications but also provides exposure to international regulatory engagements, making it ideal for career growth in information security.

Job Profile Summary The Information Security Governance Risk and Compliance Analyst sits within the corporate Information Security team, which is led by the Information Security Officer and operates within the COO organisation. The team is independent of the compliance, risk, and IT functions. This role reports to the Head of Information Security Governance Risk and Compliance and exists to keep information security audit findings, compliance deliverables, and regulatory commitments moving forward - tracking open items, chasing action owners, and making sure the information security function meets its obligations across audit and compliance workstreams. The role will work across ISO27001 audits, penetration tests, and tabletop exercises - making sure findings have owners, owners have deadlines, and deadlines are met. On the compliance side, it will coordinate information security's inputs to Lloyd's Principles Based Oversight (PBO), DORA, GDPR, and regulatory engagements with international supervisors including the Monetary Authority of Singapore, Central Bank of Ireland, and Dubai Financial Services Authority. This is a mid level role with room to grow. A successful candidate does not need to have done everything on this list before, but does need to be organised, persistent, and comfortable holding people to account. Key Responsibilities Track and drive remediation of all information security-related findings from internal audits, ISO27001 audits, penetration tests, and tabletop exercises. Maintain accurate registers, hold action owners to deadlines, andescalate slippage. Act as the primary information security point of contact for the compliance function across Lloyd's PBO (particularly cyber resilience within the operational resilience pillar), DORA, and GDPR. Coordinate information security evidence and inputs for regulatory engagements across multiple jurisdictions, including MAS, CBI, and DFSA. Chase and track all information security compliance deliverables, making sure requests from regulators, compliance, and audit are answered accurately and on time. Prepare progress updates on open findings, compliance deliverables, and regulatory action items for stakeholders. Support the Head of Information Security Governance Risk and Compliance with GRC tooling, tracking, and reporting - producing metrics that give clear visibility of where things stand. Build solid working relationships with action owners, compliance, risk, and audit so that chasing things down does not become adversarial. Skills and Experience Experience in Information Security GRC, IT audit, IT risk, or compliance coordination - ideally in insurance, reinsurance, or the Lloyd's market. Familiarity with ISO27001 and how audit finding remediation works in practice. Working knowledge of regulatory regimes relevant to the London market such as Lloyd's PBO and DORA. Experience with international financial regulators is a plus. Strong organisational skills - able to track a high volume of open items, deadlines, and dependencies across multiple workstreams without losing grip. Clear communicator, written and verbal. Able to produce concise status updates and engage constructively with people at all levels. Comfortable working across teams - information security, compliance, audit, and business stakeholders all need to see the role holder as someone who makes their life easier, not harder. Experience with GRC platforms or tracking tools and the ability to pull useful reporting from them is a plus. Impact of the Role Audit findings and regulatory commitments do not close themselves. Without someone actively tracking and chasing, items age, deadlines slip, and risk accumulates without anyone noticing until it becomes a problem. This role stops that from happening. In a Lloyd's market business with regulatory obligations spanning multiple jurisdictions, having someone who owns the tracking and coordination of Information Security GRC activity is not optional. This is also a strong development role. The successful candidate will get direct exposure to ISO27001 certification, Lloyd's PBO, DORA, international regulatory engagement, and the full audit lifecycle - with the Head of Information Security Governance Risk and Compliance providing direction and support. It is a good role for someone who wants to build a career in this space and is willing to put the work in. Chaucer is committed to diversity, actively values difference and respects people regardless of the protected characteristics which are outlined in the Equality Act 2010 (UK legislation) as a result of the Equal Treatment Directive 2006 (EU legislation). A diverse workforce and an inclusive workplace are core to our success as a business and integral to our winning strategy and culture. We recruit from the widest available pool of talent, and our hiring, assessment and selection process is fair, free from bias and one which ensures we select the right person for the job, based on merit. We are committed to promoting a culture that actively values difference, and recognises that everyone has the right to be treated with dignity and respect throughout their employment. We are open to considering flexible working arrangements for all roles and encourage you to outline your needs during the interview process.

Business Unit:Cubic Transportation SystemsCompany Details:When you join Cubic, you become part of a company that creates and delivers technology solutions in transportation to make people's lives easier by simplifying their daily journeys, and defense capabilities to help promote mission success and safety for those who serve their nation. Led by our talented teams around the world, Cubic is committed to solving global issues through innovation and service to our customers and partners.We have a top-tier portfolio of businesses, including Cubic Transportation Systems (CTS) and Cubic Defense (CD). Explore more on Details:Cubic Transportation Systems (CTS) is a global leader in intelligent transportation solutions, specializing in technologies that make public transit more efficient, accessible, and user-friendly. A significant feature is providing Fare and Payment card services to government and municipal customers across the globe.Job Summary:As Member of the Cubic information security team, you will provide security compliance support for production transaction processing environments. Evaluate posture of security controls and operating environment to ensure compliance with organization security policies and controls. Plans and prepares the scope of IT compliance evaluation programs across the organization and isolates potential risks or liabilities and develops mitigation plans. Partners with external auditors to coordinate and facilitate PCI-DSS, ISO 27001, etc. compliance/audit efforts. This position typically works under limited supervision and direction. Candidates for this position will regularly exercise discretionary and substantial decision-making authority.RESPONSIBILITIESEssential Job Duties and ResponsibilitiesPerform as the recognized Subject Matter Expert on Security Risk Assessment methodology, policy, strategy and processes.Facilitate all security audit operations, including scheduling, vendor coordination, program, and stakeholder coordination.Responsible for coordination with the Internal/External Auditors and Information Technology teams to successfully complete periodic audits. Works independently to schedule and conduct control walk through meetings and address follow up procedures to ensure all stakeholders understand duties and responsibilitiesLead the design and control reviews and assessments to support continuous compliance with security policies and standardsManage security review processes for all solutions to ensure they their design and implementation meets compliance requirements - including PCI-DSS, ISO 27001, SOC 1 & SOC 2 and other regional requirements Document and actively communicate any areas where the solutions and processes are not fully compliant.Identify and report significant information security risks associated with applications, development, networking, data centers, Cloud and physical IT infrastructure, vendors and other third parties.Identify stakeholders in remediation of compliance gaps and actively escalate issues to them in a constructive manner that helps them understand the actions required. Work to gain acceptance of responsibility and track progress towards remediation. Actively manage escalation as needed if solutions are not resolved in a timely manner.Work with system operators and security subject matter experts to communicate system compliance gaps and develop acceptable remediation plans.Capture compliance gaps and remediation plans in the OneTrust GRC system. Plans, reviews, and performs (as needed) controls monitoring around complex customer facing systems using the One Trust.Liaisengage with Cubic customers and Security Teams to build positive relationships and outcomesSupports efforts to educate Security Management and Security Team Members in compliant IT processes and controls. Prepare and maintain process and control documentationAid in the development of solutions to problems identified during audits and translates these solutions into practical recommendations. Partner with Operations and Engineering Teams to ensure timely and acceptable remediation of issues.Follow up on recommendations and appraises corrective actions taken to improve deficient conditions. To the greatest extent possible, ensure all Corporate Standards, SDLC, Change Management, and risk governance protocols are followed.Review vendor contracts and SOC reports to evaluate the impact on the company's controls. Coordinates with third party vendors where appropriate.General Duties and Responsibilities:Reliably demonstrate accountability for work assignments and proactive communications about issues and status. A strong history of proactively identifying effective solutions for challenges.Able to reliably demonstrate ethical behavior and accurate communications even when complex factors are involved.Able to operate in a professional manner, even in tense or continuous with Cubic's Quality Management SystemComply with Cubic's quality, health, safety, and security policies.Support the company's strategic objectives and collaborate across with Cubic Human Resources ProceduresSKILLS/EXPERIENCE/KNOWLEDGEEssential:Strong written and oral communication skills in English, with capability to use Microsoft Office solutions. Ability to effectively and openly collaborate with team members clients, IT management, staff, and business units in a cross functional and matrixed IT organizationComfortable working with staff at all levels and in other geographical locations within the organizationFamiliarity with PCI DSS 4, ISO , and or SOC I/II requirements and audits.Expert level experience collaborating with stakeholders and solution providers in a cross functional and matrixed IT organization. Able to adapt style efforts to persuade in delivering messages that relate to the wider business. Is frequently called on to advise others on complex matters and may be accountable through team for delivery of business targets.Exhibits advanced wide- ranging experience, using in- depth professional knowledge, acumen, concepts and company objectives to develop, resolve complex models and procedures. Provides solutions to issues in creative and effective ways. Understands the interrelationships of different disciplines. Directs the application of existing principles and guides development of new policies and ideas.Understands and works on complex issues where analysis of situations or data requires an in-depth evaluation of variable factors. Determines methods and procedures on new assignments. Exercises judgment in selecting methods, evaluating, adapting complex techniques and evaluation criteria for obtaining results.Desirable:Deep understanding of security risks and threats as they relate to the company's operating environments.QUALIFICATIONSEssential:Experience in services or IT systems in a mission critical setting.University degree in Computer Science, Engineering, or other technical fields, or Business Administration with relevant IT work experience.Experience working in IT security and/or Payment Card processing systems. Strong understanding of technical concepts, as well as demonstrated ability to understand complex internally developed systems.The candidate must reside within commuting distance from CTS offices in, and be able to periodically travel within the region.DesirableRelevant security or IT compliance certification in one or more areas, such as CISA, CRISC, CCSK, CCISSP, GIAC, PCI-ISA/QSA or equivalent.Knowledge of or willingness to learn information security best practices as it pertains to Open Payments, Mobility as a Service, data classifications, Microsoft Azure, AWS (or similar) cloud security and infrastructure, Web infrastructure security (Applications and APIs), Network security tools (IDS/IPS, firewalls, etc.), Encryption technology and implementation, Database security, Operating system security and hardening, vulnerability assessment tools and writing risk mitigation plans according to the assessment, and SIEM and FIM solutions.Worker Type:EmployeeWe are committed to creating an inclusive workplace and welcome applications from people of all backgrounds. We do not discriminate based on any protected characteristic under applicable law.

Why Rogo Our mission is to transform global finance by empowering professionals at the world's top investment banks, private equity funds, and investment firms with AI that delivers unparalleled speed, accuracy, and insight. We're not just improving financial workflows; we're redefining them. This is a unique opportunity to join a generational company driving transformation in one of the most important industries in the world. With a rapidly growing, global client base, proven product-market fit, and backing from world-class investors, we are scaling quickly and defining a new category of enterprise AI. Our team is sharp, motivated, and deeply committed to Rogo's mission. We take ownership of complex problems and stay relentlessly focused on our users. If you thrive in a fast paced environment, demand excellence, and want to help build the future of finance, we invite you to join us. The Role Rogo is hiring a Customer Trust Lead to own our customer trust, security assurance, and compliance programs as we scale globally. You'll be the person who ensures that when our customers ask hard questions about our security posture, they get clear, accurate, and timely answers. This is a hands on, high ownership role. You'll spend a significant amount of your time directly engaging with customers. Leading security review calls, navigating due diligence processes, and building trusted relationships with enterprise security and risk teams. Alongside that, you'll be deep in security questionnaires, customer risk assessments, and due diligence reviews, while building the processes and documentation that let this function scale. You'll work across Security, Engineering, Legal, and Sales to make sure what we say matches what we do, and that we're always getting better at both. What You Will Own Customer facing security engagements. Leading calls with enterprise security and risk teams, articulating Rogo's security architecture, and building the trusted relationships that give customers confidence to move forward. End to end lifecycle of customer security questionnaires, due diligence reviews, and third party risk assessments, ensuring every response is accurate, consistent, and reinforces customer confidence in Rogo. Rogo's response library. Standardised answers, evidence packages, and reusable content that turn every review into an opportunity to move faster next time. Compliance across frameworks relevant to our customers and jurisdictions: SOC 2, ISO 27001, ISO 42001, EU AI Act, UK Cyber Essentials, and GDPR, including evidence collection and audit coordination. Trust documentation: security whitepapers, architecture overviews, control narratives, and customer facing FAQs, partnering with Security and Engineering to translate technical controls into language that builds confidence with enterprise risk teams. Pattern recognition across customer inquiries, surfacing recurring themes and gaps and feeding those insights back into our security and compliance roadmap. Scalable workflows and tooling that keep pace with our growing customer base and increasingly sophisticated enterprise requirements. Great Candidates Often: Have 5+ years of experience in GRC, compliance, or customer facing security roles at a SaaS or cloud native company. Have a strong technical foundation. You're comfortable with architecture diagrams, network security controls, encryption, IAM, and container security. Have spent real time working through security questionnaires and customer due diligence, and have opinions on how to do it better. Can translate complex technical security concepts into clear, precise written and live responses. Understand common enterprise security expectations across cloud infrastructure, access control, data protection, and incident response. Are highly organised and thrive managing many parallel workstreams without dropping things. Have a bias toward building repeatable processes rather than heroically firefighting every request. Bonus: Experience supporting financial services customers on security, risk, and compliance topics. Exposure to cloud security concepts (GCP/AWS, Kubernetes, IAM). Experience building and implementing trust automation or questionnaire management platforms. Relevant certifications (CISA, CRISC, CISM, CISSP, ISO 27001 Lead Auditor). Familiarity with AI specific compliance considerations (EU AI Act, ISO 42001, model security). Who You Are You thrive in fast paced environments. You are high intensity and care a lot about what you do, and you're ecstatic to work at a startup. You are ambitious. You have fun solving problems that others think are impossible. You are curious. You find joy in learning about AI, technology, and finance. You are an owner. You are autonomous, self directed, and comfortable working with ambiguity. You are collaborative, organized, thoughtful, and kind. Why Join Rogo? Up and to the right: Rogo has strong product adoption with the world's leading financial institutions, and we are still early. The upside is enormous. Extraordinary team: we take talent density seriously. You'll do the best work of your career alongside some of the sharpest people in AI and finance. A one of one problem: bringing AI to the core of how Wall Street works is one of the most ambitious, technically demanding, and consequential problems today. There is nowhere else you can work on it at this scale. Real ownership: You'll own real surface area and watch the world's most sophisticated users rely on your work. Always at the frontier: we work at the edge of what the best models can do and turn it into products people trust. If you're obsessed with AI, this is where it's happening.

ServiceNow Architect London (Hybrid) 3 Month Contract £500-540/day (Outside IR35) ServiceNow Architect needed for a 3 Month Contract based in London (Hybrid). Start ASAP in July 2026. Hybrid Working - 3 days/week remote (WFH), and 2 days/week working from the office in London. Working with a global IT Consultancy supporting a Telecoms end client with a ServiceNow solutions project: Leading ServiceNow architecture design + implementation of ServiceNow modules including: ITSM, ITOM, ITAM, HRSD, CSM, GRC, SecOps + custom applications. Strong ServiceNow ITSM, plus 2 other modules (TSOM, ITOM, ITAM, HRSD, CSM, GRC, SecOps). Proven expertise in ServiceNow integrations -eg- REST, SOAP, APIs, MID Servers. Experience with ServiceNow scripting (JavaScript, Glide, Flow Designer) and ServiceNow data model. Experience designing and implementing CMDB and Discovery. Acting as the technical authority on ServiceNow architecture, design + best practices. Defining + driving overall platform strategy, roadmap, and governance. Ensuring platform scalability, security, performance, and integrations with other enterprise systems. Providing technical leadership in solution design workshops, architecture reviews, and governance boards. Working closely with key stakeholders, business analysts, and development teams to align solutions with business objectives. ServiceNow qualifications preferred: CSA, CIS, CAD, CTA. JBRP1_UKTJ

Limelight Health in Sunderland is seeking a compliance expert to shape and deliver a technical compliance framework. This pivotal role involves managing technology and security risks while ensuring compliance standards are met. The ideal candidate will understand security frameworks and effectively communicate technical concepts across the organization. The position includes a hybrid working model with 3 days in office and 2 days from home, promoting collaboration and focused work.

hackajob is collaborating with Tombola to connect them with exceptional professionals for this role. Sunderland - hybrid - permanent. What You'll Be Doing This is a key role that sits at the heart of how we balance security, compliance and innovation. You'll help shape and deliver an effective technical compliance framework, ensuring we maintain a strong security posture while moving at business pace. Working closely with technology teams, compliance and stakeholders across tombola, you'll identify, assess and manage technology and security risks. A big part of your role will be translating complex technical and regulatory requirements into actionable guidance for various audiences. You'll Also Support the ongoing development and improvement of our ISMS, policies, standards and processes Lead and support audits, working with external partners and Group teams Help ensure our platforms and games meet both local and international regulatory requirements Act as a key point of contact between InfoSec and the wider business, building strong relationships and driving the right outcomes What We're Looking For We're looking for someone who's curious, confident and comfortable operating between technical and non technical worlds. You don't need to be hands on coding, but you must understand technology well enough to ask the right questions, challenge where needed and hold your own in conversations with technical teams. You'll Likely Bring A strong understanding of security frameworks, standards or compliance environments The ability to interpret technical concepts and communicate them clearly to different audiences Confidence to challenge, influence and guide stakeholders across the business Strong organisational skills, with the ability to manage multiple priorities We'd Also Love Someone Who Is naturally inquisitive and enjoys getting into the detail Is comfortable asking questions and challenging the status quo Enjoys working with a wide range of people and building relationships Takes pride in doing things thoroughly and properly Ways of Working This role is based at our Sunderland HQ, with a hybrid approach of 3 days in the office and 2 days working from home. That means plenty of time collaborating with the team, alongside space to focus and get stuck into the detail. Why tombola We're a business built on innovation, collaboration and doing things differently. We always look to improve how we work and genuinely welcome new ideas and perspectives. If you're looking for a role where you can make an impact, grow your career and be part of a team that backs each other, we'd love to hear from you. We are committed to creating opportunities for everyone here at tombola and welcome applications from all backgrounds. We encourage individuals to apply, even if they don't meet every requirement.

Salary: £65,000 - 85,000 per year Requirements In-depth knowledge of ISO 27001, NIST CSF, GDPR, and risk management frameworks Experience performing security risk assessments, internal audits, and compliance reviews Strong understanding of cybersecurity controls, regulatory mandates, and business risk alignment Excellent client communication, stakeholder management, and reporting skills Familiarity with GRC platforms (e.g., RSA Archer, ServiceNow GRC, LogicGate) Responsibilities Advise clients on cybersecurity governance, risk management, and compliance frameworks Perform risk assessments, control gap analyses, and audits (ISO 2701, SOC 2, etc.) Develop and implement information security policies, procedures, and risk registers Lead client engagements related to GDPR, DORA, and other regulatory requirements Support third party vendor risk assessments and due diligence activities Prepare reports and recommendations for CISO, board, and audit committee presentations Technologies Support Security ServiceNow API AWS Azure GCP Job Description We are seeking an experienced GRC Consultant to support and advise clients in managing cyber risks, ensuring compliance with industry standards, and implementing robust information security governance frameworks. You will work across multiple sectors, helping clients improve their risk posture through audit readiness, control assessments, policy development, and regulatory compliance. The ideal candidate will have deep knowledge of security frameworks (ISO 27001, NIST, CIS), regulatory mandates (GDPR, DORA, PCI DSS), and a strategic approach to enterprise level governance and risk programs.

A high-growth B2B SaaS company is looking for an experienced Compliance & Information Security Analyst to lead their compliance and third-party risk management functions. You will work closely with various stakeholders to handle client GRC requests, review security clauses in contracts, and maintain vendor assessments. The ideal candidate will have a strong background in compliance and information security, excellent organizational skills, and the ability to communicate complex concepts effectively. Join us to make a real impact on global pay equity efforts.

Sivara GmbH is looking for a Technical GRC Analyst based in the United Kingdom to help maintain audit readiness and support governance, risk, compliance, and security assurance processes. This role requires experience in IT risk and compliance, strong organizational skills, and the ability to work closely with engineering and product teams. The opportunity exists to thrive in a growing EdTech SaaS environment.

Wolfspeed is seeking a Cyber Defense Analyst to join their growing global Cyber Security team. You will join a team of highly motivated security professionals who are working hard to foster a security-first culture at Wolfspeed. What does your day-to-day look like? Responsible for escalations and events Investigate and respond to cyber security events, including SIEM alerts Triage and process user generated incidents, including phishing emails Work L2 & L3 BAU information security queues Consolidate and develop Cyber Defense documentation Assist with general information security requests, including GRC related asks Investigate IDAM alerts and respond accordingly Who are we looking for? 2+ years' experience in Information Security Experience configuring and supporting security tools Strong understanding of IOCs and current TTPs Intermediate knowledge of networking fundamentals Proficiency with both Windows and Unix/Linux OS Strong technical knowledge of the Windows ecosystem, including Azure and Active Directory Strong experience within incident response, including SIEM and EDR tooling Ability to work independently and use initiative to resolve issues Plan and execute self-managed workstreams/projects with minimal oversight Excellent oral and written communication skills Ability to develop strong working relationships with other Teams to complete initiatives Nice to have PAM knowledge Security Engineering experience Ability to code Threat hunting experience Knowledge of network security

Salary: £33,000 - 47,000 per year Requirements We require experience in IT risk, compliance, or GRC roles within a SaaS or technology environment. We require an understanding of GDPR and handling personal data, especially sensitive or child/student data. We require experience performing risk assessments using structured frameworks and defined processes. We require the ability to interpret policies and apply them to operational and real world scenarios. We require strong organisational, coordination, and documentation skills, including audit trails, evidence, and decision logs. We require experience working with cross functional teams such as engineering, product, and operations. We require experience supporting operational security assurance activities such as evidence collection, control validation, remediation tracking, or audit preparation. We prefer familiarity with ISO 27001, Cyber Essentials, or similar frameworks. We prefer experience supporting audits, evidence collection, or remediation tracking activities. We prefer experience with vendor and third party risk management. We prefer exposure to data protection processes such as SARs, DPIAs, and data sharing assessments. We prefer exposure to data classification, data governance, or data loss prevention processes. We prefer experience with GRC, compliance, or assurance platforms such as Vanta or Drata, and ticketing or workflow management tools. We prefer exposure to Microsoft 365 security and compliance tooling such as Entra ID, Intune, Secure Score, and Defender. We prefer a basic understanding of cloud and SaaS architecture and common security controls. Responsibilities We administer and operate IT risk, compliance, and security assurance processes aligned to our internal policies and regulatory requirements, including GDPR. We act as a central point of contact for compliance related requests such as Subject Access Requests, data sharing requests, access requests, exceptions, and supplier onboarding. We perform risk assessments using defined criteria, with a focus on data protection and information security risks. We review requests against our defined policies and controls, escalating where appropriate in line with our governance processes. We support third party and supplier risk assessments, including reviewing security and data protection documentation and tracking follow up actions. We support periodic reviews of high risk and business critical suppliers, applications, and technology platforms to ensure appropriate security, compliance, and data protection controls remain in place. We support the implementation and ongoing operation of compliance and assurance tooling, including evidence collection, test management, stakeholder coordination, remediation tracking, and control adoption activities. We ensure appropriate documentation, audit trails, and evidence are maintained for assessments, compliance activities, and operational processes. We support internal and external audits, including evidence gathering, action tracking, and coordination of remediation activities. We monitor compliance with policies and highlight potential risks, gaps, or control weaknesses for review. We support coordination and operational delivery of security improvement initiatives across IT and business teams. We support incident management processes through documentation, tracking, and coordination of follow up actions. We coordinate security awareness activities, including phishing simulation campaigns and training tracking. We assist with reviews of security tooling configurations and collection of supporting control evidence. We work closely with engineering, product, and business teams to ensure compliance and security processes are understood and followed. We contribute ideas and feedback to improve workflows and operational processes, particularly where they impact scalability, operational efficiency, or customer trust. Technologies Cloud Support Microsoft 365 Security Office 365 More Bromcom is an equal opportunities employer. We are seeking a Technical GRC Analyst to support the day to day operation of our governance, risk, compliance, and security assurance processes within a growing EdTech SaaS environment. This role gives us exposure across governance, operational security assurance, compliance, and risk management, working closely with the IT & Information Security Manager and our wider IT team. We offer the opportunity to help maintain audit readiness, support assurance activities, and coordinate remediation and evidence management across the organisation while contributing to a business that values scalability, operational efficiency, and customer trust. last updated 25 week of 2026

Salary: £40,000 - 50,000 per year Requirements We require strong hands-on experience in security or infrastructure engineering roles. We require experience supporting enterprise identity platforms such as Microsoft Entra ID or Active Directory. We require experience with security tooling such as Microsoft Defender, Purview, or equivalent platforms. We require proven experience in incident, problem, and change management processes. We require experience working with service management tools such as ServiceNow. We prefer experience implementing enterprise-scale security platforms. We prefer exposure to Zero Trust architecture and modern security frameworks. We prefer experience working in regulated or large-scale enterprise environments. We require relevant technical certifications or equivalent experience, such as Microsoft Security, Azure, or Identity certifications. We require ITIL Foundation or equivalent experience working within ITIL environments. We require strong troubleshooting skills across cloud and hybrid environments. Responsibilities We design, implement, and maintain enterprise security platforms including identity, privileged access, information protection, and endpoint security. We lead engineering and operational support for platforms such as Microsoft Entra ID, Purview, PAM/PIM, and Defender. We drive adoption of secure-by-design and Zero Trust principles across infrastructure and services. We troubleshoot and resolve complex platform and security incidents, ensuring timely restoration of service. We own problem management activities, including root cause analysis and implementation of long-term fixes. We develop and implement automation and scripting solutions, including PowerShell, to reduce manual intervention and improve resilience. We support delivery of cyber and infrastructure projects, providing subject matter expertise. We collaborate with Architecture, GRC, Risk, and Operations teams to align solutions to business and regulatory requirements. We contribute to platform roadmaps, ensuring alignment with our cyber strategy. We prepare and maintain clear technical documentation, standards, and operational procedures. We provide mentorship and guidance to engineers and analysts within our Cyber Platforms team. We engage with third-party suppliers and managed service providers where required. We support and enhance Microsoft Entra ID, including RBAC, Conditional Access, and identity lifecycle management. We support and enhance privileged access controls across PAM/PIM solutions. We enforce least privilege and secure administrative access through Tier-0 and Tier-1 controls. We configure and optimise Microsoft Defender security controls across endpoints and servers. We contribute to secure configuration baselines and hardening standards. We support ongoing platform improvements and feature adoption. We develop automation for repeatable processes such as access reviews, certificate lifecycle, and policy deployment. We improve monitoring, alerting, and operational visibility across security platforms. We reduce manual workload through scripting and integration. We investigate platform-related security incidents and support response activities. We work with SOC and MSSP providers to improve detection and response capabilities. We contribute to continuous improvement of detection rules and playbooks. Technologies Active Directory Azure Cloud Support ITIL PowerShell RBAC Security ServiceNow DevOps More We are Connells Group UK and our Senior Cyber Platforms Engineer will join our Cyber Platforms team, where we focus on securing the confidentiality, integrity, and availability of our systems and data through proactive engineering, automation, and continuous improvement. The role is central to our cyber strategy and offers the opportunity to work across enterprise identity, privileged access, information protection, and endpoint security platforms in a regulated enterprise environment. We value collaboration, technical excellence, and secure-by-design thinking, and we are an equal opportunities employer that welcomes applications from suitably qualified candidates regardless of sex, race, disability, age, sexual orientation, transgender status, religion or belief, marital status, or pregnancy and maternity.

Join beqom - where tech meets impact beqom is a high-growth B2B SaaS company that provides industry-leading tools for pay equity and transparency, compensation, and performance management. Trusted by some of the world's most respected companies, beqom enables HR and business leaders to navigate global compliance and make smarter pay decisions that attract, retain, and motivate top talent. Founded in Switzerland and serving clients worldwide, our powerful, enterprise ready products are fueled by beqom pay intelligence. Role Overview We are seeking an experienced Compliance & Information Security Analyst to own and manage our compliance and third party risk management (TPRM) function. This is a hands on role that sits at the intersection of information security, legal/contractual review, and vendor risk management. Truly critical to client trust, support sales cycles, and ensure the company meets its obligations as a responsible data processor and technology provider, the candidate will be the primary point of contact for inbound client governance, risk & compliance (GRC) requests, manage our own vendor and sub contractor due diligence programme, and review information security obligations embedded in client and prospect contracts. What you'll be doing Client GRC Questionnaires & Third Party Risk Management (TPRM) Receive, triage, and complete inbound GRC / security questionnaires submitted by existing and prospective clients as part of their vendor assessment and TPRM processes. Develop and maintain a master response library to accelerate questionnaire completion, covering areas such as data security, access controls, business continuity, incident response, and privacy. Coordinate with internal stakeholders (Engineering, Product, Operations, Legal) to gather accurate, up to date technical evidence and supporting documentation. Track questionnaire status, deadlines, and outcomes; maintain a central log and escape blockers in a timely manner. Build relationships with client procurement, risk, and security contacts to manage ongoing TPRM obligations efficiently. Evidence Based GRC Questionnaires Manage questionnaires that require formal documentary evidence - such as policies, audit reports (e.g. SOC 2, ISO 27001), penetration test summaries, data processing agreements, and certifications. Maintain a structured evidence repository, ensuring documents are current, version controlled, and accessible for rapid submission. Identify gaps between client evidence requirements and the company's current documentation; work with the Head of Information Security and Compliance or relevant leads to close those gaps. Information Security Review of MSAs & Client Contracts Review information security, data protection, and compliance clauses within Master Service Agreements (MSAs) and other commercial contracts from clients and prospects. Identify obligations and requirements (e.g. audit rights, subprocessor notifications, breach notification timescales, data residency, encryption standards) and assess the company's ability to comply. Liaise with Legal counsel and the Head of Information Security and Compliance to flag materially onerous or non standard terms; assist in drafting redlines and proposed alternative language where appropriate. Maintain a tracker of contractual information security obligations to ensure ongoing compliance post signature. Vendor & Sub Contractor TPRM Design and operate a structured TPRM programme for the company's own vendors and sub contractors who process client data or have access to company systems. Conduct initial and periodic risk assessments of vendors, including completion of security questionnaires, review of their compliance certifications, and assessment of contractual controls. Categorise vendors by risk tier and ensure appropriate due diligence applied proportionate to the nature and sensitivity of the relationship. Maintain a vendor risk register, tracking assessment outcomes, remediation actions, and review schedules. Report on vendor risk posture to relevant internal stakeholders on a regular cadence. Skills & Experience Proven experience in a compliance, information security, GRC, or vendor risk management role, ideally within a SaaS, technology, or regulated industry context. Demonstrable experience completing complex security and GRC questionnaires (e.g. SIG, CAIQ, bespoke client questionnaires) and compiling supporting evidence packs. Familiarity with common information security frameworks and standards: ISO/IEC 27001, SOC 2, NIST CSF, CIS Controls, GDPR / data protection legislation. Experience reviewing and interpreting information security provisions in commercial contracts (MSAs, DPAs, SaaS agreements). Strong organisational skills - able to manage multiple concurrent questionnaires and workstreams, prioritise effectively, and meet deadlines. Excellent written and verbal communication skills, with the ability to translate technical security concepts for non technical audiences (legal, sales, procurement). Proficiency in maintaining documentation, trackers, and evidence repositories; high attention to detail and accuracy. Bonus points if you have Relevant certification such as CISA, CRISC, CISSP, ISO 27001 Lead Implementer/Auditor, CIPP/E, or equivalent. Experience working with or within enterprise clients in regulated sectors such as financial services, healthcare, or energy. Familiarity with data residency requirements and cross border data transfer mechanisms (SCCs, BCRs). Experience using GRC platforms or questionnaire automation tools (e.g. OneTrust, Vanta, SecurityScorecard). Understanding of SaaS product architectures and cloud environments (AWS, Azure) from a security and compliance perspective. Experience managing sub processor registers and responding to data subject rights requests. Why join us? Your career, your design. Unleash your ambition in our dynamic, autonomous environment. Drive meaningful change. Build a fairer future for every employee by joining a market leader that is improving the world of work. Belong to something bigger. Collaborate with a passionate, diverse and talented team around the globe.

Working Pattern: Full-Time - 40 hrs Per Week Salary Range: £40,000 to £42,500 Our Vision: Changing lives through education. We're looking for an Information Security GRC professional to join our team! If you have experience in risk, compliance, and frameworks like ISO 27001 or NIST, this is a great opportunity to make an impact across GBS and the GEDU Group. Please note, we are unable to offer sponsorship for this position. What the role involves: Perform risk assessments in line with security best practice and GBS/GEDU information security policies and procedures. Support the Information Security Manager in maintaining the corporate IS risk register and compiling monthly reporting to Senior Management via monthly and ad-hoc dashboards and summaries . Support the Information Security Manager to implement ISO 27001 framework for GBS and GEDU Group. Work with stakeholders to identify corrective action plans and reduce risks to acceptable levels. Continually improve the information security risk assessment process and documentation. Carry out third-party risk assessments for GBS and GEDU group. Produce, update and review all information security policies, and provide appropriate training where needed. Maintain and ensure compliance with all external regulatory requirements. Track and report on external and internal information security audit findings to ensure successful closure and completion. Maintain and assist in the regular update and provision of security awareness training to all levels of staff. Assist in efforts to plan and track progress toward security certifications (e.g., Cyber Essentials Plus) Assist with technical analysis and investigations by working collaboratively with technical analysts and the Information Security Manager QUALIFICATIONS: Bachelor's degree in information technology, Computer Science, or a related field. ESSENTIAL SKILLS and EXPERIENCE: Proven experience in implementing ISO 27001 compliance and Business Continuity/ITDR is mandatory. Experience in working with Governance Risk Compliance (GRC) and GRC reporting More than 5 years of experience in Information Security, Risk and IT Experience in performing impact, likelihood and risk analyses / assessments. Ability to 'translate' technical security issues into business risk. DESIRABLE SKILLS and EXPERIENCE: Knowledge of cyber audit and frameworks desirable Ability to form complex communications/messages/policies in a simple, clear and concise manner to various stakeholders and interested parties Analytical mindset and creative problem-solving links What we offer: Time off that fits your lifestyle - 33 days annual leave (including bank holidays), 1-day extra leave per year of service (up to 5 days) and Buy/Sell additional holidays (up to 5 days) Opportunities for growth - tuition reimbursement for career development courses, wide variety of training courses Pension Scheme and Flexible Benefits (via salary sacrifice) - Cycle to Work, Workplace Nursery, Tech, Health, Dental and Life Assurance schemes, Women's Health scheme (via Hertlity), and much more Discounts, Perks and Employee Assistance: discounts platform, Employee Assistance Programme (EAP), discounted gym membership, eyecare vouchers and much more Reward for your impact - annual salary increase reviews, annual discretionary bonus, £500 award, employee referral scheme GBS is committed to equality, diversity and inclusion and providing a workplace free from discrimination or harassment. We welcome applications from all backgrounds and communities. We take our core values seriously and work hard to create an environment where everyone feels welcomed. About Us GEDU Global Education is a dynamic and innovative group of education providers. Across our institutions, programmes are designed to have a direct impact on the lives of our students, apprentices and trainees; to equip them with the skills, knowledge and experience necessary for success in their chosen field. Job Info Job Identification 25761 Posting Date 05/19/2026, 09:09 AM Apply Before 06/14/2026, 11:00 PM Degree Level Bachelor's Degree Job Schedule Full time Locations 891 Greenford Road London, Greater London, UB6 0HE, GB Organization Global Banking School Ltd, Global Banking School Ltd, GEDU

GEDU CAREERS in Greater London is seeking an Information Security GRC professional. The role involves performing risk assessments, supporting ISO 27001 implementation, and maintaining compliance with security policies. The ideal candidate will have proven experience in risk and compliance, ideally with over 5 years in Information Security. A Bachelor's degree in IT or a related field is required. The position offers good benefits, including 33 days of annual leave.