About the Role The Security Compliance Analyst will work as a critical part of the Security Compliance Team, operating within the wider the company Governance, Risk, Compliance, and Trust (GRCT) Team. In this role, you will ensure our continued compliance with global security regulations and industry frameworks-including GDPR, Sarbanes-Oxley ITGCs, ISO 27001, PCI DSS, and SOC 1/SOC 2. Acting as a key bridge between technical engineering teams, end users, external assessors, and international business units, you will play an essential part in safeguarding our platforms, maintaining customer trust, and scaling the company's global operations securely. What You'll Do In this role, you will protect and enhance the company's security posture, directly furthering our company goal of providing a secure, world-class global travel and expense platform. Your typical responsibilities will include: Coordinating and supporting internal and external security audits, technical assessments, and penetration tests across our environments. Partnering closely with US-based compliance auditors and external audit firms; this includes a flexible schedule to work late (until 9:00 PM-10:00 PM) a few days per month on specific alignment days to facilitate direct collaboration with US teams. Managing audit findings and remediation tracking items to ensure compliance issues and non-conformities are resolved in a timely manner. Performing regular testing of security compliance controls to identify operational deficiencies, track Key Performance Indicators (KPIs), and report on overall compliance health and continuous improvements. Partnering with engineering teams to gather and implement automated evidence collection workflows, utilizing JIRA and AI platforms to drive efficiency and reduce manual overhead. Translating complex technical security requirements into clear, actionable business language to collaborate effectively with internal technical teams and external stakeholders at all levels. What We're Looking For Experience: Minimum of 3 years of hands on experience in information security compliance, ideally paired with a technical background (such as experience as a developer, software engineer, or systems administrator). Framework Expertise: Strong working understanding of Sarbanes-Oxley 404 IT General Controls (ITGCs) and the PCI DSS, alongside familiarity with frameworks like ISO 27001, Cyber Essentials Plus, NIST CSF, or SOC 1 and SOC 2. Tools & Systems: Practical experience using GRC software (e.g., Optro/AuditBoard, SafeBase) alongside standard ticketing platforms like JIRA. Core Skills & Flexibility: Excellent attention to detail, a proactive approach to problem-solving, and the flexibility to adapt your working hours monthly to accommodate collaboration with US-based auditing bodies. Education & Certifications: A degree level education in Cybersecurity, Computer Science, or a related field (or equivalent practical experience); industry certifications like CompTIA Security+, ISO 27001 Lead Auditor, or ISC2 CGRC are highly advantageous. Bonus: As the company works with colleagues around the globe, proficiency in French, Spanish, Italian, or German is highly beneficial.
17/06/2026
Full time
About the Role The Security Compliance Analyst will work as a critical part of the Security Compliance Team, operating within the wider the company Governance, Risk, Compliance, and Trust (GRCT) Team. In this role, you will ensure our continued compliance with global security regulations and industry frameworks-including GDPR, Sarbanes-Oxley ITGCs, ISO 27001, PCI DSS, and SOC 1/SOC 2. Acting as a key bridge between technical engineering teams, end users, external assessors, and international business units, you will play an essential part in safeguarding our platforms, maintaining customer trust, and scaling the company's global operations securely. What You'll Do In this role, you will protect and enhance the company's security posture, directly furthering our company goal of providing a secure, world-class global travel and expense platform. Your typical responsibilities will include: Coordinating and supporting internal and external security audits, technical assessments, and penetration tests across our environments. Partnering closely with US-based compliance auditors and external audit firms; this includes a flexible schedule to work late (until 9:00 PM-10:00 PM) a few days per month on specific alignment days to facilitate direct collaboration with US teams. Managing audit findings and remediation tracking items to ensure compliance issues and non-conformities are resolved in a timely manner. Performing regular testing of security compliance controls to identify operational deficiencies, track Key Performance Indicators (KPIs), and report on overall compliance health and continuous improvements. Partnering with engineering teams to gather and implement automated evidence collection workflows, utilizing JIRA and AI platforms to drive efficiency and reduce manual overhead. Translating complex technical security requirements into clear, actionable business language to collaborate effectively with internal technical teams and external stakeholders at all levels. What We're Looking For Experience: Minimum of 3 years of hands on experience in information security compliance, ideally paired with a technical background (such as experience as a developer, software engineer, or systems administrator). Framework Expertise: Strong working understanding of Sarbanes-Oxley 404 IT General Controls (ITGCs) and the PCI DSS, alongside familiarity with frameworks like ISO 27001, Cyber Essentials Plus, NIST CSF, or SOC 1 and SOC 2. Tools & Systems: Practical experience using GRC software (e.g., Optro/AuditBoard, SafeBase) alongside standard ticketing platforms like JIRA. Core Skills & Flexibility: Excellent attention to detail, a proactive approach to problem-solving, and the flexibility to adapt your working hours monthly to accommodate collaboration with US-based auditing bodies. Education & Certifications: A degree level education in Cybersecurity, Computer Science, or a related field (or equivalent practical experience); industry certifications like CompTIA Security+, ISO 27001 Lead Auditor, or ISC2 CGRC are highly advantageous. Bonus: As the company works with colleagues around the globe, proficiency in French, Spanish, Italian, or German is highly beneficial.
Job Title: Cyber Compliance Policy Analyst Location: Any Hub Contract and working pattern: Hybrid, permanent As a Cyber Compliance & Policy Analyst, you will ensure AG Barr meets its legal and regulatory obligations, driving compliance across cyber and data protection domains. Your focus will be on the UK GDPR and NIS2 compliance frameworks and the cyber security policy library. Responsibilities Own UK GDPR & NIS2 compliance within the Digital and Technology function, keeping registers current and audit ready. Support data security breach governance and maintain incident procedures, ensuring seamless readiness alongside our Legal team to meet the ICO's 72 hour notification window. Maintain the cyber security policy library, updating frameworks to align with evolving regulations. Drive policy adoption across the business, working with HR to track employee awareness and manage exceptions. Coordinate the penetration testing programme, managing vendor procurement, scoping, and logistics. Track vulnerability remediation by logging test findings in our risk management tool, Optro, and ensuring swift closure by technical teams. What you'll bring Compliance experience managing regulatory programmes for UK GDPR and at least one other cyber/data regulation. Working knowledge of NIS2 security obligations and UK GDPR requirements (including DPIAs and breach responses). Policy writing skills, with the ability to translate technical security requirements into clear employee guidance. Penetration test coordination experience, including scoping tests and tracking technical findings to resolution. Experience utilising GRC software or audit tracking platforms (Optro or equivalent) to log, assign, and track technical vulnerabilities and remediation progress through to closure. A methodical mindset with the discipline to track obligations and maintain accurate compliance documentation. And it would also be great if you can demonstrate: Relevant certifications such as BCS Data Protection Practitioner, CIPP/E, or ISO 27001 Lead Implementer. Stakeholder management skills to collaborate effectively across Legal, HR, external providers, and regulators. What we offer Uncapped bonus linked to business performance Defined contribution Pension Up to 34 days holiday (depending on shift pattern) Flexible holiday trading Flexible cash pot to spend on benefits Healthcare Cash Plan Flexible benefits e.g. discounts & cashbacks, gym memberships, technology purchases etc Life assurance Save as you earn scheme Staff sales discount Free AG Barr products throughout your working day and staff sales Annual salary review Ongoing professional development and access to Learning and Development programmes and content We are an equal opportunities employer and happy to discuss any reasonable adjustments that may be needed for successful candidates with a disability, health or mental health condition. While we have highlighted our ideal requirements for this role, we are realistic that the successful candidate probably won't meet every single requirement in this advert, but we encourage you to submit an application - you may be just what we are looking for! Speculative CVs from agencies will not be accepted. Please note, we may close vacancies early where we receive significant numbers of applications, so apply now!
16/06/2026
Full time
Job Title: Cyber Compliance Policy Analyst Location: Any Hub Contract and working pattern: Hybrid, permanent As a Cyber Compliance & Policy Analyst, you will ensure AG Barr meets its legal and regulatory obligations, driving compliance across cyber and data protection domains. Your focus will be on the UK GDPR and NIS2 compliance frameworks and the cyber security policy library. Responsibilities Own UK GDPR & NIS2 compliance within the Digital and Technology function, keeping registers current and audit ready. Support data security breach governance and maintain incident procedures, ensuring seamless readiness alongside our Legal team to meet the ICO's 72 hour notification window. Maintain the cyber security policy library, updating frameworks to align with evolving regulations. Drive policy adoption across the business, working with HR to track employee awareness and manage exceptions. Coordinate the penetration testing programme, managing vendor procurement, scoping, and logistics. Track vulnerability remediation by logging test findings in our risk management tool, Optro, and ensuring swift closure by technical teams. What you'll bring Compliance experience managing regulatory programmes for UK GDPR and at least one other cyber/data regulation. Working knowledge of NIS2 security obligations and UK GDPR requirements (including DPIAs and breach responses). Policy writing skills, with the ability to translate technical security requirements into clear employee guidance. Penetration test coordination experience, including scoping tests and tracking technical findings to resolution. Experience utilising GRC software or audit tracking platforms (Optro or equivalent) to log, assign, and track technical vulnerabilities and remediation progress through to closure. A methodical mindset with the discipline to track obligations and maintain accurate compliance documentation. And it would also be great if you can demonstrate: Relevant certifications such as BCS Data Protection Practitioner, CIPP/E, or ISO 27001 Lead Implementer. Stakeholder management skills to collaborate effectively across Legal, HR, external providers, and regulators. What we offer Uncapped bonus linked to business performance Defined contribution Pension Up to 34 days holiday (depending on shift pattern) Flexible holiday trading Flexible cash pot to spend on benefits Healthcare Cash Plan Flexible benefits e.g. discounts & cashbacks, gym memberships, technology purchases etc Life assurance Save as you earn scheme Staff sales discount Free AG Barr products throughout your working day and staff sales Annual salary review Ongoing professional development and access to Learning and Development programmes and content We are an equal opportunities employer and happy to discuss any reasonable adjustments that may be needed for successful candidates with a disability, health or mental health condition. While we have highlighted our ideal requirements for this role, we are realistic that the successful candidate probably won't meet every single requirement in this advert, but we encourage you to submit an application - you may be just what we are looking for! Speculative CVs from agencies will not be accepted. Please note, we may close vacancies early where we receive significant numbers of applications, so apply now!
Job Title: Cyber Compliance Policy Analyst Location: Any Hub Contract and working pattern: Hybrid, permanent As a Cyber Compliance & Policy Analyst, you will ensure AG Barr meets its legal and regulatory obligations, driving compliance across cyber and data protection domains. Your focus will be on the UK GDPR and NIS2 compliance frameworks and the cyber security policy library. Responsibilities Own UK GDPR & NIS2 compliance within the Digital and Technology function, keeping registers current and audit ready. Support data security breach governance and maintain incident procedures, ensuring seamless readiness alongside our Legal team to meet the ICO's 72 hour notification window. Maintain the cyber security policy library, updating frameworks to align with evolving regulations. Drive policy adoption across the business, working with HR to track employee awareness and manage exceptions. Coordinate the penetration testing programme, managing vendor procurement, scoping, and logistics. Track vulnerability remediation by logging test findings in our risk management tool, Optro, and ensuring swift closure by technical teams. What you'll bring Compliance experience managing regulatory programmes for UK GDPR and at least one other cyber/data regulation. Working knowledge of NIS2 security obligations and UK GDPR requirements (including DPIAs and breach responses). Policy writing skills, with the ability to translate technical security requirements into clear employee guidance. Penetration test coordination experience, including scoping tests and tracking technical findings to resolution. Experience utilising GRC software or audit tracking platforms (Optro or equivalent) to log, assign, and track technical vulnerabilities and remediation progress through to closure. A methodical mindset with the discipline to track obligations and maintain accurate compliance documentation. And it would also be great if you can demonstrate: Relevant certifications such as BCS Data Protection Practitioner, CIPP/E, or ISO 27001 Lead Implementer. Stakeholder management skills to collaborate effectively across Legal, HR, external providers, and regulators. What we offer Uncapped bonus linked to business performance Defined contribution Pension Up to 34 days holiday (depending on shift pattern) Flexible holiday trading Flexible cash pot to spend on benefits Healthcare Cash Plan Flexible benefits e.g. discounts & cashbacks, gym memberships, technology purchases etc Life assurance Save as you earn scheme Staff sales discount Free AG Barr products throughout your working day and staff sales Annual salary review Ongoing professional development and access to Learning and Development programmes and content We are an equal opportunities employer and happy to discuss any reasonable adjustments that may be needed for successful candidates with a disability, health or mental health condition. While we have highlighted our ideal requirements for this role, we are realistic that the successful candidate probably won't meet every single requirement in this advert, but we encourage you to submit an application - you may be just what we are looking for! Speculative CVs from agencies will not be accepted. Please note, we may close vacancies early where we receive significant numbers of applications, so apply now!
16/06/2026
Full time
Job Title: Cyber Compliance Policy Analyst Location: Any Hub Contract and working pattern: Hybrid, permanent As a Cyber Compliance & Policy Analyst, you will ensure AG Barr meets its legal and regulatory obligations, driving compliance across cyber and data protection domains. Your focus will be on the UK GDPR and NIS2 compliance frameworks and the cyber security policy library. Responsibilities Own UK GDPR & NIS2 compliance within the Digital and Technology function, keeping registers current and audit ready. Support data security breach governance and maintain incident procedures, ensuring seamless readiness alongside our Legal team to meet the ICO's 72 hour notification window. Maintain the cyber security policy library, updating frameworks to align with evolving regulations. Drive policy adoption across the business, working with HR to track employee awareness and manage exceptions. Coordinate the penetration testing programme, managing vendor procurement, scoping, and logistics. Track vulnerability remediation by logging test findings in our risk management tool, Optro, and ensuring swift closure by technical teams. What you'll bring Compliance experience managing regulatory programmes for UK GDPR and at least one other cyber/data regulation. Working knowledge of NIS2 security obligations and UK GDPR requirements (including DPIAs and breach responses). Policy writing skills, with the ability to translate technical security requirements into clear employee guidance. Penetration test coordination experience, including scoping tests and tracking technical findings to resolution. Experience utilising GRC software or audit tracking platforms (Optro or equivalent) to log, assign, and track technical vulnerabilities and remediation progress through to closure. A methodical mindset with the discipline to track obligations and maintain accurate compliance documentation. And it would also be great if you can demonstrate: Relevant certifications such as BCS Data Protection Practitioner, CIPP/E, or ISO 27001 Lead Implementer. Stakeholder management skills to collaborate effectively across Legal, HR, external providers, and regulators. What we offer Uncapped bonus linked to business performance Defined contribution Pension Up to 34 days holiday (depending on shift pattern) Flexible holiday trading Flexible cash pot to spend on benefits Healthcare Cash Plan Flexible benefits e.g. discounts & cashbacks, gym memberships, technology purchases etc Life assurance Save as you earn scheme Staff sales discount Free AG Barr products throughout your working day and staff sales Annual salary review Ongoing professional development and access to Learning and Development programmes and content We are an equal opportunities employer and happy to discuss any reasonable adjustments that may be needed for successful candidates with a disability, health or mental health condition. While we have highlighted our ideal requirements for this role, we are realistic that the successful candidate probably won't meet every single requirement in this advert, but we encourage you to submit an application - you may be just what we are looking for! Speculative CVs from agencies will not be accepted. Please note, we may close vacancies early where we receive significant numbers of applications, so apply now!
Job Title: Cyber Compliance Policy Analyst Location: Any Hub Contract and working pattern: Hybrid, permanent As a Cyber Compliance & Policy Analyst, you will ensure AG Barr meets its legal and regulatory obligations, driving compliance across cyber and data protection domains. Your focus will be on the UK GDPR and NIS2 compliance frameworks and the cyber security policy library. Responsibilities Own UK GDPR & NIS2 compliance within the Digital and Technology function, keeping registers current and audit ready. Support data security breach governance and maintain incident procedures, ensuring seamless readiness alongside our Legal team to meet the ICO's 72 hour notification window. Maintain the cyber security policy library, updating frameworks to align with evolving regulations. Drive policy adoption across the business, working with HR to track employee awareness and manage exceptions. Coordinate the penetration testing programme, managing vendor procurement, scoping, and logistics. Track vulnerability remediation by logging test findings in our risk management tool, Optro, and ensuring swift closure by technical teams. What you'll bring Compliance experience managing regulatory programmes for UK GDPR and at least one other cyber/data regulation. Working knowledge of NIS2 security obligations and UK GDPR requirements (including DPIAs and breach responses). Policy writing skills, with the ability to translate technical security requirements into clear employee guidance. Penetration test coordination experience, including scoping tests and tracking technical findings to resolution. Experience utilising GRC software or audit tracking platforms (Optro or equivalent) to log, assign, and track technical vulnerabilities and remediation progress through to closure. A methodical mindset with the discipline to track obligations and maintain accurate compliance documentation. And it would also be great if you can demonstrate: Relevant certifications such as BCS Data Protection Practitioner, CIPP/E, or ISO 27001 Lead Implementer. Stakeholder management skills to collaborate effectively across Legal, HR, external providers, and regulators. What we offer Uncapped bonus linked to business performance Defined contribution Pension Up to 34 days holiday (depending on shift pattern) Flexible holiday trading Flexible cash pot to spend on benefits Healthcare Cash Plan Flexible benefits e.g. discounts & cashbacks, gym memberships, technology purchases etc Life assurance Save as you earn scheme Staff sales discount Free AG Barr products throughout your working day and staff sales Annual salary review Ongoing professional development and access to Learning and Development programmes and content We are an equal opportunities employer and happy to discuss any reasonable adjustments that may be needed for successful candidates with a disability, health or mental health condition. While we have highlighted our ideal requirements for this role, we are realistic that the successful candidate probably won't meet every single requirement in this advert, but we encourage you to submit an application - you may be just what we are looking for! Speculative CVs from agencies will not be accepted. Please note, we may close vacancies early where we receive significant numbers of applications, so apply now!
16/06/2026
Full time
Job Title: Cyber Compliance Policy Analyst Location: Any Hub Contract and working pattern: Hybrid, permanent As a Cyber Compliance & Policy Analyst, you will ensure AG Barr meets its legal and regulatory obligations, driving compliance across cyber and data protection domains. Your focus will be on the UK GDPR and NIS2 compliance frameworks and the cyber security policy library. Responsibilities Own UK GDPR & NIS2 compliance within the Digital and Technology function, keeping registers current and audit ready. Support data security breach governance and maintain incident procedures, ensuring seamless readiness alongside our Legal team to meet the ICO's 72 hour notification window. Maintain the cyber security policy library, updating frameworks to align with evolving regulations. Drive policy adoption across the business, working with HR to track employee awareness and manage exceptions. Coordinate the penetration testing programme, managing vendor procurement, scoping, and logistics. Track vulnerability remediation by logging test findings in our risk management tool, Optro, and ensuring swift closure by technical teams. What you'll bring Compliance experience managing regulatory programmes for UK GDPR and at least one other cyber/data regulation. Working knowledge of NIS2 security obligations and UK GDPR requirements (including DPIAs and breach responses). Policy writing skills, with the ability to translate technical security requirements into clear employee guidance. Penetration test coordination experience, including scoping tests and tracking technical findings to resolution. Experience utilising GRC software or audit tracking platforms (Optro or equivalent) to log, assign, and track technical vulnerabilities and remediation progress through to closure. A methodical mindset with the discipline to track obligations and maintain accurate compliance documentation. And it would also be great if you can demonstrate: Relevant certifications such as BCS Data Protection Practitioner, CIPP/E, or ISO 27001 Lead Implementer. Stakeholder management skills to collaborate effectively across Legal, HR, external providers, and regulators. What we offer Uncapped bonus linked to business performance Defined contribution Pension Up to 34 days holiday (depending on shift pattern) Flexible holiday trading Flexible cash pot to spend on benefits Healthcare Cash Plan Flexible benefits e.g. discounts & cashbacks, gym memberships, technology purchases etc Life assurance Save as you earn scheme Staff sales discount Free AG Barr products throughout your working day and staff sales Annual salary review Ongoing professional development and access to Learning and Development programmes and content We are an equal opportunities employer and happy to discuss any reasonable adjustments that may be needed for successful candidates with a disability, health or mental health condition. While we have highlighted our ideal requirements for this role, we are realistic that the successful candidate probably won't meet every single requirement in this advert, but we encourage you to submit an application - you may be just what we are looking for! Speculative CVs from agencies will not be accepted. Please note, we may close vacancies early where we receive significant numbers of applications, so apply now!
As one of the Best Big Companies to Work For, we have a rich history of loving our customers and looking after our teams. We understand that success is achieved through our people, and we are searching for an experienced and proactive Information Governance Analyst to join our Cyber Security team. The successful candidate will report to the Cyber Governance, Risk, and Compliance (GRC) Manager and will play a key role in ensuring the effective governance of Iceland's information assets. This includes information retention, identification, categorisation, applying appropriate security controls, and monitoring compliance with policies and standards. The primary tool for this role will be Microsoft Purview, so experience with this platform is essential. You will work closely with stakeholders across the business to ensure that information is managed securely and in line with regulatory and organisational requirements. This role is based in our Deeside head office, with a minimum of 2 days per week spent working from here. Specific skills and capabilities we are looking for: Essential Strong understanding of information governance principles, including retention, classification, and security. Demonstrable skills in all aspects of Microsoft Purview. Ability to write and maintain documentation and reports. Excellent attention to detail and organisational skills. Strong interpersonal and communication skills. Desirable Familiarity with data protection regulations. Experience in implementing information governance policies and procedures. Ability to work collaboratively with technical and non-technical teams. Certifications such as CIPM, CIPP/E, or similar information governance credentials. What to expect from us: 15% discount in Iceland stores 30% discount at Club Individual Restaurants 33 days holiday (including bank holidays) Free onsite parking Onsite electric car charging ports Subsidised staff restaurant and Costa Coffee Christmas vouchers Refer a Friend Scheme Christmas Savings scheme Discounted dry cleaning Long service awards
16/06/2026
Full time
As one of the Best Big Companies to Work For, we have a rich history of loving our customers and looking after our teams. We understand that success is achieved through our people, and we are searching for an experienced and proactive Information Governance Analyst to join our Cyber Security team. The successful candidate will report to the Cyber Governance, Risk, and Compliance (GRC) Manager and will play a key role in ensuring the effective governance of Iceland's information assets. This includes information retention, identification, categorisation, applying appropriate security controls, and monitoring compliance with policies and standards. The primary tool for this role will be Microsoft Purview, so experience with this platform is essential. You will work closely with stakeholders across the business to ensure that information is managed securely and in line with regulatory and organisational requirements. This role is based in our Deeside head office, with a minimum of 2 days per week spent working from here. Specific skills and capabilities we are looking for: Essential Strong understanding of information governance principles, including retention, classification, and security. Demonstrable skills in all aspects of Microsoft Purview. Ability to write and maintain documentation and reports. Excellent attention to detail and organisational skills. Strong interpersonal and communication skills. Desirable Familiarity with data protection regulations. Experience in implementing information governance policies and procedures. Ability to work collaboratively with technical and non-technical teams. Certifications such as CIPM, CIPP/E, or similar information governance credentials. What to expect from us: 15% discount in Iceland stores 30% discount at Club Individual Restaurants 33 days holiday (including bank holidays) Free onsite parking Onsite electric car charging ports Subsidised staff restaurant and Costa Coffee Christmas vouchers Refer a Friend Scheme Christmas Savings scheme Discounted dry cleaning Long service awards
Sword is a leading provider of business technology solutions within the Energy, Public and Finance Sectors, driving real transformation change within our clients. We use proven technology, specialist teams and domain expertise to build solid technical foundations across platforms, data and business applications. We have a passion for using technology to solve business problems, working in partnership with our clients to help in achieving their goals. We are delighted to present a newly created opportunity for a Governance, Risk & Compliance Analyst to join our internal security team. Reporting directly to the Sword Group CISO, you will help run andmaintainSword's governance, risk, and compliance activities across key regulatory, certification, and client requirements. Key Responsibilities Security Governance- Support the development, maintenance, and improvement of security policies, standards, and procedures, helping to keep Sword aligned with ISO 27001, NIS2, and other relevant obligations. Risk Management- Support andmaintainsecurity risk management activities across suppliers, projects, and internal services, helping toidentifyrisks, track treatment actions, and drive progress to completion. Legal, Regulatory, and Contractual Requirements- Help track, interpret, andmaintaincompliance with relevant legal, regulatory, client, and contractual obligations, including GDPR, NIS2, and the UK Cyber Security Resilience Bill. Data Protection- Lead and coordinate ongoing GDPR compliance activities globally bymaintainingrecords, improving processes, working with stakeholders, and ensuring actions are progressed and completed. Third-Party and Supply Chain Security- Support supplier and supply chain risk management activities, including reviews, due diligence, follow-up actions, and the maintenance ofappropriate recordsand evidence. Certification and Compliance Support- Lead and coordinate Sword's ISO 27001 certification and Cyber Essentials activities, including evidence gathering, control tracking, stakeholder coordination, and follow-up of remediation actions. Audit and Assurance- Support internal and external audit activity by preparing evidence, coordinating responses, tracking findings, and helping ensure actions are completed. Business Resilience Support- Contribute to the maintenance and improvement of business continuity and disaster recovery arrangements, including documentation, review activity, and support for testing exercises. Security Culture and Awareness- Support awareness, training, and communication activities that help colleagues understand and follow security policies, processes, and responsibilities. Continuous Improvement- Take a practical, can-do approach to improving the GRC programme through steady progress, good organisation, and a focus on getting things done. Supporting and maintaining governance, risk, and compliance activities aligned to industry standards and organisational objectives. Strong practical experience of frameworks, regulations, and obligations such as ISO 27001, GDPR, Cyber Essentials, NIS2, and the UK Cyber Security Resilience Bill, with the ability to apply these in a practical business context and coordinate related activities across a global organisation. Supporting risk assessments, control reviews, remediation tracking, and evidence management across projects, suppliers, and internal services. Experience contributing to audit, certification, or compliance activity, including evidence gathering, issue tracking, stakeholder coordination, and support for follow-up actions. Supporting supplier and supply chain assurance activity, including due diligence, review of responses, and follow-up of security actions. Good organisational, analytical, and problem solving skills, with the ability to interpret requirements and help turn them into practical actions. Clear written and verbal communication skills, with the ability to work effectively with stakeholders across the business. Experience in a similar governance, risk, compliance, information security, or assurance role would be beneficial. This role represents an outstanding opportunity for an individual with practical experience, or strong working knowledge, in governance, risk, compliance, or cyber security who is keen to keep building their expertise, takes ownership, and delivers results. You should have enough experience to lead and coordinate key compliance activities globally, particularly in GDPR, ISO 27001, and Cyber Essentials, with practical experience in running GDPR activities being essential. Qualifications Practical experience leading and coordinating GDPR activities globally (essential). Practical experience of ISO 27001, Cyber Essentials, NIS2, and the UK Cyber Security Resilience Bill. Experience with risk assessments, control reviews, and remediation tracking. Experience contributing to audit, certification, or compliance activity. Experience with supplier and supply chain assurance activity. Good organisational, analytical, and problem solving skills. Clear written and verbal communication skills. Experience in a similar governance, risk, compliance, information security, or assurance role would be beneficial. Personal Skills Relevant qualifications or certifications in ISO 27001, GDPR, Cyber Essentials, risk, audit, or information security would be beneficial, but practical experience leading and coordinating these activities globally is more important. Takes ownership, works proactively, and has a can do attitude with a strong focus on following through and getting things done. Keen to learn, develop, and progress a career in governance, risk, and compliance. Well organised and able to manage competing priorities while maintaining momentum and attention to detail. Communicates clearly and works well with technical and non technical colleagues to drive practical outcomes. Benefits Personalised Career Development: We create a development plan customised to your goals and aspirations, with a range of learning and development opportunities within a culture that encourages growth. Flexible working: Flexible work arrangements to support your work life balance. We can't promise to always be able to meet every request, however, are keen to discuss your individual preferences to make it work where we can. A Fantastic Benefits Package: This includes generous annual leave allowance, enhanced family friendly benefits, pension scheme, access to private health, well being, and insurance schemes. At Sword we are dedicated to fostering a diverse and inclusive workplace and are proud to be an equal opportunities employer, ensuring that all applicants receive fair and equal consideration for employment, regardless of whether they meet every requirement. If you don't tick all the boxes but feel you have some of the relevant skills and experience we're looking for, please do consider applying and highlight your transferable skills and experience. We embrace diversity in all its forms, valuing individuals regardless of age, disability, gender identity or reassignment, marital or civil partner status, pregnancy or maternity status, race, colour, nationality, ethnic or national origin, religion or belief, sex, or sexual orientation. Your perspective and potential are important to us. If we can do anything to help make the hiring process more accessible, please let our talent acquisition team know when you apply so we can support any adjustments.
16/06/2026
Full time
Sword is a leading provider of business technology solutions within the Energy, Public and Finance Sectors, driving real transformation change within our clients. We use proven technology, specialist teams and domain expertise to build solid technical foundations across platforms, data and business applications. We have a passion for using technology to solve business problems, working in partnership with our clients to help in achieving their goals. We are delighted to present a newly created opportunity for a Governance, Risk & Compliance Analyst to join our internal security team. Reporting directly to the Sword Group CISO, you will help run andmaintainSword's governance, risk, and compliance activities across key regulatory, certification, and client requirements. Key Responsibilities Security Governance- Support the development, maintenance, and improvement of security policies, standards, and procedures, helping to keep Sword aligned with ISO 27001, NIS2, and other relevant obligations. Risk Management- Support andmaintainsecurity risk management activities across suppliers, projects, and internal services, helping toidentifyrisks, track treatment actions, and drive progress to completion. Legal, Regulatory, and Contractual Requirements- Help track, interpret, andmaintaincompliance with relevant legal, regulatory, client, and contractual obligations, including GDPR, NIS2, and the UK Cyber Security Resilience Bill. Data Protection- Lead and coordinate ongoing GDPR compliance activities globally bymaintainingrecords, improving processes, working with stakeholders, and ensuring actions are progressed and completed. Third-Party and Supply Chain Security- Support supplier and supply chain risk management activities, including reviews, due diligence, follow-up actions, and the maintenance ofappropriate recordsand evidence. Certification and Compliance Support- Lead and coordinate Sword's ISO 27001 certification and Cyber Essentials activities, including evidence gathering, control tracking, stakeholder coordination, and follow-up of remediation actions. Audit and Assurance- Support internal and external audit activity by preparing evidence, coordinating responses, tracking findings, and helping ensure actions are completed. Business Resilience Support- Contribute to the maintenance and improvement of business continuity and disaster recovery arrangements, including documentation, review activity, and support for testing exercises. Security Culture and Awareness- Support awareness, training, and communication activities that help colleagues understand and follow security policies, processes, and responsibilities. Continuous Improvement- Take a practical, can-do approach to improving the GRC programme through steady progress, good organisation, and a focus on getting things done. Supporting and maintaining governance, risk, and compliance activities aligned to industry standards and organisational objectives. Strong practical experience of frameworks, regulations, and obligations such as ISO 27001, GDPR, Cyber Essentials, NIS2, and the UK Cyber Security Resilience Bill, with the ability to apply these in a practical business context and coordinate related activities across a global organisation. Supporting risk assessments, control reviews, remediation tracking, and evidence management across projects, suppliers, and internal services. Experience contributing to audit, certification, or compliance activity, including evidence gathering, issue tracking, stakeholder coordination, and support for follow-up actions. Supporting supplier and supply chain assurance activity, including due diligence, review of responses, and follow-up of security actions. Good organisational, analytical, and problem solving skills, with the ability to interpret requirements and help turn them into practical actions. Clear written and verbal communication skills, with the ability to work effectively with stakeholders across the business. Experience in a similar governance, risk, compliance, information security, or assurance role would be beneficial. This role represents an outstanding opportunity for an individual with practical experience, or strong working knowledge, in governance, risk, compliance, or cyber security who is keen to keep building their expertise, takes ownership, and delivers results. You should have enough experience to lead and coordinate key compliance activities globally, particularly in GDPR, ISO 27001, and Cyber Essentials, with practical experience in running GDPR activities being essential. Qualifications Practical experience leading and coordinating GDPR activities globally (essential). Practical experience of ISO 27001, Cyber Essentials, NIS2, and the UK Cyber Security Resilience Bill. Experience with risk assessments, control reviews, and remediation tracking. Experience contributing to audit, certification, or compliance activity. Experience with supplier and supply chain assurance activity. Good organisational, analytical, and problem solving skills. Clear written and verbal communication skills. Experience in a similar governance, risk, compliance, information security, or assurance role would be beneficial. Personal Skills Relevant qualifications or certifications in ISO 27001, GDPR, Cyber Essentials, risk, audit, or information security would be beneficial, but practical experience leading and coordinating these activities globally is more important. Takes ownership, works proactively, and has a can do attitude with a strong focus on following through and getting things done. Keen to learn, develop, and progress a career in governance, risk, and compliance. Well organised and able to manage competing priorities while maintaining momentum and attention to detail. Communicates clearly and works well with technical and non technical colleagues to drive practical outcomes. Benefits Personalised Career Development: We create a development plan customised to your goals and aspirations, with a range of learning and development opportunities within a culture that encourages growth. Flexible working: Flexible work arrangements to support your work life balance. We can't promise to always be able to meet every request, however, are keen to discuss your individual preferences to make it work where we can. A Fantastic Benefits Package: This includes generous annual leave allowance, enhanced family friendly benefits, pension scheme, access to private health, well being, and insurance schemes. At Sword we are dedicated to fostering a diverse and inclusive workplace and are proud to be an equal opportunities employer, ensuring that all applicants receive fair and equal consideration for employment, regardless of whether they meet every requirement. If you don't tick all the boxes but feel you have some of the relevant skills and experience we're looking for, please do consider applying and highlight your transferable skills and experience. We embrace diversity in all its forms, valuing individuals regardless of age, disability, gender identity or reassignment, marital or civil partner status, pregnancy or maternity status, race, colour, nationality, ethnic or national origin, religion or belief, sex, or sexual orientation. Your perspective and potential are important to us. If we can do anything to help make the hiring process more accessible, please let our talent acquisition team know when you apply so we can support any adjustments.
Cyber Fraud Centre in Aberdeen City is looking for a Governance, Risk & Compliance Analyst to join their security team. This role involves developing and maintaining security policies, managing compliance with regulations such as GDPR, and coordinating ISO 27001 certification activities. The ideal candidate will have practical experience in governance, risk management, and compliance. You will enjoy flexible working arrangements and personalized career development opportunities in a supportive environment.
16/06/2026
Full time
Cyber Fraud Centre in Aberdeen City is looking for a Governance, Risk & Compliance Analyst to join their security team. This role involves developing and maintaining security policies, managing compliance with regulations such as GDPR, and coordinating ISO 27001 certification activities. The ideal candidate will have practical experience in governance, risk management, and compliance. You will enjoy flexible working arrangements and personalized career development opportunities in a supportive environment.
Sword Group in Aberdeen is seeking a Governance, Risk & Compliance Analyst to support the security team. This role focuses on ensuring compliance with standards like ISO 27001 and GDPR while managing risks across various projects. The ideal candidate will possess strong skills in risk assessments, compliance activities, and have excellent problem-solving abilities. Sword Group values diversity and offers personalized career development opportunities.
16/06/2026
Full time
Sword Group in Aberdeen is seeking a Governance, Risk & Compliance Analyst to support the security team. This role focuses on ensuring compliance with standards like ISO 27001 and GDPR while managing risks across various projects. The ideal candidate will possess strong skills in risk assessments, compliance activities, and have excellent problem-solving abilities. Sword Group values diversity and offers personalized career development opportunities.
We are seeking a Technical GRC Analyst to support the day-to-day operation of our governance, risk, compliance, and security assurance processes within a growing EdTech SaaS environment. This role will focus on administering established policies and workflows, coordinating compliance and security activities, handling requests from across the business, and performing risk assessments particularly where personal data, information security, and GDPR considerations are involved. You will play a key role in ensuring that our systems, processes, security tooling, and third-party relationships meet our security, compliance, and data protection standards. Working closely with the IT & Information Security Manager and wider IT team, you will help maintain audit readiness, support operational security assurance activities, and coordinate remediation and evidence management across the organisation. The role offers exposure across governance, operational security assurance, compliance, and risk management within a growing SaaS environment. Key Responsibilities Administer and operate IT risk, compliance, and security assurance processes aligned to internal policies and regulatory requirements (including GDPR) Act as a central point of contact for compliance-related requests (e.g. Subject Access Requests (SARs), data sharing requests, access requests, exceptions, and supplier onboarding) Perform risk assessments using defined criteria, with a focus on data protection and information security risks Review requests against defined policies and controls, escalating where appropriate in line with internal governance processes Support third-party / supplier risk assessments, including reviewing security and data protection documentation and tracking follow-up actions Support periodic reviews of high-risk and business-critical suppliers, applications, and technology platforms to ensure appropriate security, compliance, and data protection controls remain in place Support the implementation and ongoing operation of compliance and assurance tooling (Vanta), including evidence collection, test management, stakeholder coordination, remediation tracking, and control adoption activities. Ensure appropriate documentation, audit trails, and evidence are maintained for assessments, compliance activities, and operational processes Support internal and external audits (e.g. ISO 27001), including evidence gathering, action tracking, and coordination of remediation activities Monitor compliance with policies and highlight potential risks, gaps, or control weaknesses for review Support coordination and operational delivery of security improvement initiatives across IT and business teams. Support incident management processes through documentation, tracking, and coordination of follow-up actions Coordinate security awareness activities, including phishing simulation campaigns and training tracking Assist with reviews of security tooling configurations and collection of supporting control evidence Work closely with engineering, product, and business teams to ensure compliance and security processes are understood and followed Contribute ideas and feedback to improve workflows and operational processes, particularly where they impact scalability, operational efficiency, or customer trust Skills & Experience Essential: Experience in IT risk, compliance, or GRC roles within a SaaS or technology environment Understanding of GDPR and handling of personal data (especially sensitive or child/student data) Experience performing risk assessments using structured frameworks and defined processes Ability to interpret policies and apply them to operational and real-world scenarios Strong organisational, coordination, and documentation skills (audit trails, evidence, decision logs) Experience working with cross-functional teams (e.g. engineering, product, operations) Experience supporting operational security assurance activities, such as evidence collection, control validation, remediation tracking, or audit preparation Desirable: Familiarity with ISO 27001, Cyber Essentials, or similar frameworks Experience supporting audits, evidence collection, or remediation tracking activities Experience with vendor / third-party risk management Exposure to data protection processes (e.g. SARs, DPIAs, data sharing assessments) Exposure to data classification, data governance, or data loss prevention (DLP) processes Experience with GRC, compliance, or assurance platforms (e.g. Vanta, Drata) and ticketing/workflow management tools Exposure to Microsoft 365 security and compliance tooling (e.g. Entra ID, Intune, Secure Score, Defender) Basic understanding of cloud/SaaS architecture and common security controls Key Behaviours: Pragmatic approach to risk, with the ability to balance compliance requirements with business needs Comfortable assessing requests against defined policies and escalating concerns where appropriate Confident communicating risks, issues, and follow-up actions to stakeholders Detail-oriented, with a strong focus on documentation, evidence quality, and traceability Organised and proactive, with the ability to manage multiple tasks and follow through on actions Able to operate independently within established processes and governance frameworks Collaborative approach to working with technical and non-technical teams Bromcom is an equal opportunities employer.
15/06/2026
Full time
We are seeking a Technical GRC Analyst to support the day-to-day operation of our governance, risk, compliance, and security assurance processes within a growing EdTech SaaS environment. This role will focus on administering established policies and workflows, coordinating compliance and security activities, handling requests from across the business, and performing risk assessments particularly where personal data, information security, and GDPR considerations are involved. You will play a key role in ensuring that our systems, processes, security tooling, and third-party relationships meet our security, compliance, and data protection standards. Working closely with the IT & Information Security Manager and wider IT team, you will help maintain audit readiness, support operational security assurance activities, and coordinate remediation and evidence management across the organisation. The role offers exposure across governance, operational security assurance, compliance, and risk management within a growing SaaS environment. Key Responsibilities Administer and operate IT risk, compliance, and security assurance processes aligned to internal policies and regulatory requirements (including GDPR) Act as a central point of contact for compliance-related requests (e.g. Subject Access Requests (SARs), data sharing requests, access requests, exceptions, and supplier onboarding) Perform risk assessments using defined criteria, with a focus on data protection and information security risks Review requests against defined policies and controls, escalating where appropriate in line with internal governance processes Support third-party / supplier risk assessments, including reviewing security and data protection documentation and tracking follow-up actions Support periodic reviews of high-risk and business-critical suppliers, applications, and technology platforms to ensure appropriate security, compliance, and data protection controls remain in place Support the implementation and ongoing operation of compliance and assurance tooling (Vanta), including evidence collection, test management, stakeholder coordination, remediation tracking, and control adoption activities. Ensure appropriate documentation, audit trails, and evidence are maintained for assessments, compliance activities, and operational processes Support internal and external audits (e.g. ISO 27001), including evidence gathering, action tracking, and coordination of remediation activities Monitor compliance with policies and highlight potential risks, gaps, or control weaknesses for review Support coordination and operational delivery of security improvement initiatives across IT and business teams. Support incident management processes through documentation, tracking, and coordination of follow-up actions Coordinate security awareness activities, including phishing simulation campaigns and training tracking Assist with reviews of security tooling configurations and collection of supporting control evidence Work closely with engineering, product, and business teams to ensure compliance and security processes are understood and followed Contribute ideas and feedback to improve workflows and operational processes, particularly where they impact scalability, operational efficiency, or customer trust Skills & Experience Essential: Experience in IT risk, compliance, or GRC roles within a SaaS or technology environment Understanding of GDPR and handling of personal data (especially sensitive or child/student data) Experience performing risk assessments using structured frameworks and defined processes Ability to interpret policies and apply them to operational and real-world scenarios Strong organisational, coordination, and documentation skills (audit trails, evidence, decision logs) Experience working with cross-functional teams (e.g. engineering, product, operations) Experience supporting operational security assurance activities, such as evidence collection, control validation, remediation tracking, or audit preparation Desirable: Familiarity with ISO 27001, Cyber Essentials, or similar frameworks Experience supporting audits, evidence collection, or remediation tracking activities Experience with vendor / third-party risk management Exposure to data protection processes (e.g. SARs, DPIAs, data sharing assessments) Exposure to data classification, data governance, or data loss prevention (DLP) processes Experience with GRC, compliance, or assurance platforms (e.g. Vanta, Drata) and ticketing/workflow management tools Exposure to Microsoft 365 security and compliance tooling (e.g. Entra ID, Intune, Secure Score, Defender) Basic understanding of cloud/SaaS architecture and common security controls Key Behaviours: Pragmatic approach to risk, with the ability to balance compliance requirements with business needs Comfortable assessing requests against defined policies and escalating concerns where appropriate Confident communicating risks, issues, and follow-up actions to stakeholders Detail-oriented, with a strong focus on documentation, evidence quality, and traceability Organised and proactive, with the ability to manage multiple tasks and follow through on actions Able to operate independently within established processes and governance frameworks Collaborative approach to working with technical and non-technical teams Bromcom is an equal opportunities employer.
About the Role We are seeking an experienced Information Security Analyst to support the delivery of governance, risk, and compliance (GRC) services for one of our leading clients. Working closely with senior stakeholders, technology teams, and security leadership, you will play a key role in strengthening the organisation's cyber security posture through effective risk management, compliance assurance, and security governance activities. You will support the implementation and maintenance of recognised security frameworks and standards while helping to drive security improvements across business and technology functions. This is an excellent opportunity for a security professional, who is comfortable operating in a client-facing environment and can provide pragmatic, risk-based security advice. Key Responsibilities Support the delivery of cybersecurity governance, risk, and compliance activities, ensuring alignment with frameworks including ISO 27001, NIST Cybersecurity Framework, Cyber Essentials, and GovAssure. Conduct information security risk assessments across business processes, programmes, projects, technology platforms, and third-party suppliers. Maintain security risk registers, track remediation actions, and support the effective management of cyber risk across business and technology functions. Produce high-quality security documentation, including policies, standards, compliance evidence, assessment reports, and executive-level reporting. Support internal and external audits, control reviews, assurance activities, and compliance assessments. Facilitate workshops and engage with stakeholders across technical, programme, operational, and leadership teams to gather requirements, collect evidence, and drive security initiatives. Support supplier assurance and third-party risk management activities. Assist with the development and continuous improvement of security governance processes and controls. Support in embedding security best practices, data governance, and Secure by Design principles across recovery, transformation, and operational workstreams. Contribute to security awareness, risk reporting, and governance activities across the client environment. Skills & Experience Essential 3-5 years' experience in Information Security, Cyber Security, Governance, Risk & Compliance, IT Audit, or Risk Management roles. Experience conducting information security risk assessments and control reviews. Strong understanding of information security governance and risk management principles. Working knowledge of ISO 27001 and information security management systems. Familiarity with security frameworks and standards including NIST Cybersecurity Framework and Cyber Essentials. Experience supporting audit, compliance, or assurance activities. Strong stakeholder engagement and communication skills. Excellent report writing, documentation, and presentation capabilities. Ability to communicate complex security concepts to both technical and non-technical audiences. Able to work in London 2-3 days per week. Desirable Experience working within government, public sector, regulated, or enterprise environments. Knowledge of GovAssure assessments and public sector security requirements. Familiarity with cloud environments including Microsoft Azure and AWS. Experience using GRC platforms and risk management tooling. Understanding of Secure by Design and security architecture principles. Certifications One or more of the following would be advantageous: ISO 27001 Lead Implementer or Lead Auditor Security+ CGRC CISA CRISC CISSP (or Associate CISSP) Employee Benefits Training - All team members are offered a number of options in terms of personal development, whether it is technical led, business acumen or methodologies. We want you to grow with us and to help us achieve more Private medical cover for you and your spouse/partner, offered via Vitality Discretionary bonus based on a blend of personal and company performance Holiday - You will receive 25 Days holiday, plus 1 day for Birthday and 1 day for your work anniversary in addition to UK bank holidays Electric Vehicle leasing with salary sacrifice Contributed Pension Scheme Death in service cover Equal Opportunities We are an equal opportunities employer and do not discriminate on the grounds of gender, sexual orientation, marital or civil partner status, pregnancy or maternity, gender reassignment, race, colour, nationality, ethnic or national origin, religion or belief, disability or age.
15/06/2026
Full time
About the Role We are seeking an experienced Information Security Analyst to support the delivery of governance, risk, and compliance (GRC) services for one of our leading clients. Working closely with senior stakeholders, technology teams, and security leadership, you will play a key role in strengthening the organisation's cyber security posture through effective risk management, compliance assurance, and security governance activities. You will support the implementation and maintenance of recognised security frameworks and standards while helping to drive security improvements across business and technology functions. This is an excellent opportunity for a security professional, who is comfortable operating in a client-facing environment and can provide pragmatic, risk-based security advice. Key Responsibilities Support the delivery of cybersecurity governance, risk, and compliance activities, ensuring alignment with frameworks including ISO 27001, NIST Cybersecurity Framework, Cyber Essentials, and GovAssure. Conduct information security risk assessments across business processes, programmes, projects, technology platforms, and third-party suppliers. Maintain security risk registers, track remediation actions, and support the effective management of cyber risk across business and technology functions. Produce high-quality security documentation, including policies, standards, compliance evidence, assessment reports, and executive-level reporting. Support internal and external audits, control reviews, assurance activities, and compliance assessments. Facilitate workshops and engage with stakeholders across technical, programme, operational, and leadership teams to gather requirements, collect evidence, and drive security initiatives. Support supplier assurance and third-party risk management activities. Assist with the development and continuous improvement of security governance processes and controls. Support in embedding security best practices, data governance, and Secure by Design principles across recovery, transformation, and operational workstreams. Contribute to security awareness, risk reporting, and governance activities across the client environment. Skills & Experience Essential 3-5 years' experience in Information Security, Cyber Security, Governance, Risk & Compliance, IT Audit, or Risk Management roles. Experience conducting information security risk assessments and control reviews. Strong understanding of information security governance and risk management principles. Working knowledge of ISO 27001 and information security management systems. Familiarity with security frameworks and standards including NIST Cybersecurity Framework and Cyber Essentials. Experience supporting audit, compliance, or assurance activities. Strong stakeholder engagement and communication skills. Excellent report writing, documentation, and presentation capabilities. Ability to communicate complex security concepts to both technical and non-technical audiences. Able to work in London 2-3 days per week. Desirable Experience working within government, public sector, regulated, or enterprise environments. Knowledge of GovAssure assessments and public sector security requirements. Familiarity with cloud environments including Microsoft Azure and AWS. Experience using GRC platforms and risk management tooling. Understanding of Secure by Design and security architecture principles. Certifications One or more of the following would be advantageous: ISO 27001 Lead Implementer or Lead Auditor Security+ CGRC CISA CRISC CISSP (or Associate CISSP) Employee Benefits Training - All team members are offered a number of options in terms of personal development, whether it is technical led, business acumen or methodologies. We want you to grow with us and to help us achieve more Private medical cover for you and your spouse/partner, offered via Vitality Discretionary bonus based on a blend of personal and company performance Holiday - You will receive 25 Days holiday, plus 1 day for Birthday and 1 day for your work anniversary in addition to UK bank holidays Electric Vehicle leasing with salary sacrifice Contributed Pension Scheme Death in service cover Equal Opportunities We are an equal opportunities employer and do not discriminate on the grounds of gender, sexual orientation, marital or civil partner status, pregnancy or maternity, gender reassignment, race, colour, nationality, ethnic or national origin, religion or belief, disability or age.
Ubds-Group is looking for an experienced Information Security Analyst to enhance governance, risk, and compliance services for clients. You will work closely with stakeholders and security teams, contributing to the organization's cybersecurity efforts. Your responsibilities will include performing risk assessments, maintaining risk registers, documenting compliance, and supporting audits. The ideal candidate has strong communication skills and solid experience in the field. This position offers opportunities for personal development and a range of employee benefits, including private medical cover and paid holidays.
14/06/2026
Full time
Ubds-Group is looking for an experienced Information Security Analyst to enhance governance, risk, and compliance services for clients. You will work closely with stakeholders and security teams, contributing to the organization's cybersecurity efforts. Your responsibilities will include performing risk assessments, maintaining risk registers, documenting compliance, and supporting audits. The ideal candidate has strong communication skills and solid experience in the field. This position offers opportunities for personal development and a range of employee benefits, including private medical cover and paid holidays.
Sword is a leading provider of business technology solutions within the Energy, Public and Finance Sectors, driving real transformation change within our clients. We use proven technology, specialist teams and domain expertise to build solid technical foundations across platforms, data and business applications. We have a passion for using technology to solve business problems, working in partnership with our clients to help in achieving their goals. We are delighted to present a newly created opportunity for a Governance, Risk & Compliance Analyst to join our internal security team. Reporting directly to the Sword Group CISO, you will help run andmaintainSword's governance, risk, and compliance activities across key regulatory, certification, and client requirements. Key Responsibilities Security Governance- Support the development, maintenance, and improvement of security policies, standards, and procedures, helping to keep Sword aligned with ISO 27001, NIS2, and other relevant obligations. Risk Management- Support andmaintainsecurity risk management activities across suppliers, projects, and internal services, helping toidentifyrisks, track treatment actions, and drive progress to completion. Legal, Regulatory, and Contractual Requirements- Help track, interpret, andmaintaincompliance with relevant legal, regulatory, client, and contractual obligations, including GDPR, NIS2, and the UK Cyber Security Resilience Bill. Data Protection- Lead and coordinate ongoing GDPR compliance activities globally bymaintainingrecords, improving processes, working with stakeholders, and ensuring actions are progressed and completed. Third-Party and Supply Chain Security- Support supplier and supply chain risk management activities, including reviews, due diligence, follow-up actions, and the maintenance ofappropriate recordsand evidence. Certification and Compliance Support- Lead and coordinate Sword's ISO 27001 certification and Cyber Essentials activities, including evidence gathering, control tracking, stakeholder coordination, and follow-up of remediation actions. Audit and Assurance- Support internal and external audit activity by preparing evidence, coordinating responses, tracking findings, and helping ensure actions are completed. Business Resilience Support- Contribute to the maintenance and improvement of business continuity and disaster recovery arrangements, including documentation, review activity, and support for testing exercises. Security Culture and Awareness- Support awareness, training, and communication activities that help colleagues understand and follow security policies, processes, and responsibilities. Continuous Improvement- Take a practical, can-do approach to improving the GRC programme through steady progress, good organisation, and a focus on getting things done. Supporting and maintaining governance, risk, and compliance activities aligned to industry standards and organisational objectives. Strong practical experience of frameworks, regulations, and obligations such as ISO 27001, GDPR, Cyber Essentials, NIS2, and the UK Cyber Security Resilience Bill, with the ability to apply these in a practical business context and coordinate related activities across a global organisation. Supporting risk assessments, control reviews, remediation tracking, and evidence management across projects, suppliers, and internal services. Experience contributing to audit, certification, or compliance activity, including evidence gathering, issue tracking, stakeholder coordination, and support for follow-up actions. Supporting supplier and supply chain assurance activity, including due diligence, review of responses, and follow-up of security actions. Good organisational, analytical, and problem solving skills, with the ability to interpret requirements and help turn them into practical actions. Clear written and verbal communication skills, with the ability to work effectively with stakeholders across the business. Experience in a similar governance, risk, compliance, information security, or assurance role would be beneficial. This role represents an outstanding opportunity for an individual with practical experience, or strong working knowledge, in governance, risk, compliance, or cyber security who is keen to keep building their expertise, takes ownership, and delivers results. You should have enough experience to lead and coordinate key compliance activities globally, particularly in GDPR, ISO 27001, and Cyber Essentials, with practical experience in running GDPR activities being essential. Qualifications Practical experience leading and coordinating GDPR activities globally (essential). Practical experience of ISO 27001, Cyber Essentials, NIS2, and the UK Cyber Security Resilience Bill. Experience with risk assessments, control reviews, and remediation tracking. Experience contributing to audit, certification, or compliance activity. Experience with supplier and supply chain assurance activity. Good organisational, analytical, and problem solving skills. Clear written and verbal communication skills. Experience in a similar governance, risk, compliance, information security, or assurance role would be beneficial. Personal Skills Relevant qualifications or certifications in ISO 27001, GDPR, Cyber Essentials, risk, audit, or information security would be beneficial, but practical experience leading and coordinating these activities globally is more important. Takes ownership, works proactively, and has a can do attitude with a strong focus on following through and getting things done. Keen to learn, develop, and progress a career in governance, risk, and compliance. Well organised and able to manage competing priorities while maintaining momentum and attention to detail. Communicates clearly and works well with technical and non technical colleagues to drive practical outcomes. Benefits Personalised Career Development: We create a development plan customised to your goals and aspirations, with a range of learning and development opportunities within a culture that encourages growth. Flexible working: Flexible work arrangements to support your work life balance. We can't promise to always be able to meet every request, however, are keen to discuss your individual preferences to make it work where we can. A Fantastic Benefits Package: This includes generous annual leave allowance, enhanced family friendly benefits, pension scheme, access to private health, well being, and insurance schemes. At Sword we are dedicated to fostering a diverse and inclusive workplace and are proud to be an equal opportunities employer, ensuring that all applicants receive fair and equal consideration for employment, regardless of whether they meet every requirement. If you don't tick all the boxes but feel you have some of the relevant skills and experience we're looking for, please do consider applying and highlight your transferable skills and experience. We embrace diversity in all its forms, valuing individuals regardless of age, disability, gender identity or reassignment, marital or civil partner status, pregnancy or maternity status, race, colour, nationality, ethnic or national origin, religion or belief, sex, or sexual orientation. Your perspective and potential are important to us. If we can do anything to help make the hiring process more accessible, please let our talent acquisition team know when you apply so we can support any adjustments.
14/06/2026
Full time
Sword is a leading provider of business technology solutions within the Energy, Public and Finance Sectors, driving real transformation change within our clients. We use proven technology, specialist teams and domain expertise to build solid technical foundations across platforms, data and business applications. We have a passion for using technology to solve business problems, working in partnership with our clients to help in achieving their goals. We are delighted to present a newly created opportunity for a Governance, Risk & Compliance Analyst to join our internal security team. Reporting directly to the Sword Group CISO, you will help run andmaintainSword's governance, risk, and compliance activities across key regulatory, certification, and client requirements. Key Responsibilities Security Governance- Support the development, maintenance, and improvement of security policies, standards, and procedures, helping to keep Sword aligned with ISO 27001, NIS2, and other relevant obligations. Risk Management- Support andmaintainsecurity risk management activities across suppliers, projects, and internal services, helping toidentifyrisks, track treatment actions, and drive progress to completion. Legal, Regulatory, and Contractual Requirements- Help track, interpret, andmaintaincompliance with relevant legal, regulatory, client, and contractual obligations, including GDPR, NIS2, and the UK Cyber Security Resilience Bill. Data Protection- Lead and coordinate ongoing GDPR compliance activities globally bymaintainingrecords, improving processes, working with stakeholders, and ensuring actions are progressed and completed. Third-Party and Supply Chain Security- Support supplier and supply chain risk management activities, including reviews, due diligence, follow-up actions, and the maintenance ofappropriate recordsand evidence. Certification and Compliance Support- Lead and coordinate Sword's ISO 27001 certification and Cyber Essentials activities, including evidence gathering, control tracking, stakeholder coordination, and follow-up of remediation actions. Audit and Assurance- Support internal and external audit activity by preparing evidence, coordinating responses, tracking findings, and helping ensure actions are completed. Business Resilience Support- Contribute to the maintenance and improvement of business continuity and disaster recovery arrangements, including documentation, review activity, and support for testing exercises. Security Culture and Awareness- Support awareness, training, and communication activities that help colleagues understand and follow security policies, processes, and responsibilities. Continuous Improvement- Take a practical, can-do approach to improving the GRC programme through steady progress, good organisation, and a focus on getting things done. Supporting and maintaining governance, risk, and compliance activities aligned to industry standards and organisational objectives. Strong practical experience of frameworks, regulations, and obligations such as ISO 27001, GDPR, Cyber Essentials, NIS2, and the UK Cyber Security Resilience Bill, with the ability to apply these in a practical business context and coordinate related activities across a global organisation. Supporting risk assessments, control reviews, remediation tracking, and evidence management across projects, suppliers, and internal services. Experience contributing to audit, certification, or compliance activity, including evidence gathering, issue tracking, stakeholder coordination, and support for follow-up actions. Supporting supplier and supply chain assurance activity, including due diligence, review of responses, and follow-up of security actions. Good organisational, analytical, and problem solving skills, with the ability to interpret requirements and help turn them into practical actions. Clear written and verbal communication skills, with the ability to work effectively with stakeholders across the business. Experience in a similar governance, risk, compliance, information security, or assurance role would be beneficial. This role represents an outstanding opportunity for an individual with practical experience, or strong working knowledge, in governance, risk, compliance, or cyber security who is keen to keep building their expertise, takes ownership, and delivers results. You should have enough experience to lead and coordinate key compliance activities globally, particularly in GDPR, ISO 27001, and Cyber Essentials, with practical experience in running GDPR activities being essential. Qualifications Practical experience leading and coordinating GDPR activities globally (essential). Practical experience of ISO 27001, Cyber Essentials, NIS2, and the UK Cyber Security Resilience Bill. Experience with risk assessments, control reviews, and remediation tracking. Experience contributing to audit, certification, or compliance activity. Experience with supplier and supply chain assurance activity. Good organisational, analytical, and problem solving skills. Clear written and verbal communication skills. Experience in a similar governance, risk, compliance, information security, or assurance role would be beneficial. Personal Skills Relevant qualifications or certifications in ISO 27001, GDPR, Cyber Essentials, risk, audit, or information security would be beneficial, but practical experience leading and coordinating these activities globally is more important. Takes ownership, works proactively, and has a can do attitude with a strong focus on following through and getting things done. Keen to learn, develop, and progress a career in governance, risk, and compliance. Well organised and able to manage competing priorities while maintaining momentum and attention to detail. Communicates clearly and works well with technical and non technical colleagues to drive practical outcomes. Benefits Personalised Career Development: We create a development plan customised to your goals and aspirations, with a range of learning and development opportunities within a culture that encourages growth. Flexible working: Flexible work arrangements to support your work life balance. We can't promise to always be able to meet every request, however, are keen to discuss your individual preferences to make it work where we can. A Fantastic Benefits Package: This includes generous annual leave allowance, enhanced family friendly benefits, pension scheme, access to private health, well being, and insurance schemes. At Sword we are dedicated to fostering a diverse and inclusive workplace and are proud to be an equal opportunities employer, ensuring that all applicants receive fair and equal consideration for employment, regardless of whether they meet every requirement. If you don't tick all the boxes but feel you have some of the relevant skills and experience we're looking for, please do consider applying and highlight your transferable skills and experience. We embrace diversity in all its forms, valuing individuals regardless of age, disability, gender identity or reassignment, marital or civil partner status, pregnancy or maternity status, race, colour, nationality, ethnic or national origin, religion or belief, sex, or sexual orientation. Your perspective and potential are important to us. If we can do anything to help make the hiring process more accessible, please let our talent acquisition team know when you apply so we can support any adjustments.
Overview Cyber GRC Analyst (Apprentice) for a Fixed term contract of 24 months to cover the lifetime of the apprenticeship, with potential for a permanent position on successful qualification. Contract: Initially a Fixed term contract for 24 months. Working hours: 35 hours per week. As an apprentice you will spend 20% of your time on off-the-job learning. Salary: £26,936. Location: London, Exchange Tower. Reporting to: Cyber Security Manager. Hybrid working and an office environment are available and encouraged. This apprenticeship role supports the Cyber GRC team to understand, assess and report on cyber risk across our people, processes and technology. Responsibilities Support internal reviews of cyber security policies, procedures and controls by gathering evidence and completing checklists against agreed standards (e.g., Cyber Essentials, ISO 27001, NIST) under supervision. Help evaluate cyber controls by recording what is in place, noting exceptions, and escalating gaps or concerns to the assessor/lead. Assist with reviewing systems, processes and data protection measures by gathering information from system owners and keeping evidence organised. Help identify practical risk treatments (mitigations) for processes, technology, and outsourced products/services, and support tracking progress to closure. Maintain assessment documentation (e.g., working papers, evidence logs, action trackers) so findings and follow-ups can be monitored and reported. Work with colleagues across IT, Enterprise Risk, Data Protection and Information Security to gather information and support agreed improvements. Support cyber risk assessments by helping identify threats, vulnerabilities and impacts, and capturing results in the agreed templates and risk register. Stay curious about industry trends, common cyber threats, and relevant guidance, and share highlights with the team. Support regular reporting by updating trackers and helping produce simple summaries of risk and control status (e.g., KPIs/KRIs), with guidance. Minimum Criteria / Qualifications You will have achieved three A levels or equivalent and GCSE English and Maths or have significant work experience in a relative field. On enrolment onto the apprenticeship (September 2026) you will be at least 18 years of age; you will not be in full-time education or receiving funding for other learning programmes. You will need a full UK Right to Work for the duration of the apprenticeship, and have valid and eligible residency status and be a resident in the UK for 3 years before the start of the apprenticeship. In addition your CV should show an interest in cyber security, risk and compliance, with a willingness to learn; some experience documenting processes, following procedures, or working with evidence; and a basic understanding of what cyber security controls are (e.g., access control, patching, backups, MFA) or a willingness to learn quickly. Benefits and Working Environment We are a values-led organisation with a hybrid work policy. We offer flexibility, wellbeing support, growth opportunities and a diverse, inclusive culture. Benefits include 25 days holiday entitlement (plus ability to buy/sell days), pension, family-friendly policies, private medical insurance, and other voluntary benefits. The Financial Ombudsman Service is an equal opportunities employer and is Disability Confident. We encourage applications from underrepresented groups and provide reasonable adjustments on request.
14/06/2026
Full time
Overview Cyber GRC Analyst (Apprentice) for a Fixed term contract of 24 months to cover the lifetime of the apprenticeship, with potential for a permanent position on successful qualification. Contract: Initially a Fixed term contract for 24 months. Working hours: 35 hours per week. As an apprentice you will spend 20% of your time on off-the-job learning. Salary: £26,936. Location: London, Exchange Tower. Reporting to: Cyber Security Manager. Hybrid working and an office environment are available and encouraged. This apprenticeship role supports the Cyber GRC team to understand, assess and report on cyber risk across our people, processes and technology. Responsibilities Support internal reviews of cyber security policies, procedures and controls by gathering evidence and completing checklists against agreed standards (e.g., Cyber Essentials, ISO 27001, NIST) under supervision. Help evaluate cyber controls by recording what is in place, noting exceptions, and escalating gaps or concerns to the assessor/lead. Assist with reviewing systems, processes and data protection measures by gathering information from system owners and keeping evidence organised. Help identify practical risk treatments (mitigations) for processes, technology, and outsourced products/services, and support tracking progress to closure. Maintain assessment documentation (e.g., working papers, evidence logs, action trackers) so findings and follow-ups can be monitored and reported. Work with colleagues across IT, Enterprise Risk, Data Protection and Information Security to gather information and support agreed improvements. Support cyber risk assessments by helping identify threats, vulnerabilities and impacts, and capturing results in the agreed templates and risk register. Stay curious about industry trends, common cyber threats, and relevant guidance, and share highlights with the team. Support regular reporting by updating trackers and helping produce simple summaries of risk and control status (e.g., KPIs/KRIs), with guidance. Minimum Criteria / Qualifications You will have achieved three A levels or equivalent and GCSE English and Maths or have significant work experience in a relative field. On enrolment onto the apprenticeship (September 2026) you will be at least 18 years of age; you will not be in full-time education or receiving funding for other learning programmes. You will need a full UK Right to Work for the duration of the apprenticeship, and have valid and eligible residency status and be a resident in the UK for 3 years before the start of the apprenticeship. In addition your CV should show an interest in cyber security, risk and compliance, with a willingness to learn; some experience documenting processes, following procedures, or working with evidence; and a basic understanding of what cyber security controls are (e.g., access control, patching, backups, MFA) or a willingness to learn quickly. Benefits and Working Environment We are a values-led organisation with a hybrid work policy. We offer flexibility, wellbeing support, growth opportunities and a diverse, inclusive culture. Benefits include 25 days holiday entitlement (plus ability to buy/sell days), pension, family-friendly policies, private medical insurance, and other voluntary benefits. The Financial Ombudsman Service is an equal opportunities employer and is Disability Confident. We encourage applications from underrepresented groups and provide reasonable adjustments on request.
Junior Cyber Defense AnalystApplylocations: Belfast, Northern Irelandtime type: Full timeposted on: Posted Yesterdayjob requisition id: 26-466Wolfspeed is seeking a Cyber Defense Analyst to join their growing global Cyber Security team. You will join a team of highly motivated security professionals who are working hard to foster a security-first culture at Wolfspeed. What does your day-to-day look like? Responsible for escalations and events Investigate and respond to cyber security events, including SIEM alerts Triage and process user generated incidents, including phishing emails Work L2 & L3 BAU information security queues Consolidate and develop Cyber Defense documentation Assist with general information security requests, including GRC related asks Investigate IDAM alerts and respond accordinglyWho are we looking for? Must Have 2+ years' experience in Information Security Experience configuring and supporting security tools Strong understanding of IOCs and current TTPs Intermediate knowledge of networking fundamentals Proficiency with both Windows and Unix/Linux OS Strong technical knowledge of the Windows ecosystem, including Azure and Active Directory Strong experience within incident response, including SIEM and EDR tooling Ability to work independently and use initiative to resolve issues Plan and execute self-managed workstreams/projects with minimal oversight Excellent oral and written communication skills Ability to develop strong working relationships with other Teams to complete initiativesNice to have PAM knowledge Security Engineering experience Ability to code Threat hunting experience Knowledge of network security About UsWolfspeed is a powerhouse semiconductor company focused on silicon carbide and GaN technologies.After more than thirty years of forging new technology adoption and transformation, our Wolfspeed power and radio frequency (RF) semiconductors are leading the industry through unrivaled expertise and capacity.
14/06/2026
Full time
Junior Cyber Defense AnalystApplylocations: Belfast, Northern Irelandtime type: Full timeposted on: Posted Yesterdayjob requisition id: 26-466Wolfspeed is seeking a Cyber Defense Analyst to join their growing global Cyber Security team. You will join a team of highly motivated security professionals who are working hard to foster a security-first culture at Wolfspeed. What does your day-to-day look like? Responsible for escalations and events Investigate and respond to cyber security events, including SIEM alerts Triage and process user generated incidents, including phishing emails Work L2 & L3 BAU information security queues Consolidate and develop Cyber Defense documentation Assist with general information security requests, including GRC related asks Investigate IDAM alerts and respond accordinglyWho are we looking for? Must Have 2+ years' experience in Information Security Experience configuring and supporting security tools Strong understanding of IOCs and current TTPs Intermediate knowledge of networking fundamentals Proficiency with both Windows and Unix/Linux OS Strong technical knowledge of the Windows ecosystem, including Azure and Active Directory Strong experience within incident response, including SIEM and EDR tooling Ability to work independently and use initiative to resolve issues Plan and execute self-managed workstreams/projects with minimal oversight Excellent oral and written communication skills Ability to develop strong working relationships with other Teams to complete initiativesNice to have PAM knowledge Security Engineering experience Ability to code Threat hunting experience Knowledge of network security About UsWolfspeed is a powerhouse semiconductor company focused on silicon carbide and GaN technologies.After more than thirty years of forging new technology adoption and transformation, our Wolfspeed power and radio frequency (RF) semiconductors are leading the industry through unrivaled expertise and capacity.
The Financial Ombudsman Service is seeking a Cyber GRC Analyst (Apprentice) for a 24-month fixed-term contract in London. You will have the opportunity to gain hands-on experience while contributing to the Cyber GRC team. This apprenticeship offers a supportive working environment with flexible arrangements, competitive benefits including 25 days holiday, pension, and private medical insurance, alongside personal growth opportunities.
14/06/2026
Full time
The Financial Ombudsman Service is seeking a Cyber GRC Analyst (Apprentice) for a 24-month fixed-term contract in London. You will have the opportunity to gain hands-on experience while contributing to the Cyber GRC team. This apprenticeship offers a supportive working environment with flexible arrangements, competitive benefits including 25 days holiday, pension, and private medical insurance, alongside personal growth opportunities.
Overview Wolfspeed is seeking a Cyber Defense Analyst to join their growing global Cyber Security team. You will join a team of highly motivated security professionals who are working hard to foster a security-first culture at Wolfspeed. Responsibilities Responsible for escalations and events. Investigate and respond to cyber security events, including SIEM alerts. Triage and process user-generated incidents, including phishing emails. Work L2 & L3 BAU information security queues. Consolidate and develop Cyber Defense documentation. Assist with general information security requests, including GRC related asks. Investigate IDAM alerts and respond accordingly. Qualifications Must have 2+ years of experience in Information Security. Experience configuring and supporting security tools. Strong understanding of IOCs and current TTPs. Intermediate knowledge of networking fundamentals. Proficiency with both Windows and Unix/Linux OS. Strong technical knowledge of the Windows ecosystem, including Azure and Active Directory. Strong experience within incident response, including SIEM and EDR tooling. Ability to work independently and use initiative to resolve issues. Plan and execute self-managed workstreams/projects with minimal oversight. Excellent oral and written communication skills. Ability to develop strong working relationships with other teams to complete initiatives. Nice to Have PAM knowledge. Security Engineering experience. Ability to code. Threat hunting experience. Knowledge of network security. Company Information Wolfspeed is a powerhouse semiconductor company focused on silicon carbide and GaN technologies. After more than thirty years of forging new technology adoption and transformation, our Wolfspeed power and radio frequency (RF) semiconductors are leading the industry through unrivaled expertise and capacity. EEO Statement If you require an accommodation to complete an online application, please contact accessHR at +1 .
13/06/2026
Full time
Overview Wolfspeed is seeking a Cyber Defense Analyst to join their growing global Cyber Security team. You will join a team of highly motivated security professionals who are working hard to foster a security-first culture at Wolfspeed. Responsibilities Responsible for escalations and events. Investigate and respond to cyber security events, including SIEM alerts. Triage and process user-generated incidents, including phishing emails. Work L2 & L3 BAU information security queues. Consolidate and develop Cyber Defense documentation. Assist with general information security requests, including GRC related asks. Investigate IDAM alerts and respond accordingly. Qualifications Must have 2+ years of experience in Information Security. Experience configuring and supporting security tools. Strong understanding of IOCs and current TTPs. Intermediate knowledge of networking fundamentals. Proficiency with both Windows and Unix/Linux OS. Strong technical knowledge of the Windows ecosystem, including Azure and Active Directory. Strong experience within incident response, including SIEM and EDR tooling. Ability to work independently and use initiative to resolve issues. Plan and execute self-managed workstreams/projects with minimal oversight. Excellent oral and written communication skills. Ability to develop strong working relationships with other teams to complete initiatives. Nice to Have PAM knowledge. Security Engineering experience. Ability to code. Threat hunting experience. Knowledge of network security. Company Information Wolfspeed is a powerhouse semiconductor company focused on silicon carbide and GaN technologies. After more than thirty years of forging new technology adoption and transformation, our Wolfspeed power and radio frequency (RF) semiconductors are leading the industry through unrivaled expertise and capacity. EEO Statement If you require an accommodation to complete an online application, please contact accessHR at +1 .
About the role We are looking for a Compliance Governance Data Scientist to join our Compliance Risk Office (CRO). As Rippling expands rapidly into regulated markets globally (UK, EU, AU, SG, NZ), our compliance surface is outgrowing our legacy infrastructure. This role is a critical technical hire tasked with closing that gap. Moving beyond traditional Financial Crime/AML, you will build the technical data infrastructure to track cross-domain compliance risks across Complaints, Regulatory, Product Governance, and Employer of Record (EOR). You will own the automated aggregation of risk data, stand up our central Management Information (MI) reporting framework, and help launch our proprietary Compliance Risk App. The ideal candidate has 2-3 years of experience writing SQL, building dashboards, and translating qualitative compliance frameworks into quantitative data models. What you will do Transition the CRO from manual data assembly to automated, real time dashboards that provide a single consolidated view of risk for the Compliance Committee and Board. Serve as the functional data owner for the rollout of our Compliance Risk App, ensuring it serves as the single source of truth for all cross domain risks. Work closely with our Governance Lead to translate the new compliance risk taxonomy into measurable Key Risk Indicators (KRIs) across all business units. Connect data pipelines from our Monitoring & Testing (M&T) domain programs directly to the central risk register so testing becomes completely risk based. Run historical and predictive trend reporting on compliance issues, tracking open actions to ensure the business can actively evidence its compliance to global regulators. What you will need 2-3 years of experience as a Data Analyst, Risk Analyst, or Business Intelligence Engineer, ideally within a scaling Fintech, SaaS, or highly regulated operational environment. Strong proficiency in SQL (joins, CTEs, optimization) and experience building production grade dashboards in BI tools (e.g., Tableau, Power BI, or Looker). Experience working with risk management platforms, GRC systems, or internal application development (experience with internal low code/no code internal app building is a massive plus). While you do not need to be a legal expert, you must be eager to learn cross domain compliance areas like EOR regulations, marketing compliance, and global regulatory frameworks. Proven ability to operate in a fast paced "build" environment, transforming unstructured, messy data into organized, automated pipelines.
13/06/2026
Full time
About the role We are looking for a Compliance Governance Data Scientist to join our Compliance Risk Office (CRO). As Rippling expands rapidly into regulated markets globally (UK, EU, AU, SG, NZ), our compliance surface is outgrowing our legacy infrastructure. This role is a critical technical hire tasked with closing that gap. Moving beyond traditional Financial Crime/AML, you will build the technical data infrastructure to track cross-domain compliance risks across Complaints, Regulatory, Product Governance, and Employer of Record (EOR). You will own the automated aggregation of risk data, stand up our central Management Information (MI) reporting framework, and help launch our proprietary Compliance Risk App. The ideal candidate has 2-3 years of experience writing SQL, building dashboards, and translating qualitative compliance frameworks into quantitative data models. What you will do Transition the CRO from manual data assembly to automated, real time dashboards that provide a single consolidated view of risk for the Compliance Committee and Board. Serve as the functional data owner for the rollout of our Compliance Risk App, ensuring it serves as the single source of truth for all cross domain risks. Work closely with our Governance Lead to translate the new compliance risk taxonomy into measurable Key Risk Indicators (KRIs) across all business units. Connect data pipelines from our Monitoring & Testing (M&T) domain programs directly to the central risk register so testing becomes completely risk based. Run historical and predictive trend reporting on compliance issues, tracking open actions to ensure the business can actively evidence its compliance to global regulators. What you will need 2-3 years of experience as a Data Analyst, Risk Analyst, or Business Intelligence Engineer, ideally within a scaling Fintech, SaaS, or highly regulated operational environment. Strong proficiency in SQL (joins, CTEs, optimization) and experience building production grade dashboards in BI tools (e.g., Tableau, Power BI, or Looker). Experience working with risk management platforms, GRC systems, or internal application development (experience with internal low code/no code internal app building is a massive plus). While you do not need to be a legal expert, you must be eager to learn cross domain compliance areas like EOR regulations, marketing compliance, and global regulatory frameworks. Proven ability to operate in a fast paced "build" environment, transforming unstructured, messy data into organized, automated pipelines.
News Corporation is seeking a Senior Governance, Risk and Compliance (GRC) Analyst to support the Cyber GRC Program. Located in London, the role requires extensive compliance knowledge and 6+ years of Cyber Security experience. You'll work with stakeholders to manage audits, security initiatives, and risk assessments. The ideal candidate possesses strong knowledge of frameworks such as NIST CSF and PCI DSS, excellent communication skills, and relevant qualifications. Hybrid work mode expected.
13/06/2026
Full time
News Corporation is seeking a Senior Governance, Risk and Compliance (GRC) Analyst to support the Cyber GRC Program. Located in London, the role requires extensive compliance knowledge and 6+ years of Cyber Security experience. You'll work with stakeholders to manage audits, security initiatives, and risk assessments. The ideal candidate possesses strong knowledge of frameworks such as NIST CSF and PCI DSS, excellent communication skills, and relevant qualifications. Hybrid work mode expected.
Ruleguard have an exciting opportunity for a Solutions Engineer to join the team based in London on a hybrid basis . You will join us on a full-time, permanent contract and in return, you will receive a competitive salary of £100,000 - £120,000 per annum. The Solutions Engineer role: This is a pre-sales and solutions role sitting at the intersection of compliance expertise and technology. You will lead the technical and functional dimension of the sales process, running product demonstrations, shaping solution narratives, and ensuring that what we propose is grounded in industry realities and how the platform actually works. You will work closely with our sales team, providing the compliance depth and platform fluency that turns an interested prospect into a confident buyer. Responsibilities of our Solutions Engineer include: Demonstrations and Pre-Sales Engagement Lead product demonstrations across the full Ruleguard platform, tailoring the narrative to the prospect's regulatory profile, firm type, and priority compliance obligations Prepare thoroughly for each demo, researching the prospect's context and structuring the session around their specific pain points rather than a generic feature walkthrough Handle functional and technical questions during demonstrations with confidence, distinguishing clearly between current platform capability and the product roadmap Work with sales colleagues to plan and sequence the pre-sales process, advising on when and how to deploy demonstrations, proof-of-concept exercises, and follow-up sessions Coach and support sales colleagues through demonstrations where a subject matter lead is not present, providing briefing materials, talk tracks, and objection-handling guidance Configure AI agents using goals, intent, constraints, guardrails and context to demonstrate real efficiencies that this technology can bring to our clients Solution Design and Proposals Translate prospect requirements into clear, well-structured solution design and scoping documents for internal use and client presentation Map client workflows to platform capabilities, identifying where configuration can meet requirements directly, where bespoke approaches are needed, and where gaps exist Contribute to proposal and RFP responses, providing the functional and technical content that underpins the commercial offer Collaborate closely with Product and Engineering teams to surface recurring customer requirements, implementation patterns, and opportunities for product enhancement. Support proof-of-concept and implementation activities, helping clients configure workflows, troubleshoot issues, and optimise operational adoption. Translate complex compliance and operational requirements into scalable platform configurations, workflow logic, governance controls, and solution designs. Work with clients to operationalise Ruleguard within real-world enterprise environments, including integration into internal systems, workflows, data sources, and approval processes. Maintain a working knowledge of how Ruleguard is configured across different client types, using that pattern recognition to sharpen pre-sales conversations Platform Knowledge and Collateral Develop and maintain deep working knowledge of the Ruleguard platform across all solution modules, including regulatory change, policy management, conflicts of interest, personal account trading, gifts and entertainment, and related areas Stay current with regulatory developments relevant to Ruleguard's client base, ensuring that demonstrations and solution narratives reflect the compliance environment prospects are operating in Contribute to the development of demo environments, scenario libraries, and pre-sales collateral, improving the quality and consistency of how the platform is presented to market What we are looking for in our Solutions Engineer: Compliance and Domain Knowledge Prior experience working within or alongside a risk or compliance function in financial services, whether as a compliance analyst, associate, or officer, or in a consulting or advisory role serving compliance teams Solid working knowledge of core compliance disciplines including regulatory change management, conflicts of interest, policy and procedure governance, and employee monitoring Familiarity with the regulatory environment relevant to asset managers, wealth managers, broker-dealers, or similar regulated firms Genuine curiosity about how regulation is evolving and how technology can help compliance teams keep pace Pre-Sales and Client-Facing Skills Confident and credible in front of senior compliance and risk stakeholders, able to lead a conversation rather than present slides Able to read a room, adapt a demonstration in real time, and handle questions without losing the thread of the narrative Clear written communication; produces documentation that is precise, well-organised, and appropriate for a client audience Technical and Analytical Comfortable learning and administering SaaS platforms; picks up new systems quickly and applies that knowledge practically Proficient with data, dashboards, and reporting, and able to work with the outputs of a compliance platform and interpret them for a client audience Comfortable troubleshooting complex SaaS implementations across integrations, workflow configuration, user permissions, and data quality issues. Familiarity with workflow automation, AI-assisted operations, or agentic SaaS concepts, including approval flows, retrieval-driven workflows, permissions, and human-in-the-loop controls. Familiar with AI tools and their application in compliance operations and the broader GRC technology market Organised and methodical; able to manage multiple pre-sales engagements in parallel without losing track of detail or follow-up If you are looking for a new challenge, please click apply now to be considered as our Solutions Engineer - we d love to hear from you!
12/06/2026
Full time
Ruleguard have an exciting opportunity for a Solutions Engineer to join the team based in London on a hybrid basis . You will join us on a full-time, permanent contract and in return, you will receive a competitive salary of £100,000 - £120,000 per annum. The Solutions Engineer role: This is a pre-sales and solutions role sitting at the intersection of compliance expertise and technology. You will lead the technical and functional dimension of the sales process, running product demonstrations, shaping solution narratives, and ensuring that what we propose is grounded in industry realities and how the platform actually works. You will work closely with our sales team, providing the compliance depth and platform fluency that turns an interested prospect into a confident buyer. Responsibilities of our Solutions Engineer include: Demonstrations and Pre-Sales Engagement Lead product demonstrations across the full Ruleguard platform, tailoring the narrative to the prospect's regulatory profile, firm type, and priority compliance obligations Prepare thoroughly for each demo, researching the prospect's context and structuring the session around their specific pain points rather than a generic feature walkthrough Handle functional and technical questions during demonstrations with confidence, distinguishing clearly between current platform capability and the product roadmap Work with sales colleagues to plan and sequence the pre-sales process, advising on when and how to deploy demonstrations, proof-of-concept exercises, and follow-up sessions Coach and support sales colleagues through demonstrations where a subject matter lead is not present, providing briefing materials, talk tracks, and objection-handling guidance Configure AI agents using goals, intent, constraints, guardrails and context to demonstrate real efficiencies that this technology can bring to our clients Solution Design and Proposals Translate prospect requirements into clear, well-structured solution design and scoping documents for internal use and client presentation Map client workflows to platform capabilities, identifying where configuration can meet requirements directly, where bespoke approaches are needed, and where gaps exist Contribute to proposal and RFP responses, providing the functional and technical content that underpins the commercial offer Collaborate closely with Product and Engineering teams to surface recurring customer requirements, implementation patterns, and opportunities for product enhancement. Support proof-of-concept and implementation activities, helping clients configure workflows, troubleshoot issues, and optimise operational adoption. Translate complex compliance and operational requirements into scalable platform configurations, workflow logic, governance controls, and solution designs. Work with clients to operationalise Ruleguard within real-world enterprise environments, including integration into internal systems, workflows, data sources, and approval processes. Maintain a working knowledge of how Ruleguard is configured across different client types, using that pattern recognition to sharpen pre-sales conversations Platform Knowledge and Collateral Develop and maintain deep working knowledge of the Ruleguard platform across all solution modules, including regulatory change, policy management, conflicts of interest, personal account trading, gifts and entertainment, and related areas Stay current with regulatory developments relevant to Ruleguard's client base, ensuring that demonstrations and solution narratives reflect the compliance environment prospects are operating in Contribute to the development of demo environments, scenario libraries, and pre-sales collateral, improving the quality and consistency of how the platform is presented to market What we are looking for in our Solutions Engineer: Compliance and Domain Knowledge Prior experience working within or alongside a risk or compliance function in financial services, whether as a compliance analyst, associate, or officer, or in a consulting or advisory role serving compliance teams Solid working knowledge of core compliance disciplines including regulatory change management, conflicts of interest, policy and procedure governance, and employee monitoring Familiarity with the regulatory environment relevant to asset managers, wealth managers, broker-dealers, or similar regulated firms Genuine curiosity about how regulation is evolving and how technology can help compliance teams keep pace Pre-Sales and Client-Facing Skills Confident and credible in front of senior compliance and risk stakeholders, able to lead a conversation rather than present slides Able to read a room, adapt a demonstration in real time, and handle questions without losing the thread of the narrative Clear written communication; produces documentation that is precise, well-organised, and appropriate for a client audience Technical and Analytical Comfortable learning and administering SaaS platforms; picks up new systems quickly and applies that knowledge practically Proficient with data, dashboards, and reporting, and able to work with the outputs of a compliance platform and interpret them for a client audience Comfortable troubleshooting complex SaaS implementations across integrations, workflow configuration, user permissions, and data quality issues. Familiarity with workflow automation, AI-assisted operations, or agentic SaaS concepts, including approval flows, retrieval-driven workflows, permissions, and human-in-the-loop controls. Familiar with AI tools and their application in compliance operations and the broader GRC technology market Organised and methodical; able to manage multiple pre-sales engagements in parallel without losing track of detail or follow-up If you are looking for a new challenge, please click apply now to be considered as our Solutions Engineer - we d love to hear from you!
Storyful is seeking a Senior Governance, Risk and Compliance (GRC) Analyst based in London. This hybrid role will require you to work 3 days in the office. The ideal candidate will have over 6 years of experience in Cyber Security, strong knowledge of industry standards like PCI DSS and a firm grasp of Cloud infrastructure, particularly AWS. Key responsibilities include ensuring compliance with regulations and supporting risk assessments. We value equal opportunity and encourage all qualified applicants to apply.
12/06/2026
Full time
Storyful is seeking a Senior Governance, Risk and Compliance (GRC) Analyst based in London. This hybrid role will require you to work 3 days in the office. The ideal candidate will have over 6 years of experience in Cyber Security, strong knowledge of industry standards like PCI DSS and a firm grasp of Cloud infrastructure, particularly AWS. Key responsibilities include ensuring compliance with regulations and supporting risk assessments. We value equal opportunity and encourage all qualified applicants to apply.
