hackajob is collaborating with Tombola to connect them with exceptional professionals for this role. Sunderland - hybrid - permanent. What You'll Be Doing This is a key role that sits at the heart of how we balance security, compliance and innovation. You'll help shape and deliver an effective technical compliance framework, ensuring we maintain a strong security posture while moving at business pace. Working closely with technology teams, compliance and stakeholders across tombola, you'll identify, assess and manage technology and security risks. A big part of your role will be translating complex technical and regulatory requirements into actionable guidance for various audiences. You'll Also Support the ongoing development and improvement of our ISMS, policies, standards and processes Lead and support audits, working with external partners and Group teams Help ensure our platforms and games meet both local and international regulatory requirements Act as a key point of contact between InfoSec and the wider business, building strong relationships and driving the right outcomes What We're Looking For We're looking for someone who's curious, confident and comfortable operating between technical and non technical worlds. You don't need to be hands on coding, but you must understand technology well enough to ask the right questions, challenge where needed and hold your own in conversations with technical teams. You'll Likely Bring A strong understanding of security frameworks, standards or compliance environments The ability to interpret technical concepts and communicate them clearly to different audiences Confidence to challenge, influence and guide stakeholders across the business Strong organisational skills, with the ability to manage multiple priorities We'd Also Love Someone Who Is naturally inquisitive and enjoys getting into the detail Is comfortable asking questions and challenging the status quo Enjoys working with a wide range of people and building relationships Takes pride in doing things thoroughly and properly Ways of Working This role is based at our Sunderland HQ, with a hybrid approach of 3 days in the office and 2 days working from home. That means plenty of time collaborating with the team, alongside space to focus and get stuck into the detail. Why tombola We're a business built on innovation, collaboration and doing things differently. We always look to improve how we work and genuinely welcome new ideas and perspectives. If you're looking for a role where you can make an impact, grow your career and be part of a team that backs each other, we'd love to hear from you. We are committed to creating opportunities for everyone here at tombola and welcome applications from all backgrounds. We encourage individuals to apply, even if they don't meet every requirement.
23/06/2026
Full time
hackajob is collaborating with Tombola to connect them with exceptional professionals for this role. Sunderland - hybrid - permanent. What You'll Be Doing This is a key role that sits at the heart of how we balance security, compliance and innovation. You'll help shape and deliver an effective technical compliance framework, ensuring we maintain a strong security posture while moving at business pace. Working closely with technology teams, compliance and stakeholders across tombola, you'll identify, assess and manage technology and security risks. A big part of your role will be translating complex technical and regulatory requirements into actionable guidance for various audiences. You'll Also Support the ongoing development and improvement of our ISMS, policies, standards and processes Lead and support audits, working with external partners and Group teams Help ensure our platforms and games meet both local and international regulatory requirements Act as a key point of contact between InfoSec and the wider business, building strong relationships and driving the right outcomes What We're Looking For We're looking for someone who's curious, confident and comfortable operating between technical and non technical worlds. You don't need to be hands on coding, but you must understand technology well enough to ask the right questions, challenge where needed and hold your own in conversations with technical teams. You'll Likely Bring A strong understanding of security frameworks, standards or compliance environments The ability to interpret technical concepts and communicate them clearly to different audiences Confidence to challenge, influence and guide stakeholders across the business Strong organisational skills, with the ability to manage multiple priorities We'd Also Love Someone Who Is naturally inquisitive and enjoys getting into the detail Is comfortable asking questions and challenging the status quo Enjoys working with a wide range of people and building relationships Takes pride in doing things thoroughly and properly Ways of Working This role is based at our Sunderland HQ, with a hybrid approach of 3 days in the office and 2 days working from home. That means plenty of time collaborating with the team, alongside space to focus and get stuck into the detail. Why tombola We're a business built on innovation, collaboration and doing things differently. We always look to improve how we work and genuinely welcome new ideas and perspectives. If you're looking for a role where you can make an impact, grow your career and be part of a team that backs each other, we'd love to hear from you. We are committed to creating opportunities for everyone here at tombola and welcome applications from all backgrounds. We encourage individuals to apply, even if they don't meet every requirement.
Information Security Analyst - ISO 27001, SOC2, PCI DSS Audit & Compliance - Large Government Projects London Hybrid. Full-Time Permanent 80,000 - 90,000 plus bonus & benefits We're working with a global leader in workforce management solutions to find a certified Information Security Analyst well versed in ISO Audit & Compliance. You'll join a talented team and contribute towards delivering compliance with leading security frameworks, preparing for and conducting audits, and contributing to security operations. You'll be joining a collaborative, ambitious team delivering GRC initiatives across large government projects. The Role Lead and conduct internal audits across ISO 27001, GDPR, DORA, Cyber Essentials & more. Prepare teams for external audits and manage the audit process end-to-end. Monitor changes in compliance frameworks and maintain alignment. Support the Cyber Security Operations Centre (CSOC) in incident monitoring and response. Develop and maintain policies, procedures, and security documentation. Collaborate with IT & Security teams to identify and remediate vulnerabilities. What We're Looking For Strong knowledge of audit & compliance frameworks (ISO 27001, Cyber Essentials, GDPR, DORA). Experience with CSOC tools such as Rapid7 InsightIDR or other SIEM solutions. Hands-on experience with internal/external audits and compliance assessments. Relevant security/audit certifications (CISA, CISM, CISSP, ISO 27001 Lead Auditor, Cyber Essentials Assessor, or equivalent). Eligible for UK Security Clearance. This is a great opportunity to work with Hit apply to upload your CV Spectrum IT Recruitment (South) Limited is acting as an Employment Agency in relation to this vacancy.
22/06/2026
Full time
Information Security Analyst - ISO 27001, SOC2, PCI DSS Audit & Compliance - Large Government Projects London Hybrid. Full-Time Permanent 80,000 - 90,000 plus bonus & benefits We're working with a global leader in workforce management solutions to find a certified Information Security Analyst well versed in ISO Audit & Compliance. You'll join a talented team and contribute towards delivering compliance with leading security frameworks, preparing for and conducting audits, and contributing to security operations. You'll be joining a collaborative, ambitious team delivering GRC initiatives across large government projects. The Role Lead and conduct internal audits across ISO 27001, GDPR, DORA, Cyber Essentials & more. Prepare teams for external audits and manage the audit process end-to-end. Monitor changes in compliance frameworks and maintain alignment. Support the Cyber Security Operations Centre (CSOC) in incident monitoring and response. Develop and maintain policies, procedures, and security documentation. Collaborate with IT & Security teams to identify and remediate vulnerabilities. What We're Looking For Strong knowledge of audit & compliance frameworks (ISO 27001, Cyber Essentials, GDPR, DORA). Experience with CSOC tools such as Rapid7 InsightIDR or other SIEM solutions. Hands-on experience with internal/external audits and compliance assessments. Relevant security/audit certifications (CISA, CISM, CISSP, ISO 27001 Lead Auditor, Cyber Essentials Assessor, or equivalent). Eligible for UK Security Clearance. This is a great opportunity to work with Hit apply to upload your CV Spectrum IT Recruitment (South) Limited is acting as an Employment Agency in relation to this vacancy.
A high-growth B2B SaaS company is looking for an experienced Compliance & Information Security Analyst to lead their compliance and third-party risk management functions. You will work closely with various stakeholders to handle client GRC requests, review security clauses in contracts, and maintain vendor assessments. The ideal candidate will have a strong background in compliance and information security, excellent organizational skills, and the ability to communicate complex concepts effectively. Join us to make a real impact on global pay equity efforts.
21/06/2026
Full time
A high-growth B2B SaaS company is looking for an experienced Compliance & Information Security Analyst to lead their compliance and third-party risk management functions. You will work closely with various stakeholders to handle client GRC requests, review security clauses in contracts, and maintain vendor assessments. The ideal candidate will have a strong background in compliance and information security, excellent organizational skills, and the ability to communicate complex concepts effectively. Join us to make a real impact on global pay equity efforts.
Sivara GmbH is looking for a Technical GRC Analyst based in the United Kingdom to help maintain audit readiness and support governance, risk, compliance, and security assurance processes. This role requires experience in IT risk and compliance, strong organizational skills, and the ability to work closely with engineering and product teams. The opportunity exists to thrive in a growing EdTech SaaS environment.
21/06/2026
Full time
Sivara GmbH is looking for a Technical GRC Analyst based in the United Kingdom to help maintain audit readiness and support governance, risk, compliance, and security assurance processes. This role requires experience in IT risk and compliance, strong organizational skills, and the ability to work closely with engineering and product teams. The opportunity exists to thrive in a growing EdTech SaaS environment.
Wolfspeed is seeking a Cyber Defense Analyst to join their growing global Cyber Security team. You will join a team of highly motivated security professionals who are working hard to foster a security-first culture at Wolfspeed. What does your day-to-day look like? Responsible for escalations and events Investigate and respond to cyber security events, including SIEM alerts Triage and process user generated incidents, including phishing emails Work L2 & L3 BAU information security queues Consolidate and develop Cyber Defense documentation Assist with general information security requests, including GRC related asks Investigate IDAM alerts and respond accordingly Who are we looking for? 2+ years' experience in Information Security Experience configuring and supporting security tools Strong understanding of IOCs and current TTPs Intermediate knowledge of networking fundamentals Proficiency with both Windows and Unix/Linux OS Strong technical knowledge of the Windows ecosystem, including Azure and Active Directory Strong experience within incident response, including SIEM and EDR tooling Ability to work independently and use initiative to resolve issues Plan and execute self-managed workstreams/projects with minimal oversight Excellent oral and written communication skills Ability to develop strong working relationships with other Teams to complete initiatives Nice to have PAM knowledge Security Engineering experience Ability to code Threat hunting experience Knowledge of network security
21/06/2026
Full time
Wolfspeed is seeking a Cyber Defense Analyst to join their growing global Cyber Security team. You will join a team of highly motivated security professionals who are working hard to foster a security-first culture at Wolfspeed. What does your day-to-day look like? Responsible for escalations and events Investigate and respond to cyber security events, including SIEM alerts Triage and process user generated incidents, including phishing emails Work L2 & L3 BAU information security queues Consolidate and develop Cyber Defense documentation Assist with general information security requests, including GRC related asks Investigate IDAM alerts and respond accordingly Who are we looking for? 2+ years' experience in Information Security Experience configuring and supporting security tools Strong understanding of IOCs and current TTPs Intermediate knowledge of networking fundamentals Proficiency with both Windows and Unix/Linux OS Strong technical knowledge of the Windows ecosystem, including Azure and Active Directory Strong experience within incident response, including SIEM and EDR tooling Ability to work independently and use initiative to resolve issues Plan and execute self-managed workstreams/projects with minimal oversight Excellent oral and written communication skills Ability to develop strong working relationships with other Teams to complete initiatives Nice to have PAM knowledge Security Engineering experience Ability to code Threat hunting experience Knowledge of network security
Salary: £33,000 - 47,000 per year Requirements We require experience in IT risk, compliance, or GRC roles within a SaaS or technology environment. We require an understanding of GDPR and handling personal data, especially sensitive or child/student data. We require experience performing risk assessments using structured frameworks and defined processes. We require the ability to interpret policies and apply them to operational and real world scenarios. We require strong organisational, coordination, and documentation skills, including audit trails, evidence, and decision logs. We require experience working with cross functional teams such as engineering, product, and operations. We require experience supporting operational security assurance activities such as evidence collection, control validation, remediation tracking, or audit preparation. We prefer familiarity with ISO 27001, Cyber Essentials, or similar frameworks. We prefer experience supporting audits, evidence collection, or remediation tracking activities. We prefer experience with vendor and third party risk management. We prefer exposure to data protection processes such as SARs, DPIAs, and data sharing assessments. We prefer exposure to data classification, data governance, or data loss prevention processes. We prefer experience with GRC, compliance, or assurance platforms such as Vanta or Drata, and ticketing or workflow management tools. We prefer exposure to Microsoft 365 security and compliance tooling such as Entra ID, Intune, Secure Score, and Defender. We prefer a basic understanding of cloud and SaaS architecture and common security controls. Responsibilities We administer and operate IT risk, compliance, and security assurance processes aligned to our internal policies and regulatory requirements, including GDPR. We act as a central point of contact for compliance related requests such as Subject Access Requests, data sharing requests, access requests, exceptions, and supplier onboarding. We perform risk assessments using defined criteria, with a focus on data protection and information security risks. We review requests against our defined policies and controls, escalating where appropriate in line with our governance processes. We support third party and supplier risk assessments, including reviewing security and data protection documentation and tracking follow up actions. We support periodic reviews of high risk and business critical suppliers, applications, and technology platforms to ensure appropriate security, compliance, and data protection controls remain in place. We support the implementation and ongoing operation of compliance and assurance tooling, including evidence collection, test management, stakeholder coordination, remediation tracking, and control adoption activities. We ensure appropriate documentation, audit trails, and evidence are maintained for assessments, compliance activities, and operational processes. We support internal and external audits, including evidence gathering, action tracking, and coordination of remediation activities. We monitor compliance with policies and highlight potential risks, gaps, or control weaknesses for review. We support coordination and operational delivery of security improvement initiatives across IT and business teams. We support incident management processes through documentation, tracking, and coordination of follow up actions. We coordinate security awareness activities, including phishing simulation campaigns and training tracking. We assist with reviews of security tooling configurations and collection of supporting control evidence. We work closely with engineering, product, and business teams to ensure compliance and security processes are understood and followed. We contribute ideas and feedback to improve workflows and operational processes, particularly where they impact scalability, operational efficiency, or customer trust. Technologies Cloud Support Microsoft 365 Security Office 365 More Bromcom is an equal opportunities employer. We are seeking a Technical GRC Analyst to support the day to day operation of our governance, risk, compliance, and security assurance processes within a growing EdTech SaaS environment. This role gives us exposure across governance, operational security assurance, compliance, and risk management, working closely with the IT & Information Security Manager and our wider IT team. We offer the opportunity to help maintain audit readiness, support assurance activities, and coordinate remediation and evidence management across the organisation while contributing to a business that values scalability, operational efficiency, and customer trust. last updated 25 week of 2026
21/06/2026
Full time
Salary: £33,000 - 47,000 per year Requirements We require experience in IT risk, compliance, or GRC roles within a SaaS or technology environment. We require an understanding of GDPR and handling personal data, especially sensitive or child/student data. We require experience performing risk assessments using structured frameworks and defined processes. We require the ability to interpret policies and apply them to operational and real world scenarios. We require strong organisational, coordination, and documentation skills, including audit trails, evidence, and decision logs. We require experience working with cross functional teams such as engineering, product, and operations. We require experience supporting operational security assurance activities such as evidence collection, control validation, remediation tracking, or audit preparation. We prefer familiarity with ISO 27001, Cyber Essentials, or similar frameworks. We prefer experience supporting audits, evidence collection, or remediation tracking activities. We prefer experience with vendor and third party risk management. We prefer exposure to data protection processes such as SARs, DPIAs, and data sharing assessments. We prefer exposure to data classification, data governance, or data loss prevention processes. We prefer experience with GRC, compliance, or assurance platforms such as Vanta or Drata, and ticketing or workflow management tools. We prefer exposure to Microsoft 365 security and compliance tooling such as Entra ID, Intune, Secure Score, and Defender. We prefer a basic understanding of cloud and SaaS architecture and common security controls. Responsibilities We administer and operate IT risk, compliance, and security assurance processes aligned to our internal policies and regulatory requirements, including GDPR. We act as a central point of contact for compliance related requests such as Subject Access Requests, data sharing requests, access requests, exceptions, and supplier onboarding. We perform risk assessments using defined criteria, with a focus on data protection and information security risks. We review requests against our defined policies and controls, escalating where appropriate in line with our governance processes. We support third party and supplier risk assessments, including reviewing security and data protection documentation and tracking follow up actions. We support periodic reviews of high risk and business critical suppliers, applications, and technology platforms to ensure appropriate security, compliance, and data protection controls remain in place. We support the implementation and ongoing operation of compliance and assurance tooling, including evidence collection, test management, stakeholder coordination, remediation tracking, and control adoption activities. We ensure appropriate documentation, audit trails, and evidence are maintained for assessments, compliance activities, and operational processes. We support internal and external audits, including evidence gathering, action tracking, and coordination of remediation activities. We monitor compliance with policies and highlight potential risks, gaps, or control weaknesses for review. We support coordination and operational delivery of security improvement initiatives across IT and business teams. We support incident management processes through documentation, tracking, and coordination of follow up actions. We coordinate security awareness activities, including phishing simulation campaigns and training tracking. We assist with reviews of security tooling configurations and collection of supporting control evidence. We work closely with engineering, product, and business teams to ensure compliance and security processes are understood and followed. We contribute ideas and feedback to improve workflows and operational processes, particularly where they impact scalability, operational efficiency, or customer trust. Technologies Cloud Support Microsoft 365 Security Office 365 More Bromcom is an equal opportunities employer. We are seeking a Technical GRC Analyst to support the day to day operation of our governance, risk, compliance, and security assurance processes within a growing EdTech SaaS environment. This role gives us exposure across governance, operational security assurance, compliance, and risk management, working closely with the IT & Information Security Manager and our wider IT team. We offer the opportunity to help maintain audit readiness, support assurance activities, and coordinate remediation and evidence management across the organisation while contributing to a business that values scalability, operational efficiency, and customer trust. last updated 25 week of 2026
Salary: £40,000 - 50,000 per year Requirements We require strong hands-on experience in security or infrastructure engineering roles. We require experience supporting enterprise identity platforms such as Microsoft Entra ID or Active Directory. We require experience with security tooling such as Microsoft Defender, Purview, or equivalent platforms. We require proven experience in incident, problem, and change management processes. We require experience working with service management tools such as ServiceNow. We prefer experience implementing enterprise-scale security platforms. We prefer exposure to Zero Trust architecture and modern security frameworks. We prefer experience working in regulated or large-scale enterprise environments. We require relevant technical certifications or equivalent experience, such as Microsoft Security, Azure, or Identity certifications. We require ITIL Foundation or equivalent experience working within ITIL environments. We require strong troubleshooting skills across cloud and hybrid environments. Responsibilities We design, implement, and maintain enterprise security platforms including identity, privileged access, information protection, and endpoint security. We lead engineering and operational support for platforms such as Microsoft Entra ID, Purview, PAM/PIM, and Defender. We drive adoption of secure-by-design and Zero Trust principles across infrastructure and services. We troubleshoot and resolve complex platform and security incidents, ensuring timely restoration of service. We own problem management activities, including root cause analysis and implementation of long-term fixes. We develop and implement automation and scripting solutions, including PowerShell, to reduce manual intervention and improve resilience. We support delivery of cyber and infrastructure projects, providing subject matter expertise. We collaborate with Architecture, GRC, Risk, and Operations teams to align solutions to business and regulatory requirements. We contribute to platform roadmaps, ensuring alignment with our cyber strategy. We prepare and maintain clear technical documentation, standards, and operational procedures. We provide mentorship and guidance to engineers and analysts within our Cyber Platforms team. We engage with third-party suppliers and managed service providers where required. We support and enhance Microsoft Entra ID, including RBAC, Conditional Access, and identity lifecycle management. We support and enhance privileged access controls across PAM/PIM solutions. We enforce least privilege and secure administrative access through Tier-0 and Tier-1 controls. We configure and optimise Microsoft Defender security controls across endpoints and servers. We contribute to secure configuration baselines and hardening standards. We support ongoing platform improvements and feature adoption. We develop automation for repeatable processes such as access reviews, certificate lifecycle, and policy deployment. We improve monitoring, alerting, and operational visibility across security platforms. We reduce manual workload through scripting and integration. We investigate platform-related security incidents and support response activities. We work with SOC and MSSP providers to improve detection and response capabilities. We contribute to continuous improvement of detection rules and playbooks. Technologies Active Directory Azure Cloud Support ITIL PowerShell RBAC Security ServiceNow DevOps More We are Connells Group UK and our Senior Cyber Platforms Engineer will join our Cyber Platforms team, where we focus on securing the confidentiality, integrity, and availability of our systems and data through proactive engineering, automation, and continuous improvement. The role is central to our cyber strategy and offers the opportunity to work across enterprise identity, privileged access, information protection, and endpoint security platforms in a regulated enterprise environment. We value collaboration, technical excellence, and secure-by-design thinking, and we are an equal opportunities employer that welcomes applications from suitably qualified candidates regardless of sex, race, disability, age, sexual orientation, transgender status, religion or belief, marital status, or pregnancy and maternity.
21/06/2026
Full time
Salary: £40,000 - 50,000 per year Requirements We require strong hands-on experience in security or infrastructure engineering roles. We require experience supporting enterprise identity platforms such as Microsoft Entra ID or Active Directory. We require experience with security tooling such as Microsoft Defender, Purview, or equivalent platforms. We require proven experience in incident, problem, and change management processes. We require experience working with service management tools such as ServiceNow. We prefer experience implementing enterprise-scale security platforms. We prefer exposure to Zero Trust architecture and modern security frameworks. We prefer experience working in regulated or large-scale enterprise environments. We require relevant technical certifications or equivalent experience, such as Microsoft Security, Azure, or Identity certifications. We require ITIL Foundation or equivalent experience working within ITIL environments. We require strong troubleshooting skills across cloud and hybrid environments. Responsibilities We design, implement, and maintain enterprise security platforms including identity, privileged access, information protection, and endpoint security. We lead engineering and operational support for platforms such as Microsoft Entra ID, Purview, PAM/PIM, and Defender. We drive adoption of secure-by-design and Zero Trust principles across infrastructure and services. We troubleshoot and resolve complex platform and security incidents, ensuring timely restoration of service. We own problem management activities, including root cause analysis and implementation of long-term fixes. We develop and implement automation and scripting solutions, including PowerShell, to reduce manual intervention and improve resilience. We support delivery of cyber and infrastructure projects, providing subject matter expertise. We collaborate with Architecture, GRC, Risk, and Operations teams to align solutions to business and regulatory requirements. We contribute to platform roadmaps, ensuring alignment with our cyber strategy. We prepare and maintain clear technical documentation, standards, and operational procedures. We provide mentorship and guidance to engineers and analysts within our Cyber Platforms team. We engage with third-party suppliers and managed service providers where required. We support and enhance Microsoft Entra ID, including RBAC, Conditional Access, and identity lifecycle management. We support and enhance privileged access controls across PAM/PIM solutions. We enforce least privilege and secure administrative access through Tier-0 and Tier-1 controls. We configure and optimise Microsoft Defender security controls across endpoints and servers. We contribute to secure configuration baselines and hardening standards. We support ongoing platform improvements and feature adoption. We develop automation for repeatable processes such as access reviews, certificate lifecycle, and policy deployment. We improve monitoring, alerting, and operational visibility across security platforms. We reduce manual workload through scripting and integration. We investigate platform-related security incidents and support response activities. We work with SOC and MSSP providers to improve detection and response capabilities. We contribute to continuous improvement of detection rules and playbooks. Technologies Active Directory Azure Cloud Support ITIL PowerShell RBAC Security ServiceNow DevOps More We are Connells Group UK and our Senior Cyber Platforms Engineer will join our Cyber Platforms team, where we focus on securing the confidentiality, integrity, and availability of our systems and data through proactive engineering, automation, and continuous improvement. The role is central to our cyber strategy and offers the opportunity to work across enterprise identity, privileged access, information protection, and endpoint security platforms in a regulated enterprise environment. We value collaboration, technical excellence, and secure-by-design thinking, and we are an equal opportunities employer that welcomes applications from suitably qualified candidates regardless of sex, race, disability, age, sexual orientation, transgender status, religion or belief, marital status, or pregnancy and maternity.
Join beqom - where tech meets impact beqom is a high-growth B2B SaaS company that provides industry-leading tools for pay equity and transparency, compensation, and performance management. Trusted by some of the world's most respected companies, beqom enables HR and business leaders to navigate global compliance and make smarter pay decisions that attract, retain, and motivate top talent. Founded in Switzerland and serving clients worldwide, our powerful, enterprise ready products are fueled by beqom pay intelligence. Role Overview We are seeking an experienced Compliance & Information Security Analyst to own and manage our compliance and third party risk management (TPRM) function. This is a hands on role that sits at the intersection of information security, legal/contractual review, and vendor risk management. Truly critical to client trust, support sales cycles, and ensure the company meets its obligations as a responsible data processor and technology provider, the candidate will be the primary point of contact for inbound client governance, risk & compliance (GRC) requests, manage our own vendor and sub contractor due diligence programme, and review information security obligations embedded in client and prospect contracts. What you'll be doing Client GRC Questionnaires & Third Party Risk Management (TPRM) Receive, triage, and complete inbound GRC / security questionnaires submitted by existing and prospective clients as part of their vendor assessment and TPRM processes. Develop and maintain a master response library to accelerate questionnaire completion, covering areas such as data security, access controls, business continuity, incident response, and privacy. Coordinate with internal stakeholders (Engineering, Product, Operations, Legal) to gather accurate, up to date technical evidence and supporting documentation. Track questionnaire status, deadlines, and outcomes; maintain a central log and escape blockers in a timely manner. Build relationships with client procurement, risk, and security contacts to manage ongoing TPRM obligations efficiently. Evidence Based GRC Questionnaires Manage questionnaires that require formal documentary evidence - such as policies, audit reports (e.g. SOC 2, ISO 27001), penetration test summaries, data processing agreements, and certifications. Maintain a structured evidence repository, ensuring documents are current, version controlled, and accessible for rapid submission. Identify gaps between client evidence requirements and the company's current documentation; work with the Head of Information Security and Compliance or relevant leads to close those gaps. Information Security Review of MSAs & Client Contracts Review information security, data protection, and compliance clauses within Master Service Agreements (MSAs) and other commercial contracts from clients and prospects. Identify obligations and requirements (e.g. audit rights, subprocessor notifications, breach notification timescales, data residency, encryption standards) and assess the company's ability to comply. Liaise with Legal counsel and the Head of Information Security and Compliance to flag materially onerous or non standard terms; assist in drafting redlines and proposed alternative language where appropriate. Maintain a tracker of contractual information security obligations to ensure ongoing compliance post signature. Vendor & Sub Contractor TPRM Design and operate a structured TPRM programme for the company's own vendors and sub contractors who process client data or have access to company systems. Conduct initial and periodic risk assessments of vendors, including completion of security questionnaires, review of their compliance certifications, and assessment of contractual controls. Categorise vendors by risk tier and ensure appropriate due diligence applied proportionate to the nature and sensitivity of the relationship. Maintain a vendor risk register, tracking assessment outcomes, remediation actions, and review schedules. Report on vendor risk posture to relevant internal stakeholders on a regular cadence. Skills & Experience Proven experience in a compliance, information security, GRC, or vendor risk management role, ideally within a SaaS, technology, or regulated industry context. Demonstrable experience completing complex security and GRC questionnaires (e.g. SIG, CAIQ, bespoke client questionnaires) and compiling supporting evidence packs. Familiarity with common information security frameworks and standards: ISO/IEC 27001, SOC 2, NIST CSF, CIS Controls, GDPR / data protection legislation. Experience reviewing and interpreting information security provisions in commercial contracts (MSAs, DPAs, SaaS agreements). Strong organisational skills - able to manage multiple concurrent questionnaires and workstreams, prioritise effectively, and meet deadlines. Excellent written and verbal communication skills, with the ability to translate technical security concepts for non technical audiences (legal, sales, procurement). Proficiency in maintaining documentation, trackers, and evidence repositories; high attention to detail and accuracy. Bonus points if you have Relevant certification such as CISA, CRISC, CISSP, ISO 27001 Lead Implementer/Auditor, CIPP/E, or equivalent. Experience working with or within enterprise clients in regulated sectors such as financial services, healthcare, or energy. Familiarity with data residency requirements and cross border data transfer mechanisms (SCCs, BCRs). Experience using GRC platforms or questionnaire automation tools (e.g. OneTrust, Vanta, SecurityScorecard). Understanding of SaaS product architectures and cloud environments (AWS, Azure) from a security and compliance perspective. Experience managing sub processor registers and responding to data subject rights requests. Why join us? Your career, your design. Unleash your ambition in our dynamic, autonomous environment. Drive meaningful change. Build a fairer future for every employee by joining a market leader that is improving the world of work. Belong to something bigger. Collaborate with a passionate, diverse and talented team around the globe.
21/06/2026
Full time
Join beqom - where tech meets impact beqom is a high-growth B2B SaaS company that provides industry-leading tools for pay equity and transparency, compensation, and performance management. Trusted by some of the world's most respected companies, beqom enables HR and business leaders to navigate global compliance and make smarter pay decisions that attract, retain, and motivate top talent. Founded in Switzerland and serving clients worldwide, our powerful, enterprise ready products are fueled by beqom pay intelligence. Role Overview We are seeking an experienced Compliance & Information Security Analyst to own and manage our compliance and third party risk management (TPRM) function. This is a hands on role that sits at the intersection of information security, legal/contractual review, and vendor risk management. Truly critical to client trust, support sales cycles, and ensure the company meets its obligations as a responsible data processor and technology provider, the candidate will be the primary point of contact for inbound client governance, risk & compliance (GRC) requests, manage our own vendor and sub contractor due diligence programme, and review information security obligations embedded in client and prospect contracts. What you'll be doing Client GRC Questionnaires & Third Party Risk Management (TPRM) Receive, triage, and complete inbound GRC / security questionnaires submitted by existing and prospective clients as part of their vendor assessment and TPRM processes. Develop and maintain a master response library to accelerate questionnaire completion, covering areas such as data security, access controls, business continuity, incident response, and privacy. Coordinate with internal stakeholders (Engineering, Product, Operations, Legal) to gather accurate, up to date technical evidence and supporting documentation. Track questionnaire status, deadlines, and outcomes; maintain a central log and escape blockers in a timely manner. Build relationships with client procurement, risk, and security contacts to manage ongoing TPRM obligations efficiently. Evidence Based GRC Questionnaires Manage questionnaires that require formal documentary evidence - such as policies, audit reports (e.g. SOC 2, ISO 27001), penetration test summaries, data processing agreements, and certifications. Maintain a structured evidence repository, ensuring documents are current, version controlled, and accessible for rapid submission. Identify gaps between client evidence requirements and the company's current documentation; work with the Head of Information Security and Compliance or relevant leads to close those gaps. Information Security Review of MSAs & Client Contracts Review information security, data protection, and compliance clauses within Master Service Agreements (MSAs) and other commercial contracts from clients and prospects. Identify obligations and requirements (e.g. audit rights, subprocessor notifications, breach notification timescales, data residency, encryption standards) and assess the company's ability to comply. Liaise with Legal counsel and the Head of Information Security and Compliance to flag materially onerous or non standard terms; assist in drafting redlines and proposed alternative language where appropriate. Maintain a tracker of contractual information security obligations to ensure ongoing compliance post signature. Vendor & Sub Contractor TPRM Design and operate a structured TPRM programme for the company's own vendors and sub contractors who process client data or have access to company systems. Conduct initial and periodic risk assessments of vendors, including completion of security questionnaires, review of their compliance certifications, and assessment of contractual controls. Categorise vendors by risk tier and ensure appropriate due diligence applied proportionate to the nature and sensitivity of the relationship. Maintain a vendor risk register, tracking assessment outcomes, remediation actions, and review schedules. Report on vendor risk posture to relevant internal stakeholders on a regular cadence. Skills & Experience Proven experience in a compliance, information security, GRC, or vendor risk management role, ideally within a SaaS, technology, or regulated industry context. Demonstrable experience completing complex security and GRC questionnaires (e.g. SIG, CAIQ, bespoke client questionnaires) and compiling supporting evidence packs. Familiarity with common information security frameworks and standards: ISO/IEC 27001, SOC 2, NIST CSF, CIS Controls, GDPR / data protection legislation. Experience reviewing and interpreting information security provisions in commercial contracts (MSAs, DPAs, SaaS agreements). Strong organisational skills - able to manage multiple concurrent questionnaires and workstreams, prioritise effectively, and meet deadlines. Excellent written and verbal communication skills, with the ability to translate technical security concepts for non technical audiences (legal, sales, procurement). Proficiency in maintaining documentation, trackers, and evidence repositories; high attention to detail and accuracy. Bonus points if you have Relevant certification such as CISA, CRISC, CISSP, ISO 27001 Lead Implementer/Auditor, CIPP/E, or equivalent. Experience working with or within enterprise clients in regulated sectors such as financial services, healthcare, or energy. Familiarity with data residency requirements and cross border data transfer mechanisms (SCCs, BCRs). Experience using GRC platforms or questionnaire automation tools (e.g. OneTrust, Vanta, SecurityScorecard). Understanding of SaaS product architectures and cloud environments (AWS, Azure) from a security and compliance perspective. Experience managing sub processor registers and responding to data subject rights requests. Why join us? Your career, your design. Unleash your ambition in our dynamic, autonomous environment. Drive meaningful change. Build a fairer future for every employee by joining a market leader that is improving the world of work. Belong to something bigger. Collaborate with a passionate, diverse and talented team around the globe.
Working Pattern: Full-Time - 40 hrs Per Week Salary Range: £40,000 to £42,500 Our Vision: Changing lives through education. We're looking for an Information Security GRC professional to join our team! If you have experience in risk, compliance, and frameworks like ISO 27001 or NIST, this is a great opportunity to make an impact across GBS and the GEDU Group. Please note, we are unable to offer sponsorship for this position. What the role involves: Perform risk assessments in line with security best practice and GBS/GEDU information security policies and procedures. Support the Information Security Manager in maintaining the corporate IS risk register and compiling monthly reporting to Senior Management via monthly and ad-hoc dashboards and summaries . Support the Information Security Manager to implement ISO 27001 framework for GBS and GEDU Group. Work with stakeholders to identify corrective action plans and reduce risks to acceptable levels. Continually improve the information security risk assessment process and documentation. Carry out third-party risk assessments for GBS and GEDU group. Produce, update and review all information security policies, and provide appropriate training where needed. Maintain and ensure compliance with all external regulatory requirements. Track and report on external and internal information security audit findings to ensure successful closure and completion. Maintain and assist in the regular update and provision of security awareness training to all levels of staff. Assist in efforts to plan and track progress toward security certifications (e.g., Cyber Essentials Plus) Assist with technical analysis and investigations by working collaboratively with technical analysts and the Information Security Manager QUALIFICATIONS: Bachelor's degree in information technology, Computer Science, or a related field. ESSENTIAL SKILLS and EXPERIENCE: Proven experience in implementing ISO 27001 compliance and Business Continuity/ITDR is mandatory. Experience in working with Governance Risk Compliance (GRC) and GRC reporting More than 5 years of experience in Information Security, Risk and IT Experience in performing impact, likelihood and risk analyses / assessments. Ability to 'translate' technical security issues into business risk. DESIRABLE SKILLS and EXPERIENCE: Knowledge of cyber audit and frameworks desirable Ability to form complex communications/messages/policies in a simple, clear and concise manner to various stakeholders and interested parties Analytical mindset and creative problem-solving links What we offer: Time off that fits your lifestyle - 33 days annual leave (including bank holidays), 1-day extra leave per year of service (up to 5 days) and Buy/Sell additional holidays (up to 5 days) Opportunities for growth - tuition reimbursement for career development courses, wide variety of training courses Pension Scheme and Flexible Benefits (via salary sacrifice) - Cycle to Work, Workplace Nursery, Tech, Health, Dental and Life Assurance schemes, Women's Health scheme (via Hertlity), and much more Discounts, Perks and Employee Assistance: discounts platform, Employee Assistance Programme (EAP), discounted gym membership, eyecare vouchers and much more Reward for your impact - annual salary increase reviews, annual discretionary bonus, £500 award, employee referral scheme GBS is committed to equality, diversity and inclusion and providing a workplace free from discrimination or harassment. We welcome applications from all backgrounds and communities. We take our core values seriously and work hard to create an environment where everyone feels welcomed. About Us GEDU Global Education is a dynamic and innovative group of education providers. Across our institutions, programmes are designed to have a direct impact on the lives of our students, apprentices and trainees; to equip them with the skills, knowledge and experience necessary for success in their chosen field. Job Info Job Identification 25761 Posting Date 05/19/2026, 09:09 AM Apply Before 06/14/2026, 11:00 PM Degree Level Bachelor's Degree Job Schedule Full time Locations 891 Greenford Road London, Greater London, UB6 0HE, GB Organization Global Banking School Ltd, Global Banking School Ltd, GEDU
19/06/2026
Full time
Working Pattern: Full-Time - 40 hrs Per Week Salary Range: £40,000 to £42,500 Our Vision: Changing lives through education. We're looking for an Information Security GRC professional to join our team! If you have experience in risk, compliance, and frameworks like ISO 27001 or NIST, this is a great opportunity to make an impact across GBS and the GEDU Group. Please note, we are unable to offer sponsorship for this position. What the role involves: Perform risk assessments in line with security best practice and GBS/GEDU information security policies and procedures. Support the Information Security Manager in maintaining the corporate IS risk register and compiling monthly reporting to Senior Management via monthly and ad-hoc dashboards and summaries . Support the Information Security Manager to implement ISO 27001 framework for GBS and GEDU Group. Work with stakeholders to identify corrective action plans and reduce risks to acceptable levels. Continually improve the information security risk assessment process and documentation. Carry out third-party risk assessments for GBS and GEDU group. Produce, update and review all information security policies, and provide appropriate training where needed. Maintain and ensure compliance with all external regulatory requirements. Track and report on external and internal information security audit findings to ensure successful closure and completion. Maintain and assist in the regular update and provision of security awareness training to all levels of staff. Assist in efforts to plan and track progress toward security certifications (e.g., Cyber Essentials Plus) Assist with technical analysis and investigations by working collaboratively with technical analysts and the Information Security Manager QUALIFICATIONS: Bachelor's degree in information technology, Computer Science, or a related field. ESSENTIAL SKILLS and EXPERIENCE: Proven experience in implementing ISO 27001 compliance and Business Continuity/ITDR is mandatory. Experience in working with Governance Risk Compliance (GRC) and GRC reporting More than 5 years of experience in Information Security, Risk and IT Experience in performing impact, likelihood and risk analyses / assessments. Ability to 'translate' technical security issues into business risk. DESIRABLE SKILLS and EXPERIENCE: Knowledge of cyber audit and frameworks desirable Ability to form complex communications/messages/policies in a simple, clear and concise manner to various stakeholders and interested parties Analytical mindset and creative problem-solving links What we offer: Time off that fits your lifestyle - 33 days annual leave (including bank holidays), 1-day extra leave per year of service (up to 5 days) and Buy/Sell additional holidays (up to 5 days) Opportunities for growth - tuition reimbursement for career development courses, wide variety of training courses Pension Scheme and Flexible Benefits (via salary sacrifice) - Cycle to Work, Workplace Nursery, Tech, Health, Dental and Life Assurance schemes, Women's Health scheme (via Hertlity), and much more Discounts, Perks and Employee Assistance: discounts platform, Employee Assistance Programme (EAP), discounted gym membership, eyecare vouchers and much more Reward for your impact - annual salary increase reviews, annual discretionary bonus, £500 award, employee referral scheme GBS is committed to equality, diversity and inclusion and providing a workplace free from discrimination or harassment. We welcome applications from all backgrounds and communities. We take our core values seriously and work hard to create an environment where everyone feels welcomed. About Us GEDU Global Education is a dynamic and innovative group of education providers. Across our institutions, programmes are designed to have a direct impact on the lives of our students, apprentices and trainees; to equip them with the skills, knowledge and experience necessary for success in their chosen field. Job Info Job Identification 25761 Posting Date 05/19/2026, 09:09 AM Apply Before 06/14/2026, 11:00 PM Degree Level Bachelor's Degree Job Schedule Full time Locations 891 Greenford Road London, Greater London, UB6 0HE, GB Organization Global Banking School Ltd, Global Banking School Ltd, GEDU
GEDU CAREERS in Greater London is seeking an Information Security GRC professional. The role involves performing risk assessments, supporting ISO 27001 implementation, and maintaining compliance with security policies. The ideal candidate will have proven experience in risk and compliance, ideally with over 5 years in Information Security. A Bachelor's degree in IT or a related field is required. The position offers good benefits, including 33 days of annual leave.
19/06/2026
Full time
GEDU CAREERS in Greater London is seeking an Information Security GRC professional. The role involves performing risk assessments, supporting ISO 27001 implementation, and maintaining compliance with security policies. The ideal candidate will have proven experience in risk and compliance, ideally with over 5 years in Information Security. A Bachelor's degree in IT or a related field is required. The position offers good benefits, including 33 days of annual leave.
Lead Information Security AnalystAdvertising locationLeedsHours8.3I'm interestedShareJob descriptionThe Lead Information Security Analyst plays a critical role in leading and delivering the organization's information security roadmap through both technical IR expertise and operational leadership.This role combines hands-on security operations with team leadership responsibilities, acting as the primary technical focal point for SOC and Incident Response activities. The Lead will be responsible for managing team priorities, overseeing sprint planning and execution, and ensuring high-quality delivery of security operations.Working in a dynamic environment, you will provide technical leadership, guidance, and consultancy across the business, helping strengthen the organization's security posture while ensuring efficient and consistent service delivery.You will collaborate closely with Security Architecture, Engineering, Governance, Risk & Compliance, IT, and business stakeholders to drive continuous improvement across monitoring, detection, and response capabilities. What you will be doing; Serve as the technical focal point for SOC and Incident Response activities, leading complex investigations and acting as the primary escalation point for operational and technical issues. Provide technical leadership, mentorship, and guidance to SOC analysts and IR team members to strengthen team capabilities and promote knowledge sharing. Manage SOC and IR operations, including workload distribution, task prioritization, sprint planning, execution, follow-ups, and tracking of team performance to ensure efficient delivery. Oversee and continuously improve security monitoring, detection, logging, alerting, and incident response capabilities, driving enhancements in automation and orchestration. Lead and support vulnerability management activities across the organization, ensuring timely identification, prioritization, and remediation of security risks. Develop, maintain, and optimize security processes, playbooks, and runbooks to enhance operational effectiveness and response consistency. Collaborate with Security Architecture, Engineering, GRC, Delivery, Product, and Planning teams to define security requirements and align security initiatives with business objectives and risk appetite. Provide strategic security expertise by advising stakeholders on emerging threats, security risks, mitigation strategies, and opportunities to strengthen the organization's overall security posture. Who we are looking for We are committed to responsible gambling, and we are looking for people who can support our ethos. To apply to this post, you will have: Proven experience in SOC and Incident Response (IR) operations, including hands-on leadership of complex security investigations and operational activities. Strong technical expertise with security technologies, including EDR/XDR solutions (e.g., Microsoft Defender for Endpoint), SIEM/SOAR platforms (e.g., Splunk), and threat detection, investigation, and response methodologies. Demonstrated experience in proactive threat hunting, hypothesis-driven investigations, and identifying emerging threats across enterprise environments. Solid understanding of cloud and endpoint security, with practical experience securing AWS and Azure environments and managing Microsoft security technologies. Strong leadership, stakeholder management, and communication skills, with experience managing team priorities, sprint execution, technical decision-making, and familiarity with security frameworks such as NIST 800 and ISO 27001. What we offer: Our roles offer more than just a job, you'll become part of the evoke family! We have created an environment where our people can thrive. Check out some of the fantastic benefits on offer:Family Support Industry-leading maternity and paternity leave and paid time off if you have caring responsibilities.Perks and discounts- Discounts at a range of high-street retailersFinancial compensation, pension, and bonus schemes.Health & wellbeing Tools and services to help support your well-being, including support with mental health and financial education. You will also have access to gym discounts and our cycle to work scheme.Hybrid working Our employees can work from home up to 80% of the time with 20% of office time built in to ensure we get some face-to-face collaborative team time - and the chance for a coffee and a catch-up! More about evoke: We're a business that embraces change and progress. The power behind big name brands William Hill, 888 and Mr Green, evoke is the new name for 888 Holdings. Marking a new sense of purpose, direction and ambition for the business, there couldn't be a more exciting time to join us as we accelerate our journey to bring even greater delight to our customers with world-class betting and gaming experiences. That's the future. That's evoke.At evoke, you'll benefit from flexibility and a culture built on trust. We'll give you the space to be yourself and the tools you need to protect our customers while they play. We'll invest in your future to help you develop your unique strengths and build a career that's right for you. Apply :At evoke, we prioritise diversity, equity, and inclusion for the benefit of our company, employees, and communities. We foster a welcoming and safe workplace that values all forms of diversity and provides opportunities for growth.Sound good? Then you belong at our place! The first step in the recruitment process is kickstarting your application, followed by an initial screening call and an interview stage.Apply today to kickstart your application with the evoke Family!
19/06/2026
Full time
Lead Information Security AnalystAdvertising locationLeedsHours8.3I'm interestedShareJob descriptionThe Lead Information Security Analyst plays a critical role in leading and delivering the organization's information security roadmap through both technical IR expertise and operational leadership.This role combines hands-on security operations with team leadership responsibilities, acting as the primary technical focal point for SOC and Incident Response activities. The Lead will be responsible for managing team priorities, overseeing sprint planning and execution, and ensuring high-quality delivery of security operations.Working in a dynamic environment, you will provide technical leadership, guidance, and consultancy across the business, helping strengthen the organization's security posture while ensuring efficient and consistent service delivery.You will collaborate closely with Security Architecture, Engineering, Governance, Risk & Compliance, IT, and business stakeholders to drive continuous improvement across monitoring, detection, and response capabilities. What you will be doing; Serve as the technical focal point for SOC and Incident Response activities, leading complex investigations and acting as the primary escalation point for operational and technical issues. Provide technical leadership, mentorship, and guidance to SOC analysts and IR team members to strengthen team capabilities and promote knowledge sharing. Manage SOC and IR operations, including workload distribution, task prioritization, sprint planning, execution, follow-ups, and tracking of team performance to ensure efficient delivery. Oversee and continuously improve security monitoring, detection, logging, alerting, and incident response capabilities, driving enhancements in automation and orchestration. Lead and support vulnerability management activities across the organization, ensuring timely identification, prioritization, and remediation of security risks. Develop, maintain, and optimize security processes, playbooks, and runbooks to enhance operational effectiveness and response consistency. Collaborate with Security Architecture, Engineering, GRC, Delivery, Product, and Planning teams to define security requirements and align security initiatives with business objectives and risk appetite. Provide strategic security expertise by advising stakeholders on emerging threats, security risks, mitigation strategies, and opportunities to strengthen the organization's overall security posture. Who we are looking for We are committed to responsible gambling, and we are looking for people who can support our ethos. To apply to this post, you will have: Proven experience in SOC and Incident Response (IR) operations, including hands-on leadership of complex security investigations and operational activities. Strong technical expertise with security technologies, including EDR/XDR solutions (e.g., Microsoft Defender for Endpoint), SIEM/SOAR platforms (e.g., Splunk), and threat detection, investigation, and response methodologies. Demonstrated experience in proactive threat hunting, hypothesis-driven investigations, and identifying emerging threats across enterprise environments. Solid understanding of cloud and endpoint security, with practical experience securing AWS and Azure environments and managing Microsoft security technologies. Strong leadership, stakeholder management, and communication skills, with experience managing team priorities, sprint execution, technical decision-making, and familiarity with security frameworks such as NIST 800 and ISO 27001. What we offer: Our roles offer more than just a job, you'll become part of the evoke family! We have created an environment where our people can thrive. Check out some of the fantastic benefits on offer:Family Support Industry-leading maternity and paternity leave and paid time off if you have caring responsibilities.Perks and discounts- Discounts at a range of high-street retailersFinancial compensation, pension, and bonus schemes.Health & wellbeing Tools and services to help support your well-being, including support with mental health and financial education. You will also have access to gym discounts and our cycle to work scheme.Hybrid working Our employees can work from home up to 80% of the time with 20% of office time built in to ensure we get some face-to-face collaborative team time - and the chance for a coffee and a catch-up! More about evoke: We're a business that embraces change and progress. The power behind big name brands William Hill, 888 and Mr Green, evoke is the new name for 888 Holdings. Marking a new sense of purpose, direction and ambition for the business, there couldn't be a more exciting time to join us as we accelerate our journey to bring even greater delight to our customers with world-class betting and gaming experiences. That's the future. That's evoke.At evoke, you'll benefit from flexibility and a culture built on trust. We'll give you the space to be yourself and the tools you need to protect our customers while they play. We'll invest in your future to help you develop your unique strengths and build a career that's right for you. Apply :At evoke, we prioritise diversity, equity, and inclusion for the benefit of our company, employees, and communities. We foster a welcoming and safe workplace that values all forms of diversity and provides opportunities for growth.Sound good? Then you belong at our place! The first step in the recruitment process is kickstarting your application, followed by an initial screening call and an interview stage.Apply today to kickstart your application with the evoke Family!
Job Title: Cyber Compliance Policy Analyst Location: Any Hub Contract and working pattern: Hybrid, permanent As a Cyber Compliance & Policy Analyst, you will ensure AG Barr meets its legal and regulatory obligations, driving compliance across cyber and data protection domains. Your focus will be on the UK GDPR and NIS2 compliance frameworks and the cyber security policy library. Responsibilities Own UK GDPR & NIS2 compliance within the Digital and Technology function, keeping registers current and audit ready. Support data security breach governance and maintain incident procedures, ensuring seamless readiness alongside our Legal team to meet the ICO's 72 hour notification window. Maintain the cyber security policy library, updating frameworks to align with evolving regulations. Drive policy adoption across the business, working with HR to track employee awareness and manage exceptions. Coordinate the penetration testing programme, managing vendor procurement, scoping, and logistics. Track vulnerability remediation by logging test findings in our risk management tool, Optro, and ensuring swift closure by technical teams. What you'll bring Compliance experience managing regulatory programmes for UK GDPR and at least one other cyber/data regulation. Working knowledge of NIS2 security obligations and UK GDPR requirements (including DPIAs and breach responses). Policy writing skills, with the ability to translate technical security requirements into clear employee guidance. Penetration test coordination experience, including scoping tests and tracking technical findings to resolution. Experience utilising GRC software or audit tracking platforms (Optro or equivalent) to log, assign, and track technical vulnerabilities and remediation progress through to closure. A methodical mindset with the discipline to track obligations and maintain accurate compliance documentation. And it would also be great if you can demonstrate: Relevant certifications such as BCS Data Protection Practitioner, CIPP/E, or ISO 27001 Lead Implementer. Stakeholder management skills to collaborate effectively across Legal, HR, external providers, and regulators. What we offer Uncapped bonus linked to business performance Defined contribution Pension Up to 34 days holiday (depending on shift pattern) Flexible holiday trading Flexible cash pot to spend on benefits Healthcare Cash Plan Flexible benefits e.g. discounts & cashbacks, gym memberships, technology purchases etc Life assurance Save as you earn scheme Staff sales discount Free AG Barr products throughout your working day and staff sales Annual salary review Ongoing professional development and access to Learning and Development programmes and content We are an equal opportunities employer and happy to discuss any reasonable adjustments that may be needed for successful candidates with a disability, health or mental health condition. While we have highlighted our ideal requirements for this role, we are realistic that the successful candidate probably won't meet every single requirement in this advert, but we encourage you to submit an application - you may be just what we are looking for! Speculative CVs from agencies will not be accepted. Please note, we may close vacancies early where we receive significant numbers of applications, so apply now!
17/06/2026
Full time
Job Title: Cyber Compliance Policy Analyst Location: Any Hub Contract and working pattern: Hybrid, permanent As a Cyber Compliance & Policy Analyst, you will ensure AG Barr meets its legal and regulatory obligations, driving compliance across cyber and data protection domains. Your focus will be on the UK GDPR and NIS2 compliance frameworks and the cyber security policy library. Responsibilities Own UK GDPR & NIS2 compliance within the Digital and Technology function, keeping registers current and audit ready. Support data security breach governance and maintain incident procedures, ensuring seamless readiness alongside our Legal team to meet the ICO's 72 hour notification window. Maintain the cyber security policy library, updating frameworks to align with evolving regulations. Drive policy adoption across the business, working with HR to track employee awareness and manage exceptions. Coordinate the penetration testing programme, managing vendor procurement, scoping, and logistics. Track vulnerability remediation by logging test findings in our risk management tool, Optro, and ensuring swift closure by technical teams. What you'll bring Compliance experience managing regulatory programmes for UK GDPR and at least one other cyber/data regulation. Working knowledge of NIS2 security obligations and UK GDPR requirements (including DPIAs and breach responses). Policy writing skills, with the ability to translate technical security requirements into clear employee guidance. Penetration test coordination experience, including scoping tests and tracking technical findings to resolution. Experience utilising GRC software or audit tracking platforms (Optro or equivalent) to log, assign, and track technical vulnerabilities and remediation progress through to closure. A methodical mindset with the discipline to track obligations and maintain accurate compliance documentation. And it would also be great if you can demonstrate: Relevant certifications such as BCS Data Protection Practitioner, CIPP/E, or ISO 27001 Lead Implementer. Stakeholder management skills to collaborate effectively across Legal, HR, external providers, and regulators. What we offer Uncapped bonus linked to business performance Defined contribution Pension Up to 34 days holiday (depending on shift pattern) Flexible holiday trading Flexible cash pot to spend on benefits Healthcare Cash Plan Flexible benefits e.g. discounts & cashbacks, gym memberships, technology purchases etc Life assurance Save as you earn scheme Staff sales discount Free AG Barr products throughout your working day and staff sales Annual salary review Ongoing professional development and access to Learning and Development programmes and content We are an equal opportunities employer and happy to discuss any reasonable adjustments that may be needed for successful candidates with a disability, health or mental health condition. While we have highlighted our ideal requirements for this role, we are realistic that the successful candidate probably won't meet every single requirement in this advert, but we encourage you to submit an application - you may be just what we are looking for! Speculative CVs from agencies will not be accepted. Please note, we may close vacancies early where we receive significant numbers of applications, so apply now!
Job Title: Cyber Compliance Policy Analyst Location: Any Hub Contract and working pattern: Hybrid, permanent As a Cyber Compliance & Policy Analyst, you will ensure AG Barr meets its legal and regulatory obligations, driving compliance across cyber and data protection domains. Your focus will be on the UK GDPR and NIS2 compliance frameworks and the cyber security policy library. Responsibilities Own UK GDPR & NIS2 compliance within the Digital and Technology function, keeping registers current and audit ready. Support data security breach governance and maintain incident procedures, ensuring seamless readiness alongside our Legal team to meet the ICO's 72 hour notification window. Maintain the cyber security policy library, updating frameworks to align with evolving regulations. Drive policy adoption across the business, working with HR to track employee awareness and manage exceptions. Coordinate the penetration testing programme, managing vendor procurement, scoping, and logistics. Track vulnerability remediation by logging test findings in our risk management tool, Optro, and ensuring swift closure by technical teams. What you'll bring Compliance experience managing regulatory programmes for UK GDPR and at least one other cyber/data regulation. Working knowledge of NIS2 security obligations and UK GDPR requirements (including DPIAs and breach responses). Policy writing skills, with the ability to translate technical security requirements into clear employee guidance. Penetration test coordination experience, including scoping tests and tracking technical findings to resolution. Experience utilising GRC software or audit tracking platforms (Optro or equivalent) to log, assign, and track technical vulnerabilities and remediation progress through to closure. A methodical mindset with the discipline to track obligations and maintain accurate compliance documentation. And it would also be great if you can demonstrate: Relevant certifications such as BCS Data Protection Practitioner, CIPP/E, or ISO 27001 Lead Implementer. Stakeholder management skills to collaborate effectively across Legal, HR, external providers, and regulators. What we offer Uncapped bonus linked to business performance Defined contribution Pension Up to 34 days holiday (depending on shift pattern) Flexible holiday trading Flexible cash pot to spend on benefits Healthcare Cash Plan Flexible benefits e.g. discounts & cashbacks, gym memberships, technology purchases etc Life assurance Save as you earn scheme Staff sales discount Free AG Barr products throughout your working day and staff sales Annual salary review Ongoing professional development and access to Learning and Development programmes and content We are an equal opportunities employer and happy to discuss any reasonable adjustments that may be needed for successful candidates with a disability, health or mental health condition. While we have highlighted our ideal requirements for this role, we are realistic that the successful candidate probably won't meet every single requirement in this advert, but we encourage you to submit an application - you may be just what we are looking for! Speculative CVs from agencies will not be accepted. Please note, we may close vacancies early where we receive significant numbers of applications, so apply now!
16/06/2026
Full time
Job Title: Cyber Compliance Policy Analyst Location: Any Hub Contract and working pattern: Hybrid, permanent As a Cyber Compliance & Policy Analyst, you will ensure AG Barr meets its legal and regulatory obligations, driving compliance across cyber and data protection domains. Your focus will be on the UK GDPR and NIS2 compliance frameworks and the cyber security policy library. Responsibilities Own UK GDPR & NIS2 compliance within the Digital and Technology function, keeping registers current and audit ready. Support data security breach governance and maintain incident procedures, ensuring seamless readiness alongside our Legal team to meet the ICO's 72 hour notification window. Maintain the cyber security policy library, updating frameworks to align with evolving regulations. Drive policy adoption across the business, working with HR to track employee awareness and manage exceptions. Coordinate the penetration testing programme, managing vendor procurement, scoping, and logistics. Track vulnerability remediation by logging test findings in our risk management tool, Optro, and ensuring swift closure by technical teams. What you'll bring Compliance experience managing regulatory programmes for UK GDPR and at least one other cyber/data regulation. Working knowledge of NIS2 security obligations and UK GDPR requirements (including DPIAs and breach responses). Policy writing skills, with the ability to translate technical security requirements into clear employee guidance. Penetration test coordination experience, including scoping tests and tracking technical findings to resolution. Experience utilising GRC software or audit tracking platforms (Optro or equivalent) to log, assign, and track technical vulnerabilities and remediation progress through to closure. A methodical mindset with the discipline to track obligations and maintain accurate compliance documentation. And it would also be great if you can demonstrate: Relevant certifications such as BCS Data Protection Practitioner, CIPP/E, or ISO 27001 Lead Implementer. Stakeholder management skills to collaborate effectively across Legal, HR, external providers, and regulators. What we offer Uncapped bonus linked to business performance Defined contribution Pension Up to 34 days holiday (depending on shift pattern) Flexible holiday trading Flexible cash pot to spend on benefits Healthcare Cash Plan Flexible benefits e.g. discounts & cashbacks, gym memberships, technology purchases etc Life assurance Save as you earn scheme Staff sales discount Free AG Barr products throughout your working day and staff sales Annual salary review Ongoing professional development and access to Learning and Development programmes and content We are an equal opportunities employer and happy to discuss any reasonable adjustments that may be needed for successful candidates with a disability, health or mental health condition. While we have highlighted our ideal requirements for this role, we are realistic that the successful candidate probably won't meet every single requirement in this advert, but we encourage you to submit an application - you may be just what we are looking for! Speculative CVs from agencies will not be accepted. Please note, we may close vacancies early where we receive significant numbers of applications, so apply now!
Job Title: Cyber Compliance Policy Analyst Location: Any Hub Contract and working pattern: Hybrid, permanent As a Cyber Compliance & Policy Analyst, you will ensure AG Barr meets its legal and regulatory obligations, driving compliance across cyber and data protection domains. Your focus will be on the UK GDPR and NIS2 compliance frameworks and the cyber security policy library. Responsibilities Own UK GDPR & NIS2 compliance within the Digital and Technology function, keeping registers current and audit ready. Support data security breach governance and maintain incident procedures, ensuring seamless readiness alongside our Legal team to meet the ICO's 72 hour notification window. Maintain the cyber security policy library, updating frameworks to align with evolving regulations. Drive policy adoption across the business, working with HR to track employee awareness and manage exceptions. Coordinate the penetration testing programme, managing vendor procurement, scoping, and logistics. Track vulnerability remediation by logging test findings in our risk management tool, Optro, and ensuring swift closure by technical teams. What you'll bring Compliance experience managing regulatory programmes for UK GDPR and at least one other cyber/data regulation. Working knowledge of NIS2 security obligations and UK GDPR requirements (including DPIAs and breach responses). Policy writing skills, with the ability to translate technical security requirements into clear employee guidance. Penetration test coordination experience, including scoping tests and tracking technical findings to resolution. Experience utilising GRC software or audit tracking platforms (Optro or equivalent) to log, assign, and track technical vulnerabilities and remediation progress through to closure. A methodical mindset with the discipline to track obligations and maintain accurate compliance documentation. And it would also be great if you can demonstrate: Relevant certifications such as BCS Data Protection Practitioner, CIPP/E, or ISO 27001 Lead Implementer. Stakeholder management skills to collaborate effectively across Legal, HR, external providers, and regulators. What we offer Uncapped bonus linked to business performance Defined contribution Pension Up to 34 days holiday (depending on shift pattern) Flexible holiday trading Flexible cash pot to spend on benefits Healthcare Cash Plan Flexible benefits e.g. discounts & cashbacks, gym memberships, technology purchases etc Life assurance Save as you earn scheme Staff sales discount Free AG Barr products throughout your working day and staff sales Annual salary review Ongoing professional development and access to Learning and Development programmes and content We are an equal opportunities employer and happy to discuss any reasonable adjustments that may be needed for successful candidates with a disability, health or mental health condition. While we have highlighted our ideal requirements for this role, we are realistic that the successful candidate probably won't meet every single requirement in this advert, but we encourage you to submit an application - you may be just what we are looking for! Speculative CVs from agencies will not be accepted. Please note, we may close vacancies early where we receive significant numbers of applications, so apply now!
16/06/2026
Full time
Job Title: Cyber Compliance Policy Analyst Location: Any Hub Contract and working pattern: Hybrid, permanent As a Cyber Compliance & Policy Analyst, you will ensure AG Barr meets its legal and regulatory obligations, driving compliance across cyber and data protection domains. Your focus will be on the UK GDPR and NIS2 compliance frameworks and the cyber security policy library. Responsibilities Own UK GDPR & NIS2 compliance within the Digital and Technology function, keeping registers current and audit ready. Support data security breach governance and maintain incident procedures, ensuring seamless readiness alongside our Legal team to meet the ICO's 72 hour notification window. Maintain the cyber security policy library, updating frameworks to align with evolving regulations. Drive policy adoption across the business, working with HR to track employee awareness and manage exceptions. Coordinate the penetration testing programme, managing vendor procurement, scoping, and logistics. Track vulnerability remediation by logging test findings in our risk management tool, Optro, and ensuring swift closure by technical teams. What you'll bring Compliance experience managing regulatory programmes for UK GDPR and at least one other cyber/data regulation. Working knowledge of NIS2 security obligations and UK GDPR requirements (including DPIAs and breach responses). Policy writing skills, with the ability to translate technical security requirements into clear employee guidance. Penetration test coordination experience, including scoping tests and tracking technical findings to resolution. Experience utilising GRC software or audit tracking platforms (Optro or equivalent) to log, assign, and track technical vulnerabilities and remediation progress through to closure. A methodical mindset with the discipline to track obligations and maintain accurate compliance documentation. And it would also be great if you can demonstrate: Relevant certifications such as BCS Data Protection Practitioner, CIPP/E, or ISO 27001 Lead Implementer. Stakeholder management skills to collaborate effectively across Legal, HR, external providers, and regulators. What we offer Uncapped bonus linked to business performance Defined contribution Pension Up to 34 days holiday (depending on shift pattern) Flexible holiday trading Flexible cash pot to spend on benefits Healthcare Cash Plan Flexible benefits e.g. discounts & cashbacks, gym memberships, technology purchases etc Life assurance Save as you earn scheme Staff sales discount Free AG Barr products throughout your working day and staff sales Annual salary review Ongoing professional development and access to Learning and Development programmes and content We are an equal opportunities employer and happy to discuss any reasonable adjustments that may be needed for successful candidates with a disability, health or mental health condition. While we have highlighted our ideal requirements for this role, we are realistic that the successful candidate probably won't meet every single requirement in this advert, but we encourage you to submit an application - you may be just what we are looking for! Speculative CVs from agencies will not be accepted. Please note, we may close vacancies early where we receive significant numbers of applications, so apply now!
Job Title: Cyber Compliance Policy Analyst Location: Any Hub Contract and working pattern: Hybrid, permanent As a Cyber Compliance & Policy Analyst, you will ensure AG Barr meets its legal and regulatory obligations, driving compliance across cyber and data protection domains. Your focus will be on the UK GDPR and NIS2 compliance frameworks and the cyber security policy library. Responsibilities Own UK GDPR & NIS2 compliance within the Digital and Technology function, keeping registers current and audit ready. Support data security breach governance and maintain incident procedures, ensuring seamless readiness alongside our Legal team to meet the ICO's 72 hour notification window. Maintain the cyber security policy library, updating frameworks to align with evolving regulations. Drive policy adoption across the business, working with HR to track employee awareness and manage exceptions. Coordinate the penetration testing programme, managing vendor procurement, scoping, and logistics. Track vulnerability remediation by logging test findings in our risk management tool, Optro, and ensuring swift closure by technical teams. What you'll bring Compliance experience managing regulatory programmes for UK GDPR and at least one other cyber/data regulation. Working knowledge of NIS2 security obligations and UK GDPR requirements (including DPIAs and breach responses). Policy writing skills, with the ability to translate technical security requirements into clear employee guidance. Penetration test coordination experience, including scoping tests and tracking technical findings to resolution. Experience utilising GRC software or audit tracking platforms (Optro or equivalent) to log, assign, and track technical vulnerabilities and remediation progress through to closure. A methodical mindset with the discipline to track obligations and maintain accurate compliance documentation. And it would also be great if you can demonstrate: Relevant certifications such as BCS Data Protection Practitioner, CIPP/E, or ISO 27001 Lead Implementer. Stakeholder management skills to collaborate effectively across Legal, HR, external providers, and regulators. What we offer Uncapped bonus linked to business performance Defined contribution Pension Up to 34 days holiday (depending on shift pattern) Flexible holiday trading Flexible cash pot to spend on benefits Healthcare Cash Plan Flexible benefits e.g. discounts & cashbacks, gym memberships, technology purchases etc Life assurance Save as you earn scheme Staff sales discount Free AG Barr products throughout your working day and staff sales Annual salary review Ongoing professional development and access to Learning and Development programmes and content We are an equal opportunities employer and happy to discuss any reasonable adjustments that may be needed for successful candidates with a disability, health or mental health condition. While we have highlighted our ideal requirements for this role, we are realistic that the successful candidate probably won't meet every single requirement in this advert, but we encourage you to submit an application - you may be just what we are looking for! Speculative CVs from agencies will not be accepted. Please note, we may close vacancies early where we receive significant numbers of applications, so apply now!
16/06/2026
Full time
Job Title: Cyber Compliance Policy Analyst Location: Any Hub Contract and working pattern: Hybrid, permanent As a Cyber Compliance & Policy Analyst, you will ensure AG Barr meets its legal and regulatory obligations, driving compliance across cyber and data protection domains. Your focus will be on the UK GDPR and NIS2 compliance frameworks and the cyber security policy library. Responsibilities Own UK GDPR & NIS2 compliance within the Digital and Technology function, keeping registers current and audit ready. Support data security breach governance and maintain incident procedures, ensuring seamless readiness alongside our Legal team to meet the ICO's 72 hour notification window. Maintain the cyber security policy library, updating frameworks to align with evolving regulations. Drive policy adoption across the business, working with HR to track employee awareness and manage exceptions. Coordinate the penetration testing programme, managing vendor procurement, scoping, and logistics. Track vulnerability remediation by logging test findings in our risk management tool, Optro, and ensuring swift closure by technical teams. What you'll bring Compliance experience managing regulatory programmes for UK GDPR and at least one other cyber/data regulation. Working knowledge of NIS2 security obligations and UK GDPR requirements (including DPIAs and breach responses). Policy writing skills, with the ability to translate technical security requirements into clear employee guidance. Penetration test coordination experience, including scoping tests and tracking technical findings to resolution. Experience utilising GRC software or audit tracking platforms (Optro or equivalent) to log, assign, and track technical vulnerabilities and remediation progress through to closure. A methodical mindset with the discipline to track obligations and maintain accurate compliance documentation. And it would also be great if you can demonstrate: Relevant certifications such as BCS Data Protection Practitioner, CIPP/E, or ISO 27001 Lead Implementer. Stakeholder management skills to collaborate effectively across Legal, HR, external providers, and regulators. What we offer Uncapped bonus linked to business performance Defined contribution Pension Up to 34 days holiday (depending on shift pattern) Flexible holiday trading Flexible cash pot to spend on benefits Healthcare Cash Plan Flexible benefits e.g. discounts & cashbacks, gym memberships, technology purchases etc Life assurance Save as you earn scheme Staff sales discount Free AG Barr products throughout your working day and staff sales Annual salary review Ongoing professional development and access to Learning and Development programmes and content We are an equal opportunities employer and happy to discuss any reasonable adjustments that may be needed for successful candidates with a disability, health or mental health condition. While we have highlighted our ideal requirements for this role, we are realistic that the successful candidate probably won't meet every single requirement in this advert, but we encourage you to submit an application - you may be just what we are looking for! Speculative CVs from agencies will not be accepted. Please note, we may close vacancies early where we receive significant numbers of applications, so apply now!
As one of the Best Big Companies to Work For, we have a rich history of loving our customers and looking after our teams. We understand that success is achieved through our people, and we are searching for an experienced and proactive Information Governance Analyst to join our Cyber Security team. The successful candidate will report to the Cyber Governance, Risk, and Compliance (GRC) Manager and will play a key role in ensuring the effective governance of Iceland's information assets. This includes information retention, identification, categorisation, applying appropriate security controls, and monitoring compliance with policies and standards. The primary tool for this role will be Microsoft Purview, so experience with this platform is essential. You will work closely with stakeholders across the business to ensure that information is managed securely and in line with regulatory and organisational requirements. This role is based in our Deeside head office, with a minimum of 2 days per week spent working from here. Specific skills and capabilities we are looking for: Essential Strong understanding of information governance principles, including retention, classification, and security. Demonstrable skills in all aspects of Microsoft Purview. Ability to write and maintain documentation and reports. Excellent attention to detail and organisational skills. Strong interpersonal and communication skills. Desirable Familiarity with data protection regulations. Experience in implementing information governance policies and procedures. Ability to work collaboratively with technical and non-technical teams. Certifications such as CIPM, CIPP/E, or similar information governance credentials. What to expect from us: 15% discount in Iceland stores 30% discount at Club Individual Restaurants 33 days holiday (including bank holidays) Free onsite parking Onsite electric car charging ports Subsidised staff restaurant and Costa Coffee Christmas vouchers Refer a Friend Scheme Christmas Savings scheme Discounted dry cleaning Long service awards
16/06/2026
Full time
As one of the Best Big Companies to Work For, we have a rich history of loving our customers and looking after our teams. We understand that success is achieved through our people, and we are searching for an experienced and proactive Information Governance Analyst to join our Cyber Security team. The successful candidate will report to the Cyber Governance, Risk, and Compliance (GRC) Manager and will play a key role in ensuring the effective governance of Iceland's information assets. This includes information retention, identification, categorisation, applying appropriate security controls, and monitoring compliance with policies and standards. The primary tool for this role will be Microsoft Purview, so experience with this platform is essential. You will work closely with stakeholders across the business to ensure that information is managed securely and in line with regulatory and organisational requirements. This role is based in our Deeside head office, with a minimum of 2 days per week spent working from here. Specific skills and capabilities we are looking for: Essential Strong understanding of information governance principles, including retention, classification, and security. Demonstrable skills in all aspects of Microsoft Purview. Ability to write and maintain documentation and reports. Excellent attention to detail and organisational skills. Strong interpersonal and communication skills. Desirable Familiarity with data protection regulations. Experience in implementing information governance policies and procedures. Ability to work collaboratively with technical and non-technical teams. Certifications such as CIPM, CIPP/E, or similar information governance credentials. What to expect from us: 15% discount in Iceland stores 30% discount at Club Individual Restaurants 33 days holiday (including bank holidays) Free onsite parking Onsite electric car charging ports Subsidised staff restaurant and Costa Coffee Christmas vouchers Refer a Friend Scheme Christmas Savings scheme Discounted dry cleaning Long service awards
Sword is a leading provider of business technology solutions within the Energy, Public and Finance Sectors, driving real transformation change within our clients. We use proven technology, specialist teams and domain expertise to build solid technical foundations across platforms, data and business applications. We have a passion for using technology to solve business problems, working in partnership with our clients to help in achieving their goals. We are delighted to present a newly created opportunity for a Governance, Risk & Compliance Analyst to join our internal security team. Reporting directly to the Sword Group CISO, you will help run andmaintainSword's governance, risk, and compliance activities across key regulatory, certification, and client requirements. Key Responsibilities Security Governance- Support the development, maintenance, and improvement of security policies, standards, and procedures, helping to keep Sword aligned with ISO 27001, NIS2, and other relevant obligations. Risk Management- Support andmaintainsecurity risk management activities across suppliers, projects, and internal services, helping toidentifyrisks, track treatment actions, and drive progress to completion. Legal, Regulatory, and Contractual Requirements- Help track, interpret, andmaintaincompliance with relevant legal, regulatory, client, and contractual obligations, including GDPR, NIS2, and the UK Cyber Security Resilience Bill. Data Protection- Lead and coordinate ongoing GDPR compliance activities globally bymaintainingrecords, improving processes, working with stakeholders, and ensuring actions are progressed and completed. Third-Party and Supply Chain Security- Support supplier and supply chain risk management activities, including reviews, due diligence, follow-up actions, and the maintenance ofappropriate recordsand evidence. Certification and Compliance Support- Lead and coordinate Sword's ISO 27001 certification and Cyber Essentials activities, including evidence gathering, control tracking, stakeholder coordination, and follow-up of remediation actions. Audit and Assurance- Support internal and external audit activity by preparing evidence, coordinating responses, tracking findings, and helping ensure actions are completed. Business Resilience Support- Contribute to the maintenance and improvement of business continuity and disaster recovery arrangements, including documentation, review activity, and support for testing exercises. Security Culture and Awareness- Support awareness, training, and communication activities that help colleagues understand and follow security policies, processes, and responsibilities. Continuous Improvement- Take a practical, can-do approach to improving the GRC programme through steady progress, good organisation, and a focus on getting things done. Supporting and maintaining governance, risk, and compliance activities aligned to industry standards and organisational objectives. Strong practical experience of frameworks, regulations, and obligations such as ISO 27001, GDPR, Cyber Essentials, NIS2, and the UK Cyber Security Resilience Bill, with the ability to apply these in a practical business context and coordinate related activities across a global organisation. Supporting risk assessments, control reviews, remediation tracking, and evidence management across projects, suppliers, and internal services. Experience contributing to audit, certification, or compliance activity, including evidence gathering, issue tracking, stakeholder coordination, and support for follow-up actions. Supporting supplier and supply chain assurance activity, including due diligence, review of responses, and follow-up of security actions. Good organisational, analytical, and problem solving skills, with the ability to interpret requirements and help turn them into practical actions. Clear written and verbal communication skills, with the ability to work effectively with stakeholders across the business. Experience in a similar governance, risk, compliance, information security, or assurance role would be beneficial. This role represents an outstanding opportunity for an individual with practical experience, or strong working knowledge, in governance, risk, compliance, or cyber security who is keen to keep building their expertise, takes ownership, and delivers results. You should have enough experience to lead and coordinate key compliance activities globally, particularly in GDPR, ISO 27001, and Cyber Essentials, with practical experience in running GDPR activities being essential. Qualifications Practical experience leading and coordinating GDPR activities globally (essential). Practical experience of ISO 27001, Cyber Essentials, NIS2, and the UK Cyber Security Resilience Bill. Experience with risk assessments, control reviews, and remediation tracking. Experience contributing to audit, certification, or compliance activity. Experience with supplier and supply chain assurance activity. Good organisational, analytical, and problem solving skills. Clear written and verbal communication skills. Experience in a similar governance, risk, compliance, information security, or assurance role would be beneficial. Personal Skills Relevant qualifications or certifications in ISO 27001, GDPR, Cyber Essentials, risk, audit, or information security would be beneficial, but practical experience leading and coordinating these activities globally is more important. Takes ownership, works proactively, and has a can do attitude with a strong focus on following through and getting things done. Keen to learn, develop, and progress a career in governance, risk, and compliance. Well organised and able to manage competing priorities while maintaining momentum and attention to detail. Communicates clearly and works well with technical and non technical colleagues to drive practical outcomes. Benefits Personalised Career Development: We create a development plan customised to your goals and aspirations, with a range of learning and development opportunities within a culture that encourages growth. Flexible working: Flexible work arrangements to support your work life balance. We can't promise to always be able to meet every request, however, are keen to discuss your individual preferences to make it work where we can. A Fantastic Benefits Package: This includes generous annual leave allowance, enhanced family friendly benefits, pension scheme, access to private health, well being, and insurance schemes. At Sword we are dedicated to fostering a diverse and inclusive workplace and are proud to be an equal opportunities employer, ensuring that all applicants receive fair and equal consideration for employment, regardless of whether they meet every requirement. If you don't tick all the boxes but feel you have some of the relevant skills and experience we're looking for, please do consider applying and highlight your transferable skills and experience. We embrace diversity in all its forms, valuing individuals regardless of age, disability, gender identity or reassignment, marital or civil partner status, pregnancy or maternity status, race, colour, nationality, ethnic or national origin, religion or belief, sex, or sexual orientation. Your perspective and potential are important to us. If we can do anything to help make the hiring process more accessible, please let our talent acquisition team know when you apply so we can support any adjustments.
16/06/2026
Full time
Sword is a leading provider of business technology solutions within the Energy, Public and Finance Sectors, driving real transformation change within our clients. We use proven technology, specialist teams and domain expertise to build solid technical foundations across platforms, data and business applications. We have a passion for using technology to solve business problems, working in partnership with our clients to help in achieving their goals. We are delighted to present a newly created opportunity for a Governance, Risk & Compliance Analyst to join our internal security team. Reporting directly to the Sword Group CISO, you will help run andmaintainSword's governance, risk, and compliance activities across key regulatory, certification, and client requirements. Key Responsibilities Security Governance- Support the development, maintenance, and improvement of security policies, standards, and procedures, helping to keep Sword aligned with ISO 27001, NIS2, and other relevant obligations. Risk Management- Support andmaintainsecurity risk management activities across suppliers, projects, and internal services, helping toidentifyrisks, track treatment actions, and drive progress to completion. Legal, Regulatory, and Contractual Requirements- Help track, interpret, andmaintaincompliance with relevant legal, regulatory, client, and contractual obligations, including GDPR, NIS2, and the UK Cyber Security Resilience Bill. Data Protection- Lead and coordinate ongoing GDPR compliance activities globally bymaintainingrecords, improving processes, working with stakeholders, and ensuring actions are progressed and completed. Third-Party and Supply Chain Security- Support supplier and supply chain risk management activities, including reviews, due diligence, follow-up actions, and the maintenance ofappropriate recordsand evidence. Certification and Compliance Support- Lead and coordinate Sword's ISO 27001 certification and Cyber Essentials activities, including evidence gathering, control tracking, stakeholder coordination, and follow-up of remediation actions. Audit and Assurance- Support internal and external audit activity by preparing evidence, coordinating responses, tracking findings, and helping ensure actions are completed. Business Resilience Support- Contribute to the maintenance and improvement of business continuity and disaster recovery arrangements, including documentation, review activity, and support for testing exercises. Security Culture and Awareness- Support awareness, training, and communication activities that help colleagues understand and follow security policies, processes, and responsibilities. Continuous Improvement- Take a practical, can-do approach to improving the GRC programme through steady progress, good organisation, and a focus on getting things done. Supporting and maintaining governance, risk, and compliance activities aligned to industry standards and organisational objectives. Strong practical experience of frameworks, regulations, and obligations such as ISO 27001, GDPR, Cyber Essentials, NIS2, and the UK Cyber Security Resilience Bill, with the ability to apply these in a practical business context and coordinate related activities across a global organisation. Supporting risk assessments, control reviews, remediation tracking, and evidence management across projects, suppliers, and internal services. Experience contributing to audit, certification, or compliance activity, including evidence gathering, issue tracking, stakeholder coordination, and support for follow-up actions. Supporting supplier and supply chain assurance activity, including due diligence, review of responses, and follow-up of security actions. Good organisational, analytical, and problem solving skills, with the ability to interpret requirements and help turn them into practical actions. Clear written and verbal communication skills, with the ability to work effectively with stakeholders across the business. Experience in a similar governance, risk, compliance, information security, or assurance role would be beneficial. This role represents an outstanding opportunity for an individual with practical experience, or strong working knowledge, in governance, risk, compliance, or cyber security who is keen to keep building their expertise, takes ownership, and delivers results. You should have enough experience to lead and coordinate key compliance activities globally, particularly in GDPR, ISO 27001, and Cyber Essentials, with practical experience in running GDPR activities being essential. Qualifications Practical experience leading and coordinating GDPR activities globally (essential). Practical experience of ISO 27001, Cyber Essentials, NIS2, and the UK Cyber Security Resilience Bill. Experience with risk assessments, control reviews, and remediation tracking. Experience contributing to audit, certification, or compliance activity. Experience with supplier and supply chain assurance activity. Good organisational, analytical, and problem solving skills. Clear written and verbal communication skills. Experience in a similar governance, risk, compliance, information security, or assurance role would be beneficial. Personal Skills Relevant qualifications or certifications in ISO 27001, GDPR, Cyber Essentials, risk, audit, or information security would be beneficial, but practical experience leading and coordinating these activities globally is more important. Takes ownership, works proactively, and has a can do attitude with a strong focus on following through and getting things done. Keen to learn, develop, and progress a career in governance, risk, and compliance. Well organised and able to manage competing priorities while maintaining momentum and attention to detail. Communicates clearly and works well with technical and non technical colleagues to drive practical outcomes. Benefits Personalised Career Development: We create a development plan customised to your goals and aspirations, with a range of learning and development opportunities within a culture that encourages growth. Flexible working: Flexible work arrangements to support your work life balance. We can't promise to always be able to meet every request, however, are keen to discuss your individual preferences to make it work where we can. A Fantastic Benefits Package: This includes generous annual leave allowance, enhanced family friendly benefits, pension scheme, access to private health, well being, and insurance schemes. At Sword we are dedicated to fostering a diverse and inclusive workplace and are proud to be an equal opportunities employer, ensuring that all applicants receive fair and equal consideration for employment, regardless of whether they meet every requirement. If you don't tick all the boxes but feel you have some of the relevant skills and experience we're looking for, please do consider applying and highlight your transferable skills and experience. We embrace diversity in all its forms, valuing individuals regardless of age, disability, gender identity or reassignment, marital or civil partner status, pregnancy or maternity status, race, colour, nationality, ethnic or national origin, religion or belief, sex, or sexual orientation. Your perspective and potential are important to us. If we can do anything to help make the hiring process more accessible, please let our talent acquisition team know when you apply so we can support any adjustments.
Cyber Fraud Centre in Aberdeen City is looking for a Governance, Risk & Compliance Analyst to join their security team. This role involves developing and maintaining security policies, managing compliance with regulations such as GDPR, and coordinating ISO 27001 certification activities. The ideal candidate will have practical experience in governance, risk management, and compliance. You will enjoy flexible working arrangements and personalized career development opportunities in a supportive environment.
16/06/2026
Full time
Cyber Fraud Centre in Aberdeen City is looking for a Governance, Risk & Compliance Analyst to join their security team. This role involves developing and maintaining security policies, managing compliance with regulations such as GDPR, and coordinating ISO 27001 certification activities. The ideal candidate will have practical experience in governance, risk management, and compliance. You will enjoy flexible working arrangements and personalized career development opportunities in a supportive environment.
About the Role We are seeking an experienced Information Security Analyst to support the delivery of governance, risk, and compliance (GRC) services for one of our leading clients. Working closely with senior stakeholders, technology teams, and security leadership, you will play a key role in strengthening the organisation's cyber security posture through effective risk management, compliance assurance, and security governance activities. You will support the implementation and maintenance of recognised security frameworks and standards while helping to drive security improvements across business and technology functions. This is an excellent opportunity for a security professional, who is comfortable operating in a client-facing environment and can provide pragmatic, risk-based security advice. Key Responsibilities Support the delivery of cybersecurity governance, risk, and compliance activities, ensuring alignment with frameworks including ISO 27001, NIST Cybersecurity Framework, Cyber Essentials, and GovAssure. Conduct information security risk assessments across business processes, programmes, projects, technology platforms, and third-party suppliers. Maintain security risk registers, track remediation actions, and support the effective management of cyber risk across business and technology functions. Produce high-quality security documentation, including policies, standards, compliance evidence, assessment reports, and executive-level reporting. Support internal and external audits, control reviews, assurance activities, and compliance assessments. Facilitate workshops and engage with stakeholders across technical, programme, operational, and leadership teams to gather requirements, collect evidence, and drive security initiatives. Support supplier assurance and third-party risk management activities. Assist with the development and continuous improvement of security governance processes and controls. Support in embedding security best practices, data governance, and Secure by Design principles across recovery, transformation, and operational workstreams. Contribute to security awareness, risk reporting, and governance activities across the client environment. Skills & Experience Essential 3-5 years' experience in Information Security, Cyber Security, Governance, Risk & Compliance, IT Audit, or Risk Management roles. Experience conducting information security risk assessments and control reviews. Strong understanding of information security governance and risk management principles. Working knowledge of ISO 27001 and information security management systems. Familiarity with security frameworks and standards including NIST Cybersecurity Framework and Cyber Essentials. Experience supporting audit, compliance, or assurance activities. Strong stakeholder engagement and communication skills. Excellent report writing, documentation, and presentation capabilities. Ability to communicate complex security concepts to both technical and non-technical audiences. Able to work in London 2-3 days per week. Desirable Experience working within government, public sector, regulated, or enterprise environments. Knowledge of GovAssure assessments and public sector security requirements. Familiarity with cloud environments including Microsoft Azure and AWS. Experience using GRC platforms and risk management tooling. Understanding of Secure by Design and security architecture principles. Certifications One or more of the following would be advantageous: ISO 27001 Lead Implementer or Lead Auditor Security+ CGRC CISA CRISC CISSP (or Associate CISSP) Employee Benefits Training - All team members are offered a number of options in terms of personal development, whether it is technical led, business acumen or methodologies. We want you to grow with us and to help us achieve more Private medical cover for you and your spouse/partner, offered via Vitality Discretionary bonus based on a blend of personal and company performance Holiday - You will receive 25 Days holiday, plus 1 day for Birthday and 1 day for your work anniversary in addition to UK bank holidays Electric Vehicle leasing with salary sacrifice Contributed Pension Scheme Death in service cover Equal Opportunities We are an equal opportunities employer and do not discriminate on the grounds of gender, sexual orientation, marital or civil partner status, pregnancy or maternity, gender reassignment, race, colour, nationality, ethnic or national origin, religion or belief, disability or age.
15/06/2026
Full time
About the Role We are seeking an experienced Information Security Analyst to support the delivery of governance, risk, and compliance (GRC) services for one of our leading clients. Working closely with senior stakeholders, technology teams, and security leadership, you will play a key role in strengthening the organisation's cyber security posture through effective risk management, compliance assurance, and security governance activities. You will support the implementation and maintenance of recognised security frameworks and standards while helping to drive security improvements across business and technology functions. This is an excellent opportunity for a security professional, who is comfortable operating in a client-facing environment and can provide pragmatic, risk-based security advice. Key Responsibilities Support the delivery of cybersecurity governance, risk, and compliance activities, ensuring alignment with frameworks including ISO 27001, NIST Cybersecurity Framework, Cyber Essentials, and GovAssure. Conduct information security risk assessments across business processes, programmes, projects, technology platforms, and third-party suppliers. Maintain security risk registers, track remediation actions, and support the effective management of cyber risk across business and technology functions. Produce high-quality security documentation, including policies, standards, compliance evidence, assessment reports, and executive-level reporting. Support internal and external audits, control reviews, assurance activities, and compliance assessments. Facilitate workshops and engage with stakeholders across technical, programme, operational, and leadership teams to gather requirements, collect evidence, and drive security initiatives. Support supplier assurance and third-party risk management activities. Assist with the development and continuous improvement of security governance processes and controls. Support in embedding security best practices, data governance, and Secure by Design principles across recovery, transformation, and operational workstreams. Contribute to security awareness, risk reporting, and governance activities across the client environment. Skills & Experience Essential 3-5 years' experience in Information Security, Cyber Security, Governance, Risk & Compliance, IT Audit, or Risk Management roles. Experience conducting information security risk assessments and control reviews. Strong understanding of information security governance and risk management principles. Working knowledge of ISO 27001 and information security management systems. Familiarity with security frameworks and standards including NIST Cybersecurity Framework and Cyber Essentials. Experience supporting audit, compliance, or assurance activities. Strong stakeholder engagement and communication skills. Excellent report writing, documentation, and presentation capabilities. Ability to communicate complex security concepts to both technical and non-technical audiences. Able to work in London 2-3 days per week. Desirable Experience working within government, public sector, regulated, or enterprise environments. Knowledge of GovAssure assessments and public sector security requirements. Familiarity with cloud environments including Microsoft Azure and AWS. Experience using GRC platforms and risk management tooling. Understanding of Secure by Design and security architecture principles. Certifications One or more of the following would be advantageous: ISO 27001 Lead Implementer or Lead Auditor Security+ CGRC CISA CRISC CISSP (or Associate CISSP) Employee Benefits Training - All team members are offered a number of options in terms of personal development, whether it is technical led, business acumen or methodologies. We want you to grow with us and to help us achieve more Private medical cover for you and your spouse/partner, offered via Vitality Discretionary bonus based on a blend of personal and company performance Holiday - You will receive 25 Days holiday, plus 1 day for Birthday and 1 day for your work anniversary in addition to UK bank holidays Electric Vehicle leasing with salary sacrifice Contributed Pension Scheme Death in service cover Equal Opportunities We are an equal opportunities employer and do not discriminate on the grounds of gender, sexual orientation, marital or civil partner status, pregnancy or maternity, gender reassignment, race, colour, nationality, ethnic or national origin, religion or belief, disability or age.
Ubds-Group is looking for an experienced Information Security Analyst to enhance governance, risk, and compliance services for clients. You will work closely with stakeholders and security teams, contributing to the organization's cybersecurity efforts. Your responsibilities will include performing risk assessments, maintaining risk registers, documenting compliance, and supporting audits. The ideal candidate has strong communication skills and solid experience in the field. This position offers opportunities for personal development and a range of employee benefits, including private medical cover and paid holidays.
14/06/2026
Full time
Ubds-Group is looking for an experienced Information Security Analyst to enhance governance, risk, and compliance services for clients. You will work closely with stakeholders and security teams, contributing to the organization's cybersecurity efforts. Your responsibilities will include performing risk assessments, maintaining risk registers, documenting compliance, and supporting audits. The ideal candidate has strong communication skills and solid experience in the field. This position offers opportunities for personal development and a range of employee benefits, including private medical cover and paid holidays.
