Role Description The Business Analyst / Project Manager will support a transformation program for a top-tier banking client, aligned to an ECB Remediation operating model. Support the remediation stand-up and operating model (pods, intake, tooling) and establish delivery routines and governance. Build strong relationships with stakeholders, serving as the primary point of contact for escalations, decisions, and issue resolution. Drive key program initiatives in close partnership with the business, ensuring delivery discipline across remediation waves. Responsible for driving delivery from discovery through implementation, ensuring business outcomes, stakeholder alignment, and execution discipline. Lead workshops to capture remediation requirements, scope, edge cases, control expectations, and operating model impacts. Translate business needs into clear delivery artefacts (user stories, process maps, BRDs/FRDs, acceptance criteria, test cases) and manage prioritization with stakeholders. Drive delivery of quick-win remediation waves, ensuring requirements, triage, prioritization, and closure tracking. Coordinate and maintain the controls gap assessment, supporting prioritization, ownership, and closure tracking across stakeholders. Identify data sourcing gaps and coordinate agreement of closure plans with business, data, and technology teams. Support delivery of manual controls automation waves, ensuring requirements, testing, sign-offs, and operational readiness. Ensure catalogue lineage is populated and traceability coverage is measurable and reported for priority areas. Plan and track delivery milestones, RAID (Risks, Assumptions, Issues, Dependencies), and progress reporting for internal and client governance forums. Work closely with Technology, Data, Operations, Risk, Compliance, and Security stakeholders to ensure solutions meet policy and control expectations. Coordinate UAT planning and execution; support go-live readiness and post-release stabilization. Ensure delivery produces an audit-ready documentation pack (decision logs, test evidence, control mappings, traceability, and sign-offs). Drive continuous improvement by identifying gaps, removing blockers, and improving delivery ways-of-working. Location The role supports one of our top-tier banking clients in London (Canary Wharf) and requires a minimum of three days on-site presence. Core Skills & Experience Minimum 8 years of experience as a Business Analyst and/or Project Manager within banking or financial services. Strong understanding of banking operations and change delivery (front-to-back processes, controls, governance, and/or regulatory change). Proven experience running discovery workshops, managing stakeholders, and translating complex needs into actionable delivery artefacts. Strong delivery management capability: planning, tracking, reporting, and driving outcomes across multiple workstreams/pods. Experience working with cross-functional teams (Operations, Technology, Data, Risk, Compliance, Finance). Comfortable working in fast-paced, regulated environments with structured governance and audit expectations. Excellent communication skills (written and verbal) and strong documentation standards. Delivery & Methodology Experience working in Agile/Scrum, Waterfall, or hybrid delivery models. Strong knowledge of typical BA/PM artefacts: process flows, user stories, requirements traceability, decision logs, RAID logs, test packs, and go-live checklists. Experience coordinating UAT end-to-end (test approach, test cases, execution support, defect triage, sign-off). Experience working in a factory-style model (intake, triage, prioritization, wave planning, and reporting) is a strong plus. Nice-to-Have (Data Experience) Exposure to data-driven programs (data transformation, reporting, controls, data quality, lineage). Ability to work with data teams and understand basic concepts such as source-to-target mapping, reconciliation checks, lineage coverage, and reporting dependencies. Basic SQL literacy (able to query/validate data or understand query outputs) is a plus, not mandatory. Experience supporting operational or regulatory reporting processes is beneficial. Main tasks and responsibilities Conduct discovery workshops to define scope, stakeholders, business outcomes, and edge cases. Support remediation stand-up: pods model, intake process, tooling usage, and delivery routines. Conduct discovery workshops to define scope, stakeholders, business outcomes, remediation edge cases, and control expectations. Produce key artefacts: process maps, user stories, acceptance criteria, decision tables (where needed), and test cases. Drive delivery of quick-win remediation waves and track closure evidence. Maintain and report the controls gap assessment (prioritization, ownership, closure tracking, dependencies). Identify data sourcing gaps, coordinate SME sessions, and document and track the agreed closure plan. Support manual controls automation waves by defining requirements, coordinating testing, and ensuring sign-off readiness. Ensure catalogue lineage is populated and traceability coverage is measurable and reported. Manage the delivery plan and backlog; drive prioritization and ensure alignment with remediation goals. Track and manage RAID; escalate blockers and coordinate resolution across teams. Facilitate governance routines: daily stand-ups, sprint ceremonies, stakeholder check-ins, and steering updates. Lead UAT preparation and execution; coordinate defect triage and ensure sign-off readiness. Support implementation planning, cutover readiness, and post-go-live stabilization. Maintain traceability from requirements -> delivery -> testing -> sign-off -> evidence. Produce an audit-ready documentation pack including decision logs, test packs, control mappings, traceability evidence, and approvals.
09/06/2026
Full time
Role Description The Business Analyst / Project Manager will support a transformation program for a top-tier banking client, aligned to an ECB Remediation operating model. Support the remediation stand-up and operating model (pods, intake, tooling) and establish delivery routines and governance. Build strong relationships with stakeholders, serving as the primary point of contact for escalations, decisions, and issue resolution. Drive key program initiatives in close partnership with the business, ensuring delivery discipline across remediation waves. Responsible for driving delivery from discovery through implementation, ensuring business outcomes, stakeholder alignment, and execution discipline. Lead workshops to capture remediation requirements, scope, edge cases, control expectations, and operating model impacts. Translate business needs into clear delivery artefacts (user stories, process maps, BRDs/FRDs, acceptance criteria, test cases) and manage prioritization with stakeholders. Drive delivery of quick-win remediation waves, ensuring requirements, triage, prioritization, and closure tracking. Coordinate and maintain the controls gap assessment, supporting prioritization, ownership, and closure tracking across stakeholders. Identify data sourcing gaps and coordinate agreement of closure plans with business, data, and technology teams. Support delivery of manual controls automation waves, ensuring requirements, testing, sign-offs, and operational readiness. Ensure catalogue lineage is populated and traceability coverage is measurable and reported for priority areas. Plan and track delivery milestones, RAID (Risks, Assumptions, Issues, Dependencies), and progress reporting for internal and client governance forums. Work closely with Technology, Data, Operations, Risk, Compliance, and Security stakeholders to ensure solutions meet policy and control expectations. Coordinate UAT planning and execution; support go-live readiness and post-release stabilization. Ensure delivery produces an audit-ready documentation pack (decision logs, test evidence, control mappings, traceability, and sign-offs). Drive continuous improvement by identifying gaps, removing blockers, and improving delivery ways-of-working. Location The role supports one of our top-tier banking clients in London (Canary Wharf) and requires a minimum of three days on-site presence. Core Skills & Experience Minimum 8 years of experience as a Business Analyst and/or Project Manager within banking or financial services. Strong understanding of banking operations and change delivery (front-to-back processes, controls, governance, and/or regulatory change). Proven experience running discovery workshops, managing stakeholders, and translating complex needs into actionable delivery artefacts. Strong delivery management capability: planning, tracking, reporting, and driving outcomes across multiple workstreams/pods. Experience working with cross-functional teams (Operations, Technology, Data, Risk, Compliance, Finance). Comfortable working in fast-paced, regulated environments with structured governance and audit expectations. Excellent communication skills (written and verbal) and strong documentation standards. Delivery & Methodology Experience working in Agile/Scrum, Waterfall, or hybrid delivery models. Strong knowledge of typical BA/PM artefacts: process flows, user stories, requirements traceability, decision logs, RAID logs, test packs, and go-live checklists. Experience coordinating UAT end-to-end (test approach, test cases, execution support, defect triage, sign-off). Experience working in a factory-style model (intake, triage, prioritization, wave planning, and reporting) is a strong plus. Nice-to-Have (Data Experience) Exposure to data-driven programs (data transformation, reporting, controls, data quality, lineage). Ability to work with data teams and understand basic concepts such as source-to-target mapping, reconciliation checks, lineage coverage, and reporting dependencies. Basic SQL literacy (able to query/validate data or understand query outputs) is a plus, not mandatory. Experience supporting operational or regulatory reporting processes is beneficial. Main tasks and responsibilities Conduct discovery workshops to define scope, stakeholders, business outcomes, and edge cases. Support remediation stand-up: pods model, intake process, tooling usage, and delivery routines. Conduct discovery workshops to define scope, stakeholders, business outcomes, remediation edge cases, and control expectations. Produce key artefacts: process maps, user stories, acceptance criteria, decision tables (where needed), and test cases. Drive delivery of quick-win remediation waves and track closure evidence. Maintain and report the controls gap assessment (prioritization, ownership, closure tracking, dependencies). Identify data sourcing gaps, coordinate SME sessions, and document and track the agreed closure plan. Support manual controls automation waves by defining requirements, coordinating testing, and ensuring sign-off readiness. Ensure catalogue lineage is populated and traceability coverage is measurable and reported. Manage the delivery plan and backlog; drive prioritization and ensure alignment with remediation goals. Track and manage RAID; escalate blockers and coordinate resolution across teams. Facilitate governance routines: daily stand-ups, sprint ceremonies, stakeholder check-ins, and steering updates. Lead UAT preparation and execution; coordinate defect triage and ensure sign-off readiness. Support implementation planning, cutover readiness, and post-go-live stabilization. Maintain traceability from requirements -> delivery -> testing -> sign-off -> evidence. Produce an audit-ready documentation pack including decision logs, test packs, control mappings, traceability evidence, and approvals.
Roke, Roke Manor, Romsey, Hampshire, United Kingdom Job Description Posted Monday 30 March 2026 at 00:00 Great ideas come from different minds. That's why we bring together engineers, scientists, analysts, and creatives from every background - and give them the trust, tools, and freedom to make a difference. What connects us is the mission: solving meaningful problems and building capability that protects what matters most. And as the challenges evolve, so do we - working on the technologies that will shape tomorrow, not just today. Role Purpose The Deal Architect is responsible for designing and structuring complex defence deals that align with customer requirements and organizational strategy. This role ensures technical, commercial, and contractual integrity of proposals for large scale defence programs, driving win strategies and profitability. Key Responsibilities Solution & Deal Design Opportunity Owner for agreed pursuits. Develop integrated solutions for major defence opportunities. Translate customer requirements into practical technical and commercial architectures. Ensure compliance with defence regulations and security standards. Lead deal governance, risk assessment, and approval processes. Align proposals with Roke's organisational capabilities and strategic objectives. Build pricing models and cost structures. Optimise deal profitability while maintaining competitiveness. Support negotiations with robust financial analysis and commercial acumen. Develop negotiation strategies for delegated approval. Stakeholder Management Create, and manage, appropriate cross functional pursuit and delivery teams. Act as the primary interface between capture teams, engineering, finance, legal, and delivery. Engage with senior client stakeholders to validate solution and commercial approach. Identify and mitigate technical, commercial, and contractual risks. Ensure adherence to MoD procurement processes and company compliance (including but not limited to: export control regulations, security, H&S, BACM). Business Development Support Contribute to pipeline shaping and early opportunity qualification. Provide thought leadership on deal structuring and contracting models. Candidate Profile Minimum 10+ years in solution architecture, bid management, or commercial strategy. Proven track record of leading complex, multi year deals in excess of £50M. Experience in defence, aerospace, or government contracting. Familiarity with MoD procurement frameworks. Key Skills and Experience Strong analytical and strategic thinking. Excellent negotiation and influencing skills. Proficiency in financial/cost modelling and risk management. Exceptional communication and presentation skills. Proficient in Shipley and Project Management. Personal Attributes High integrity and resilience under pressure. Ability to work in fast paced, multi stakeholder environments. Strong leadership and collaboration skills. KPIs & Success Measures Win rate for strategic defence opportunities. Compliance with governance and risk management standards. Profitability and competitiveness of structured deals. Stakeholder satisfaction and collaboration effectiveness. Why Join Us? Be part of a dynamic team shaping strategic growth through innovation and collaboration. We offer: Generous holiday allowance + option to purchase extra days Health Cash Plan, Private Medical & Dental Insurance options Employee discount portal (travel, restaurants, cinema, and more) Volunteering opportunities and Armed Forces Covenant support Inclusive culture where you can be authentic, feel valued, and realize your full potential Security Clearance You will need to hold SC. To be eligible, you will need to have resided in the UK for at least 5 years. The Next Step Click apply, submitting an up-to-date CV. We look forward to hearing from you. Roke, Roke Manor, Romsey, Hampshire, United Kingdom
09/06/2026
Full time
Roke, Roke Manor, Romsey, Hampshire, United Kingdom Job Description Posted Monday 30 March 2026 at 00:00 Great ideas come from different minds. That's why we bring together engineers, scientists, analysts, and creatives from every background - and give them the trust, tools, and freedom to make a difference. What connects us is the mission: solving meaningful problems and building capability that protects what matters most. And as the challenges evolve, so do we - working on the technologies that will shape tomorrow, not just today. Role Purpose The Deal Architect is responsible for designing and structuring complex defence deals that align with customer requirements and organizational strategy. This role ensures technical, commercial, and contractual integrity of proposals for large scale defence programs, driving win strategies and profitability. Key Responsibilities Solution & Deal Design Opportunity Owner for agreed pursuits. Develop integrated solutions for major defence opportunities. Translate customer requirements into practical technical and commercial architectures. Ensure compliance with defence regulations and security standards. Lead deal governance, risk assessment, and approval processes. Align proposals with Roke's organisational capabilities and strategic objectives. Build pricing models and cost structures. Optimise deal profitability while maintaining competitiveness. Support negotiations with robust financial analysis and commercial acumen. Develop negotiation strategies for delegated approval. Stakeholder Management Create, and manage, appropriate cross functional pursuit and delivery teams. Act as the primary interface between capture teams, engineering, finance, legal, and delivery. Engage with senior client stakeholders to validate solution and commercial approach. Identify and mitigate technical, commercial, and contractual risks. Ensure adherence to MoD procurement processes and company compliance (including but not limited to: export control regulations, security, H&S, BACM). Business Development Support Contribute to pipeline shaping and early opportunity qualification. Provide thought leadership on deal structuring and contracting models. Candidate Profile Minimum 10+ years in solution architecture, bid management, or commercial strategy. Proven track record of leading complex, multi year deals in excess of £50M. Experience in defence, aerospace, or government contracting. Familiarity with MoD procurement frameworks. Key Skills and Experience Strong analytical and strategic thinking. Excellent negotiation and influencing skills. Proficiency in financial/cost modelling and risk management. Exceptional communication and presentation skills. Proficient in Shipley and Project Management. Personal Attributes High integrity and resilience under pressure. Ability to work in fast paced, multi stakeholder environments. Strong leadership and collaboration skills. KPIs & Success Measures Win rate for strategic defence opportunities. Compliance with governance and risk management standards. Profitability and competitiveness of structured deals. Stakeholder satisfaction and collaboration effectiveness. Why Join Us? Be part of a dynamic team shaping strategic growth through innovation and collaboration. We offer: Generous holiday allowance + option to purchase extra days Health Cash Plan, Private Medical & Dental Insurance options Employee discount portal (travel, restaurants, cinema, and more) Volunteering opportunities and Armed Forces Covenant support Inclusive culture where you can be authentic, feel valued, and realize your full potential Security Clearance You will need to hold SC. To be eligible, you will need to have resided in the UK for at least 5 years. The Next Step Click apply, submitting an up-to-date CV. We look forward to hearing from you. Roke, Roke Manor, Romsey, Hampshire, United Kingdom
Security Monitoring Analyst Purpose of the Role The role staffs the Network Operations Centre on a rotating shift pattern to deliver continuous service monitoring of availability, performance, capacity, and security signals across Active Directory, Entra ID, Microsoft 365, SharePoint, Power Platform, Microsoft Fabric, and Azure - for the services that require 24/7 coverage as defined in the technical scope. The post-holder triages incoming alerts, performs first-pass diagnostics, executes documented runbooks for known incident patterns, escalates to the relevant L2/L3 specialist within agreed timelines, opens communication bridges for P1 events, and ensures customer stakeholders are kept informed during major incidents. The role is the heartbeat of the SLA: it determines whether the contractual P1 1-hour response is met. Requirements Key Technical Responsibilities Continuous Monitoring and Alert Triage Operate the monitoring console stack - Microsoft Sentinel, Azure Monitor, Microsoft Defender for Cloud, Microsoft 365 Admin Center service health, Defender XDR alerts, Log Analytics workbooks, and the integrated ITSM ticketing platform - for the duration of every shift. Monitor availability and performance of Active Directory domain controllers, DNS / DHCP / time service, ADFS, AAD Connect sync health, Entra ID sign-in service health, Exchange Online, SharePoint Online, Teams, OneDrive, Power Platform environments, Microsoft Fabric capacity, Azure VMs, storage, networking, and PaaS services. Triage incoming alerts within 5 minutes of generation, applying the documented severity matrix; classify alerts as actionable, suppressible, or false-positive, and record the rationale in the ticketing platform. Correlate alerts across multiple sources (Sentinel, Defender, Azure Monitor, M365 service health) to identify the underlying incident rather than reacting to individual symptoms. Acknowledge alerts and update tickets at the agreed cadence (every 60 minutes during P1; every 4 hours during P2) until handover or closure. Incident Response and Runbook Execution Execute Tier 1 incident response runbooks for known and documented patterns: Conditional Access misconfiguration rollback, AAD Connect sync failure restart, expired application secret rotation, Defender alert containment, mailbox / Teams reset operations, SharePoint sharing link restoration, and Power Platform environment health checks. Initiate the major incident process for any P1 incident: page the duty L2/L3 specialist, open the Microsoft Teams incident bridge, notify the Service Delivery Manager and customer stakeholders per the agreed comms plan, and assume scribe duties on the bridge call. Maintain accurate incident timelines in the ticketing platform - every action, every status check, every communication - with timestamp and operator initials, suitable for post incident review and audit. Execute documented automated containment playbooks (Sentinel Logic Apps) for high confidence security events: disable risky users, force password reset, isolate device in Defender for Endpoint, block sender in Exchange Online. Hand over open incidents at shift change using the structured handover template (active incidents, watch items, scheduled changes, planned maintenance, expected escalations). Service Request Fulfilment During Out of Hours Windows Fulfil pre approved standard service requests during out of hours windows where authorised - for example licence assignment for emergency onboarding, Teams meeting policy adjustments for live events, or pre approved Conditional Access exclusions - strictly within the documented standing change envelope. Monitoring Hygiene and Improvement Participate in alert tuning to reduce false positive rate and alert fatigue: review noisy rules weekly, propose threshold or filter changes through change control, and validate post change. Maintain monitoring runbook accuracy: every time a runbook is executed, capture deviations and feed back to the engineering team for runbook updates. Contribute weekly to the Service Delivery Manager's service review with a shift summary report (alerts handled, incidents raised, false positive trends, runbook gaps). Communication and Stakeholder Management Provide clear, factual, non speculative communication during incidents in line with the proposed SLA Communication Plan - initial notification within 15 minutes of P1 declaration, updates at 60 minute intervals, and a wrap up notification within 1 hour of resolution. Maintain the operational status page / Teams channel for customer stakeholders during major incidents. Comply strictly with EEA only data processing requirements: no customer data is to leave the EEA boundary at any point during incident handling, and no screenshots / logs are to be transmitted via non approved channels. Mandatory Technical Skills Hands on experience operating Microsoft Sentinel and Azure Monitor in a production NOC / SOC: ingesting alerts, working incidents, executing playbooks, and authoring basic KQL queries. Working knowledge of the Microsoft 365 service health framework, Defender XDR alert lifecycle, and the Azure Service Health portal. Active Directory and Entra ID fundamentals - enough to triage authentication failures, replication issues, MFA / Conditional Access blocks, and PIM activations. Basic PowerShell and KQL - sufficient to run prepared queries, validate state, and capture evidence; not expected to author advanced detection content (that sits with the Security & Governance Specialist). ITIL v4 foundation - incident, problem, change and event management; understanding of priority matrix, SLA clocks, and major incident process. Strong written English for incident notes, comms, and handover; ability to write clearly and unambiguously under time pressure. Desirable Technical Skills KQL beyond basics - ability to extend prepared hunting queries with new filters under L2 supervision. Familiarity with ServiceNow / Jira Service Management / Freshservice (or equivalent ITSM). Experience with Power BI service health dashboards and Microsoft 365 Usage Analytics. Exposure to Azure DevOps work item tracking and Microsoft Teams incident bridge management. Awareness of GDPR Article 33 personal data breach notification timelines and EEA data residency obligations. Required Certifications Microsoft Certified: Security, Compliance, and Identity Fundamentals (SC 900) - mandatory. Microsoft Certified: Azure Fundamentals (AZ 900) - mandatory. Microsoft 365 Certified: Fundamentals (MS 900) - mandatory. Microsoft Certified: Security Operations Analyst Associate (SC 200) - preferred (mandatory within 12 months of starting). ITIL 4 Foundation - preferred. CompTIA Security+ or equivalent - desirable.
09/06/2026
Full time
Security Monitoring Analyst Purpose of the Role The role staffs the Network Operations Centre on a rotating shift pattern to deliver continuous service monitoring of availability, performance, capacity, and security signals across Active Directory, Entra ID, Microsoft 365, SharePoint, Power Platform, Microsoft Fabric, and Azure - for the services that require 24/7 coverage as defined in the technical scope. The post-holder triages incoming alerts, performs first-pass diagnostics, executes documented runbooks for known incident patterns, escalates to the relevant L2/L3 specialist within agreed timelines, opens communication bridges for P1 events, and ensures customer stakeholders are kept informed during major incidents. The role is the heartbeat of the SLA: it determines whether the contractual P1 1-hour response is met. Requirements Key Technical Responsibilities Continuous Monitoring and Alert Triage Operate the monitoring console stack - Microsoft Sentinel, Azure Monitor, Microsoft Defender for Cloud, Microsoft 365 Admin Center service health, Defender XDR alerts, Log Analytics workbooks, and the integrated ITSM ticketing platform - for the duration of every shift. Monitor availability and performance of Active Directory domain controllers, DNS / DHCP / time service, ADFS, AAD Connect sync health, Entra ID sign-in service health, Exchange Online, SharePoint Online, Teams, OneDrive, Power Platform environments, Microsoft Fabric capacity, Azure VMs, storage, networking, and PaaS services. Triage incoming alerts within 5 minutes of generation, applying the documented severity matrix; classify alerts as actionable, suppressible, or false-positive, and record the rationale in the ticketing platform. Correlate alerts across multiple sources (Sentinel, Defender, Azure Monitor, M365 service health) to identify the underlying incident rather than reacting to individual symptoms. Acknowledge alerts and update tickets at the agreed cadence (every 60 minutes during P1; every 4 hours during P2) until handover or closure. Incident Response and Runbook Execution Execute Tier 1 incident response runbooks for known and documented patterns: Conditional Access misconfiguration rollback, AAD Connect sync failure restart, expired application secret rotation, Defender alert containment, mailbox / Teams reset operations, SharePoint sharing link restoration, and Power Platform environment health checks. Initiate the major incident process for any P1 incident: page the duty L2/L3 specialist, open the Microsoft Teams incident bridge, notify the Service Delivery Manager and customer stakeholders per the agreed comms plan, and assume scribe duties on the bridge call. Maintain accurate incident timelines in the ticketing platform - every action, every status check, every communication - with timestamp and operator initials, suitable for post incident review and audit. Execute documented automated containment playbooks (Sentinel Logic Apps) for high confidence security events: disable risky users, force password reset, isolate device in Defender for Endpoint, block sender in Exchange Online. Hand over open incidents at shift change using the structured handover template (active incidents, watch items, scheduled changes, planned maintenance, expected escalations). Service Request Fulfilment During Out of Hours Windows Fulfil pre approved standard service requests during out of hours windows where authorised - for example licence assignment for emergency onboarding, Teams meeting policy adjustments for live events, or pre approved Conditional Access exclusions - strictly within the documented standing change envelope. Monitoring Hygiene and Improvement Participate in alert tuning to reduce false positive rate and alert fatigue: review noisy rules weekly, propose threshold or filter changes through change control, and validate post change. Maintain monitoring runbook accuracy: every time a runbook is executed, capture deviations and feed back to the engineering team for runbook updates. Contribute weekly to the Service Delivery Manager's service review with a shift summary report (alerts handled, incidents raised, false positive trends, runbook gaps). Communication and Stakeholder Management Provide clear, factual, non speculative communication during incidents in line with the proposed SLA Communication Plan - initial notification within 15 minutes of P1 declaration, updates at 60 minute intervals, and a wrap up notification within 1 hour of resolution. Maintain the operational status page / Teams channel for customer stakeholders during major incidents. Comply strictly with EEA only data processing requirements: no customer data is to leave the EEA boundary at any point during incident handling, and no screenshots / logs are to be transmitted via non approved channels. Mandatory Technical Skills Hands on experience operating Microsoft Sentinel and Azure Monitor in a production NOC / SOC: ingesting alerts, working incidents, executing playbooks, and authoring basic KQL queries. Working knowledge of the Microsoft 365 service health framework, Defender XDR alert lifecycle, and the Azure Service Health portal. Active Directory and Entra ID fundamentals - enough to triage authentication failures, replication issues, MFA / Conditional Access blocks, and PIM activations. Basic PowerShell and KQL - sufficient to run prepared queries, validate state, and capture evidence; not expected to author advanced detection content (that sits with the Security & Governance Specialist). ITIL v4 foundation - incident, problem, change and event management; understanding of priority matrix, SLA clocks, and major incident process. Strong written English for incident notes, comms, and handover; ability to write clearly and unambiguously under time pressure. Desirable Technical Skills KQL beyond basics - ability to extend prepared hunting queries with new filters under L2 supervision. Familiarity with ServiceNow / Jira Service Management / Freshservice (or equivalent ITSM). Experience with Power BI service health dashboards and Microsoft 365 Usage Analytics. Exposure to Azure DevOps work item tracking and Microsoft Teams incident bridge management. Awareness of GDPR Article 33 personal data breach notification timelines and EEA data residency obligations. Required Certifications Microsoft Certified: Security, Compliance, and Identity Fundamentals (SC 900) - mandatory. Microsoft Certified: Azure Fundamentals (AZ 900) - mandatory. Microsoft 365 Certified: Fundamentals (MS 900) - mandatory. Microsoft Certified: Security Operations Analyst Associate (SC 200) - preferred (mandatory within 12 months of starting). ITIL 4 Foundation - preferred. CompTIA Security+ or equivalent - desirable.
Change your job, change your workplace, change your future Ricoh Europe is continuing its investment in modern, intelligence driven cybersecurity capabilities. As part of this evolution, we are looking for an Internal Cyber Defence Consultant to strengthen our defensive posture, lead the maturity of our Blue Team capability, and ensure Ricoh remains resilient against an ever evolving threat landscape. This is a high impact individual contributor role with virtual leadership responsibilities and working closely with security, technology and business teams across Europe. About the Role The Internal Cyber Defence Consultant will be responsible for shaping and maturing Ricoh's defensive security operations. This includes overseeing detection engineering, incident response, threat hunting, and vulnerability management. You will guide the virtual Blue Team, set the direction for defensive strategy, and ensure security controls, processes, and technologies deliver protection across Ricoh's systems, networks and data. Operating in a complex and fast paced environment, you will be accountable for the design and continual improvement of detection and response capabilities, while ensuring alignment with industry standards, regulatory requirements and Ricoh's risk appetite. This role blends technical expertise, leadership, analysis and communication, requiring someone who can influence without direct authority and act decisively when incidents occur. What you will be doing Blue Team Leadership & Operations Leading and coordinating the virtual Blue Team, including SOC analysts, incident responders, threat hunters and defensive engineers Setting strategic direction, improving processes, and supporting skill development across the defensive capability Acting as a senior escalation point during investigations and major incidents Designing, implementing and tuning detection rules across SIEM, SOAR, EDR and NDR platforms Managing log ingestion, telemetry pipelines and data quality to ensure visibility across all environments Identifying gaps in logging, coverage or monitoring and driving improvements Managing incident response processes, including playbooks, tabletop exercises and post incident reviews Leading investigations, coordinating cross functional teams and ensuring effective containment, eradication and recovery Embedding lessons learned into future detection, tooling and process enhancements Threat Hunting & Proactive Defence Conducting hypothesis driven threat hunts informed by threat intelligence Identifying stealthy or emerging threats not caught by automated detection Collaborating with Red Team operators to validate detection gaps and enhance Blue Team response Vulnerability & Exposure Management Overseeing vulnerability management processes and coordinating risk based remediation Working with infrastructure and application teams to prioritise and address high risk weaknesses Reporting remediation progress and exposure trends to senior leadership Governance, Reporting & Culture Ensuring compliance with ISO 27001, GDPR, NIS2 and internal security policies Providing clear reporting on threat trends, risk indicators, detection maturity and incident metrics Championing a security first culture through guidance, awareness and training initiatives What We Are Looking For Technical Expertise Strong hands on experience across SIEM, SOAR, EDR and NDR technologies - covering the Microsoft suite. Zero Trust experience, ideally with zScaler. Proficiency in detection engineering, alert tuning, log analysis and data correlation Solid understanding of MITRE ATT&CK, cyber kill chain and threat actor TTPs Experience conducting or leading incident response and digital forensics investigations Skilled in threat hunting techniques, anomaly detection and behavioural analytics Strong knowledge of vulnerability management processes and tooling Understanding of enterprise networks, cloud environments, endpoints and identity systems Leadership & Interpersonal Skills Experience guiding virtual or multidisciplinary security teams Strong communicator, comfortable engaging senior stakeholders across technical and non technical functions Able to influence decision making, challenge assumptions and advocate for necessary security improvements Skilled at maintaining calm, clarity and leadership during high pressure security incidents Capable of building trust, fostering collaboration and promoting continuous improvement Business & Strategic Acumen Understanding of Ricoh's business context, regulatory environment and operational dependencies Ability to translate technical risk into meaningful business impact Awareness of sector specific risks and organisational priorities Experience working in or with regulated enterprise environments Qualifications & Experience Bachelor's degree in Cybersecurity, Computer Science, IT or related field Relevant certifications such as GCIH, GCIA, GMON or CISSP Extensive proven experience in defensive cyber security roles Proven experience in a leadership or senior operational position Hands on experience leading major incident investigations in enterprise environments Exposure to red/purple team exercises, detection tuning and threat driven defence In Return For Your Commitment, You Can Expect A competitive salary package Industry leading benefits Ricoh is an exceptional place to work. A place where there is strong emphasis on career development for the right individuals. This is a role where you can excel within a fast paced environment and succeed within a thriving organisation. This is an excellent opportunity to join a global company where you can truly capitalise and build on your own experience. At Ricoh, we embrace and respect the collective and unique talents, experience, and perspectives of all people. Together we inspire remarkable innovation. That's how we live the Ricoh Way.
09/06/2026
Full time
Change your job, change your workplace, change your future Ricoh Europe is continuing its investment in modern, intelligence driven cybersecurity capabilities. As part of this evolution, we are looking for an Internal Cyber Defence Consultant to strengthen our defensive posture, lead the maturity of our Blue Team capability, and ensure Ricoh remains resilient against an ever evolving threat landscape. This is a high impact individual contributor role with virtual leadership responsibilities and working closely with security, technology and business teams across Europe. About the Role The Internal Cyber Defence Consultant will be responsible for shaping and maturing Ricoh's defensive security operations. This includes overseeing detection engineering, incident response, threat hunting, and vulnerability management. You will guide the virtual Blue Team, set the direction for defensive strategy, and ensure security controls, processes, and technologies deliver protection across Ricoh's systems, networks and data. Operating in a complex and fast paced environment, you will be accountable for the design and continual improvement of detection and response capabilities, while ensuring alignment with industry standards, regulatory requirements and Ricoh's risk appetite. This role blends technical expertise, leadership, analysis and communication, requiring someone who can influence without direct authority and act decisively when incidents occur. What you will be doing Blue Team Leadership & Operations Leading and coordinating the virtual Blue Team, including SOC analysts, incident responders, threat hunters and defensive engineers Setting strategic direction, improving processes, and supporting skill development across the defensive capability Acting as a senior escalation point during investigations and major incidents Designing, implementing and tuning detection rules across SIEM, SOAR, EDR and NDR platforms Managing log ingestion, telemetry pipelines and data quality to ensure visibility across all environments Identifying gaps in logging, coverage or monitoring and driving improvements Managing incident response processes, including playbooks, tabletop exercises and post incident reviews Leading investigations, coordinating cross functional teams and ensuring effective containment, eradication and recovery Embedding lessons learned into future detection, tooling and process enhancements Threat Hunting & Proactive Defence Conducting hypothesis driven threat hunts informed by threat intelligence Identifying stealthy or emerging threats not caught by automated detection Collaborating with Red Team operators to validate detection gaps and enhance Blue Team response Vulnerability & Exposure Management Overseeing vulnerability management processes and coordinating risk based remediation Working with infrastructure and application teams to prioritise and address high risk weaknesses Reporting remediation progress and exposure trends to senior leadership Governance, Reporting & Culture Ensuring compliance with ISO 27001, GDPR, NIS2 and internal security policies Providing clear reporting on threat trends, risk indicators, detection maturity and incident metrics Championing a security first culture through guidance, awareness and training initiatives What We Are Looking For Technical Expertise Strong hands on experience across SIEM, SOAR, EDR and NDR technologies - covering the Microsoft suite. Zero Trust experience, ideally with zScaler. Proficiency in detection engineering, alert tuning, log analysis and data correlation Solid understanding of MITRE ATT&CK, cyber kill chain and threat actor TTPs Experience conducting or leading incident response and digital forensics investigations Skilled in threat hunting techniques, anomaly detection and behavioural analytics Strong knowledge of vulnerability management processes and tooling Understanding of enterprise networks, cloud environments, endpoints and identity systems Leadership & Interpersonal Skills Experience guiding virtual or multidisciplinary security teams Strong communicator, comfortable engaging senior stakeholders across technical and non technical functions Able to influence decision making, challenge assumptions and advocate for necessary security improvements Skilled at maintaining calm, clarity and leadership during high pressure security incidents Capable of building trust, fostering collaboration and promoting continuous improvement Business & Strategic Acumen Understanding of Ricoh's business context, regulatory environment and operational dependencies Ability to translate technical risk into meaningful business impact Awareness of sector specific risks and organisational priorities Experience working in or with regulated enterprise environments Qualifications & Experience Bachelor's degree in Cybersecurity, Computer Science, IT or related field Relevant certifications such as GCIH, GCIA, GMON or CISSP Extensive proven experience in defensive cyber security roles Proven experience in a leadership or senior operational position Hands on experience leading major incident investigations in enterprise environments Exposure to red/purple team exercises, detection tuning and threat driven defence In Return For Your Commitment, You Can Expect A competitive salary package Industry leading benefits Ricoh is an exceptional place to work. A place where there is strong emphasis on career development for the right individuals. This is a role where you can excel within a fast paced environment and succeed within a thriving organisation. This is an excellent opportunity to join a global company where you can truly capitalise and build on your own experience. At Ricoh, we embrace and respect the collective and unique talents, experience, and perspectives of all people. Together we inspire remarkable innovation. That's how we live the Ricoh Way.
Maidenhead, United Kingdom Posted on 07/05/2026 VE3 is a technology and business consultancy focused on delivering end-to-end technology solutions and products. We have successfully serviced enterprises across multiple markets, including the public and private sectors. Our services span all aspects of business, providing a holistic approach to managing an organization. We are committed to providing technical innovations and tools that empower organizations with critical information to facilitate decision-making that results in business transformation through cost savings and increased operational efficiency. Our commitment to quality is adopted throughout the organization and sets the foundation for delivering our full suite of capabilities. Job Description Security Monitoring Analyst Purpose of the Role The role staffs the Network Operations Centre on a rotating shift pattern to deliver continuous service monitoring of availability, performance, capacity, and security signals across Active Directory, Entra ID, Microsoft 365, SharePoint, Power Platform, Microsoft Fabric, and Azure - for the services that require 24/7 coverage as defined in the technical scope. The post-holder triages incoming alerts, performs first-pass diagnostics, executes documented runbooks for known incident patterns, escalates to the relevant L2/L3 specialist within agreed timelines, opens communication bridges for P1 events, and ensures customer stakeholders are kept informed during major incidents. The role is the heartbeat of the SLA: it determines whether the contractual P1 1-hour response is met. Requirements Key Technical Responsibilities Continuous Monitoring and Alert Triage Operate the monitoring console stack - Microsoft Sentinel, Azure Monitor, Microsoft Defender for Cloud, Microsoft 365 Admin Center service health, Defender XDR alerts, Log Analytics workbooks, and the integrated ITSM ticketing platform - for the duration of every shift. Monitor availability and performance of Active Directory domain controllers, DNS / DHCP / time service, ADFS, AAD Connect sync health, Entra ID sign-in service health, Exchange Online, SharePoint Online, Teams, OneDrive, Power Platform environments, Microsoft Fabric capacity, Azure VMs, storage, networking, and PaaS services. Triage incoming alerts within 5 minutes of generation, applying the documented severity matrix; classify alerts as actionable, suppressible, or false-positive, and record the rationale in the ticketing platform. Correlate alerts across multiple sources (Sentinel, Defender, Azure Monitor, M365 service health) to identify the underlying incident rather than reacting to individual symptoms. Acknowledge alerts and update tickets at the agreed cadence (every 60 minutes during P1; every 4 hours during P2) until handover or closure. Incident Response and Runbook Execution Execute Tier-1 incident response runbooks for known and documented patterns: Conditional Access misconfiguration rollback, AAD Connect sync failure restart, expired application secret rotation, Defender alert containment, mailbox / Teams reset operations, SharePoint sharing-link restoration, and Power Platform environment health checks. Initiate the major incident process for any P1 incident: page the duty L2/L3 specialist, open the Microsoft Teams incident bridge, notify the Service Delivery Manager and customer stakeholders per the agreed comms plan, and assume scribe duties on the bridge call. Maintain accurate incident timelines in the ticketing platform - every action, every status check, every communication - with timestamp and operator initials, suitable for post-incident review and audit. Execute documented automated containment playbooks (Sentinel Logic Apps) for high-confidence security events: disable risky users, force password reset, isolate device in Defender for Endpoint, block sender in Exchange Online. Hand over open incidents at shift change using the structured handover template (active incidents, watch-items, scheduled changes, planned maintenance, expected escalations). Service Request Fulfilment During Out-of-Hours Windows Fulfil pre-approved standard service requests during out-of-hours windows where authorised - for example licence assignment for emergency onboarding, Teams meeting policy adjustments for live events, or pre-approved Conditional Access exclusions - strictly within the documented standing change envelope. Monitoring Hygiene and Improvement Participate in alert tuning to reduce false-positive rate and alert fatigue: review noisy rules weekly, propose threshold or filter changes through change control, and validate post-change. Maintain monitoring runbook accuracy: every time a runbook is executed, capture deviations and feed back to the engineering team for runbook updates. Contribute weekly to the Service Delivery Manager's service review with a shift-summary report (alerts handled, incidents raised, false-positive trends, runbook gaps). Communication and Stakeholder Management Provide clear, factual, non-speculative communication during incidents in line with the proposed SLA Communication Plan - initial notification within 15 minutes of P1 declaration, updates at 60-minute intervals, and a wrap-up notification within 1 hour of resolution. Maintain the operational status page / Teams channel for customer stakeholders during major incidents. Comply strictly with EEA-only data processing requirements: no customer data is to leave the EEA boundary at any point during incident handling, and no screenshots / logs are to be transmitted via non-approved channels. Mandatory Technical Skills Hands-on experience operating Microsoft Sentinel and Azure Monitor in a production NOC / SOC: ingesting alerts, working incidents, executing playbooks, and authoring basic KQL queries. Working knowledge of the Microsoft 365 service health framework, Defender XDR alert lifecycle, and the Azure Service Health portal. Active Directory and Entra ID fundamentals - enough to triage authentication failures, replication issues, MFA / Conditional Access blocks, and PIM activations. Basic PowerShell and KQL - sufficient to run prepared queries, validate state, and capture evidence; not expected to author advanced detection content (that sits with the Security & Governance Specialist). ITIL v4 foundation - incident, problem, change and event management; understanding of priority matrix, SLA clocks, and major incident process. Strong written English for incident notes, comms, and handover; ability to write clearly and unambiguously under time pressure. Desirable Technical Skills KQL beyond basics - ability to extend prepared hunting queries with new filters under L2 supervision. Familiarity with ServiceNow / Jira Service Management / Freshservice (or equivalent ITSM). Experience with Power BI service health dashboards and Microsoft 365 Usage Analytics. Exposure to Azure DevOps work item tracking and Microsoft Teams incident bridge management. Awareness of GDPR Article 33 personal data breach notification timelines and EEA data residency obligations. Required Certifications Microsoft Certified: Security, Compliance, and Identity Fundamentals (SC-900) - mandatory. Microsoft 365 Certified: Fundamentals (MS-900) - mandatory. Microsoft Certified: Security Operations Analyst Associate (SC-200) - preferred (mandatory within 12 months of starting). ITIL 4 Foundation - preferred. CompTIA Security+ or equivalent - desirable.
09/06/2026
Full time
Maidenhead, United Kingdom Posted on 07/05/2026 VE3 is a technology and business consultancy focused on delivering end-to-end technology solutions and products. We have successfully serviced enterprises across multiple markets, including the public and private sectors. Our services span all aspects of business, providing a holistic approach to managing an organization. We are committed to providing technical innovations and tools that empower organizations with critical information to facilitate decision-making that results in business transformation through cost savings and increased operational efficiency. Our commitment to quality is adopted throughout the organization and sets the foundation for delivering our full suite of capabilities. Job Description Security Monitoring Analyst Purpose of the Role The role staffs the Network Operations Centre on a rotating shift pattern to deliver continuous service monitoring of availability, performance, capacity, and security signals across Active Directory, Entra ID, Microsoft 365, SharePoint, Power Platform, Microsoft Fabric, and Azure - for the services that require 24/7 coverage as defined in the technical scope. The post-holder triages incoming alerts, performs first-pass diagnostics, executes documented runbooks for known incident patterns, escalates to the relevant L2/L3 specialist within agreed timelines, opens communication bridges for P1 events, and ensures customer stakeholders are kept informed during major incidents. The role is the heartbeat of the SLA: it determines whether the contractual P1 1-hour response is met. Requirements Key Technical Responsibilities Continuous Monitoring and Alert Triage Operate the monitoring console stack - Microsoft Sentinel, Azure Monitor, Microsoft Defender for Cloud, Microsoft 365 Admin Center service health, Defender XDR alerts, Log Analytics workbooks, and the integrated ITSM ticketing platform - for the duration of every shift. Monitor availability and performance of Active Directory domain controllers, DNS / DHCP / time service, ADFS, AAD Connect sync health, Entra ID sign-in service health, Exchange Online, SharePoint Online, Teams, OneDrive, Power Platform environments, Microsoft Fabric capacity, Azure VMs, storage, networking, and PaaS services. Triage incoming alerts within 5 minutes of generation, applying the documented severity matrix; classify alerts as actionable, suppressible, or false-positive, and record the rationale in the ticketing platform. Correlate alerts across multiple sources (Sentinel, Defender, Azure Monitor, M365 service health) to identify the underlying incident rather than reacting to individual symptoms. Acknowledge alerts and update tickets at the agreed cadence (every 60 minutes during P1; every 4 hours during P2) until handover or closure. Incident Response and Runbook Execution Execute Tier-1 incident response runbooks for known and documented patterns: Conditional Access misconfiguration rollback, AAD Connect sync failure restart, expired application secret rotation, Defender alert containment, mailbox / Teams reset operations, SharePoint sharing-link restoration, and Power Platform environment health checks. Initiate the major incident process for any P1 incident: page the duty L2/L3 specialist, open the Microsoft Teams incident bridge, notify the Service Delivery Manager and customer stakeholders per the agreed comms plan, and assume scribe duties on the bridge call. Maintain accurate incident timelines in the ticketing platform - every action, every status check, every communication - with timestamp and operator initials, suitable for post-incident review and audit. Execute documented automated containment playbooks (Sentinel Logic Apps) for high-confidence security events: disable risky users, force password reset, isolate device in Defender for Endpoint, block sender in Exchange Online. Hand over open incidents at shift change using the structured handover template (active incidents, watch-items, scheduled changes, planned maintenance, expected escalations). Service Request Fulfilment During Out-of-Hours Windows Fulfil pre-approved standard service requests during out-of-hours windows where authorised - for example licence assignment for emergency onboarding, Teams meeting policy adjustments for live events, or pre-approved Conditional Access exclusions - strictly within the documented standing change envelope. Monitoring Hygiene and Improvement Participate in alert tuning to reduce false-positive rate and alert fatigue: review noisy rules weekly, propose threshold or filter changes through change control, and validate post-change. Maintain monitoring runbook accuracy: every time a runbook is executed, capture deviations and feed back to the engineering team for runbook updates. Contribute weekly to the Service Delivery Manager's service review with a shift-summary report (alerts handled, incidents raised, false-positive trends, runbook gaps). Communication and Stakeholder Management Provide clear, factual, non-speculative communication during incidents in line with the proposed SLA Communication Plan - initial notification within 15 minutes of P1 declaration, updates at 60-minute intervals, and a wrap-up notification within 1 hour of resolution. Maintain the operational status page / Teams channel for customer stakeholders during major incidents. Comply strictly with EEA-only data processing requirements: no customer data is to leave the EEA boundary at any point during incident handling, and no screenshots / logs are to be transmitted via non-approved channels. Mandatory Technical Skills Hands-on experience operating Microsoft Sentinel and Azure Monitor in a production NOC / SOC: ingesting alerts, working incidents, executing playbooks, and authoring basic KQL queries. Working knowledge of the Microsoft 365 service health framework, Defender XDR alert lifecycle, and the Azure Service Health portal. Active Directory and Entra ID fundamentals - enough to triage authentication failures, replication issues, MFA / Conditional Access blocks, and PIM activations. Basic PowerShell and KQL - sufficient to run prepared queries, validate state, and capture evidence; not expected to author advanced detection content (that sits with the Security & Governance Specialist). ITIL v4 foundation - incident, problem, change and event management; understanding of priority matrix, SLA clocks, and major incident process. Strong written English for incident notes, comms, and handover; ability to write clearly and unambiguously under time pressure. Desirable Technical Skills KQL beyond basics - ability to extend prepared hunting queries with new filters under L2 supervision. Familiarity with ServiceNow / Jira Service Management / Freshservice (or equivalent ITSM). Experience with Power BI service health dashboards and Microsoft 365 Usage Analytics. Exposure to Azure DevOps work item tracking and Microsoft Teams incident bridge management. Awareness of GDPR Article 33 personal data breach notification timelines and EEA data residency obligations. Required Certifications Microsoft Certified: Security, Compliance, and Identity Fundamentals (SC-900) - mandatory. Microsoft 365 Certified: Fundamentals (MS-900) - mandatory. Microsoft Certified: Security Operations Analyst Associate (SC-200) - preferred (mandatory within 12 months of starting). ITIL 4 Foundation - preferred. CompTIA Security+ or equivalent - desirable.
GRC Analyst Information Security London Hybrid £50,000 - £55,000 + Bonus VIQU has partnered with a leading transport organisation to recruit a GRC Analyst to join their Finance and Information Security team. This is a fantastic opportunity for a GRC Analyst to take ownership of established governance frameworks, policies, and risk processes within a highly regulated environment. The GRC Analyst will play a key role in maintaining compliance, supporting audits, and embedding a strong risk-aware culture across the business. Key Responsibilities of the GRC Analyst: Support and maintain the organisation s risk management framework, including risk identification, assessment, and monitoring Facilitate risk assessments across business units and support mitigation planning Monitor risk trends, control effectiveness, and emerging threats, providing insights to senior stakeholders Support compliance programmes, ensuring adherence to regulatory and industry standards (e.g. ISO27001, NIST CSF) Coordinate internal and external audits, including evidence gathering and action tracking Contribute to governance policies, standards, and procedures development and review Produce clear governance and risk reports for leadership teams Support governance and assurance of technology change management processes Assist with risk, compliance, and security awareness initiatives across the organisation Key Requirements of the GRC Analyst: 4 5 years experience in governance, risk, or compliance roles within regulated or critical environments Strong understanding of frameworks such as ISO27001 and NIST CSF Experience supporting audits, compliance reporting, and evidence management Ability to interpret regulatory requirements into practical controls and processes Excellent communication and stakeholder engagement skills Strong organisational skills with the ability to manage multiple priorities Experience within regulated sectors such as transport, utilities, financial services, or government Exposure to Operational Technology (OT) or Industrial Control Systems (ICS) (desirable) Relevant certifications (ISO27001 Lead Implementer/Auditor, CISMP, CRISC, CISM) (desirable) Degree in Information Security, Risk, Business, Law, or equivalent experience Additional Information: Hybrid working: Initially 5 days onsite, reducing to 3 days onsite after probation 5% bonus 10% pension contribution Free Zone 1 6 travel for you and a nominated household member 75% discount on National Rail season tickets Interview process: 2 stages (Face-to-face and virtual) Apply today to speak with VIQU in confidence or contact Noah Yeoman at (url removed). Know someone exceptional for this GRC Analyst position? Refer them and receive up to £1,000 if successful (terms apply). Follow us on IT Recruitment for more exciting opportunities.
08/06/2026
Full time
GRC Analyst Information Security London Hybrid £50,000 - £55,000 + Bonus VIQU has partnered with a leading transport organisation to recruit a GRC Analyst to join their Finance and Information Security team. This is a fantastic opportunity for a GRC Analyst to take ownership of established governance frameworks, policies, and risk processes within a highly regulated environment. The GRC Analyst will play a key role in maintaining compliance, supporting audits, and embedding a strong risk-aware culture across the business. Key Responsibilities of the GRC Analyst: Support and maintain the organisation s risk management framework, including risk identification, assessment, and monitoring Facilitate risk assessments across business units and support mitigation planning Monitor risk trends, control effectiveness, and emerging threats, providing insights to senior stakeholders Support compliance programmes, ensuring adherence to regulatory and industry standards (e.g. ISO27001, NIST CSF) Coordinate internal and external audits, including evidence gathering and action tracking Contribute to governance policies, standards, and procedures development and review Produce clear governance and risk reports for leadership teams Support governance and assurance of technology change management processes Assist with risk, compliance, and security awareness initiatives across the organisation Key Requirements of the GRC Analyst: 4 5 years experience in governance, risk, or compliance roles within regulated or critical environments Strong understanding of frameworks such as ISO27001 and NIST CSF Experience supporting audits, compliance reporting, and evidence management Ability to interpret regulatory requirements into practical controls and processes Excellent communication and stakeholder engagement skills Strong organisational skills with the ability to manage multiple priorities Experience within regulated sectors such as transport, utilities, financial services, or government Exposure to Operational Technology (OT) or Industrial Control Systems (ICS) (desirable) Relevant certifications (ISO27001 Lead Implementer/Auditor, CISMP, CRISC, CISM) (desirable) Degree in Information Security, Risk, Business, Law, or equivalent experience Additional Information: Hybrid working: Initially 5 days onsite, reducing to 3 days onsite after probation 5% bonus 10% pension contribution Free Zone 1 6 travel for you and a nominated household member 75% discount on National Rail season tickets Interview process: 2 stages (Face-to-face and virtual) Apply today to speak with VIQU in confidence or contact Noah Yeoman at (url removed). Know someone exceptional for this GRC Analyst position? Refer them and receive up to £1,000 if successful (terms apply). Follow us on IT Recruitment for more exciting opportunities.
Workday Integration & Data Lead £100,000 + bonus London (Hybrid - 3 days per week in office) 12 month FTC Must be able to start 1st of July I am partnering with a global organisation to recruit an experienced Workday Integration & Data Lead to join a major HR technology transformation programme. This is a key role for a technically strong Workday professional with deep expertise across integrations, data remediation, and enterprise HR systems. The successful candidate will lead the design, delivery, stabilisation, and governance of Workday integrations across Payroll, Benefits, Finance, and other connected platforms, while also driving critical data quality and remediation activities. This opportunity would suit someone who enjoys operating across hands-on technical delivery, stakeholder engagement, governance, and programme support within a complex global environment. Key Responsibilities Integration Leadership Lead the Workday integration workstream across design, build, testing, deployment, cutover, and hypercare Design, develop, troubleshoot, and support integrations using: Workday Studio EIBs Core Connectors Cloud Connect PECI Document Transformation Workday Web Services Act as the Workday Studio SME, supporting end-to-end integration development and optimisation Partner with HR, Payroll, Finance, Technology, Security, and third-party vendors to deliver scalable and secure integration solutions Maintain and improve integration standards, monitoring, technical documentation, and operational handover processes Support impact analysis and regression testing for Workday bi-annual releases and system changes Data Migration & Quality Lead structured data remediation and data quality activities across Workday and connected systems Own data mapping, cleansing, reconciliation, validation, and issue resolution Establish data quality controls, issue logs, reporting, and escalation processes Identify root causes of data issues and implement sustainable fixes with business and technical teams Ensure compliance with privacy, security, access control, and UK GDPR requirements Programme Delivery & Governance Act as the technical SME for Workday integrations and people data remediation Provide regular updates on risks, issues, dependencies, and delivery progress Support SIT, UAT, cutover rehearsals, go-live readiness, and post-go-live stabilisation Manage competing priorities across multiple integration and data workstreams Coach analysts, developers, and business SMEs to support successful delivery Required Skills & Experience Significant experience delivering Workday integrations within complex enterprise environments 10+ years overall IT experience 5-8+ years focused on Workday integrations and data Strong hands-on expertise with: Workday Studio EIB Core Connectors PECI Cloud Connect Workday Web Services Proven experience designing and developing integrations using Workday Studio in enterprise environments Strong technical knowledge of: XML XSLT XPath REST/SOAP APIs Data transformation technologies Experience leading data remediation, migration, reconciliation, or data quality initiatives Strong understanding of Workday HCM data structures, business processes, and security concepts Experience working across HR, Payroll, Finance, Technology, Security, and third-party vendors Strong governance and delivery management capabilities Excellent communication skills with the ability to engage both technical and non-technical stakeholders Preferred Experience Workday certifications in Integrations, HCM, Data Migration, or related disciplines Experience with: Workday Extend Python Middleware platforms Exposure to payroll, benefits, or finance integrations Experience supporting global HR transformation programmes Hands-on development experience across both data migration and Workday integrations Familiarity with SOX controls, GDPR, and secure HR data handling What Success Looks Like Workday integrations are stable, scalable, tested, and fully documented Data quality issues are resolved with clear reconciliation and business sign-off Stakeholders maintain clear visibility of programme progress, risks, and decisions Go-live and hypercare activities are delivered with strong governance and operational readiness The organisation is left with a sustainable and scalable Workday integration and data foundation Candidate Profile I am looking for someone who is: Technically hands-on and solutions-driven Comfortable operating in complex, fast-paced transformation environments Strong in stakeholder engagement and communication Detail-oriented with a strong governance mindset Passionate about data quality, system optimisation, and continuous improvement Able to balance strategic oversight with technical delivery If you are an experienced Workday Integration specialist looking for your next challenge within a global transformation programme, I would love to hear from you. JBRP1_UKTJ
08/06/2026
Full time
Workday Integration & Data Lead £100,000 + bonus London (Hybrid - 3 days per week in office) 12 month FTC Must be able to start 1st of July I am partnering with a global organisation to recruit an experienced Workday Integration & Data Lead to join a major HR technology transformation programme. This is a key role for a technically strong Workday professional with deep expertise across integrations, data remediation, and enterprise HR systems. The successful candidate will lead the design, delivery, stabilisation, and governance of Workday integrations across Payroll, Benefits, Finance, and other connected platforms, while also driving critical data quality and remediation activities. This opportunity would suit someone who enjoys operating across hands-on technical delivery, stakeholder engagement, governance, and programme support within a complex global environment. Key Responsibilities Integration Leadership Lead the Workday integration workstream across design, build, testing, deployment, cutover, and hypercare Design, develop, troubleshoot, and support integrations using: Workday Studio EIBs Core Connectors Cloud Connect PECI Document Transformation Workday Web Services Act as the Workday Studio SME, supporting end-to-end integration development and optimisation Partner with HR, Payroll, Finance, Technology, Security, and third-party vendors to deliver scalable and secure integration solutions Maintain and improve integration standards, monitoring, technical documentation, and operational handover processes Support impact analysis and regression testing for Workday bi-annual releases and system changes Data Migration & Quality Lead structured data remediation and data quality activities across Workday and connected systems Own data mapping, cleansing, reconciliation, validation, and issue resolution Establish data quality controls, issue logs, reporting, and escalation processes Identify root causes of data issues and implement sustainable fixes with business and technical teams Ensure compliance with privacy, security, access control, and UK GDPR requirements Programme Delivery & Governance Act as the technical SME for Workday integrations and people data remediation Provide regular updates on risks, issues, dependencies, and delivery progress Support SIT, UAT, cutover rehearsals, go-live readiness, and post-go-live stabilisation Manage competing priorities across multiple integration and data workstreams Coach analysts, developers, and business SMEs to support successful delivery Required Skills & Experience Significant experience delivering Workday integrations within complex enterprise environments 10+ years overall IT experience 5-8+ years focused on Workday integrations and data Strong hands-on expertise with: Workday Studio EIB Core Connectors PECI Cloud Connect Workday Web Services Proven experience designing and developing integrations using Workday Studio in enterprise environments Strong technical knowledge of: XML XSLT XPath REST/SOAP APIs Data transformation technologies Experience leading data remediation, migration, reconciliation, or data quality initiatives Strong understanding of Workday HCM data structures, business processes, and security concepts Experience working across HR, Payroll, Finance, Technology, Security, and third-party vendors Strong governance and delivery management capabilities Excellent communication skills with the ability to engage both technical and non-technical stakeholders Preferred Experience Workday certifications in Integrations, HCM, Data Migration, or related disciplines Experience with: Workday Extend Python Middleware platforms Exposure to payroll, benefits, or finance integrations Experience supporting global HR transformation programmes Hands-on development experience across both data migration and Workday integrations Familiarity with SOX controls, GDPR, and secure HR data handling What Success Looks Like Workday integrations are stable, scalable, tested, and fully documented Data quality issues are resolved with clear reconciliation and business sign-off Stakeholders maintain clear visibility of programme progress, risks, and decisions Go-live and hypercare activities are delivered with strong governance and operational readiness The organisation is left with a sustainable and scalable Workday integration and data foundation Candidate Profile I am looking for someone who is: Technically hands-on and solutions-driven Comfortable operating in complex, fast-paced transformation environments Strong in stakeholder engagement and communication Detail-oriented with a strong governance mindset Passionate about data quality, system optimisation, and continuous improvement Able to balance strategic oversight with technical delivery If you are an experienced Workday Integration specialist looking for your next challenge within a global transformation programme, I would love to hear from you. JBRP1_UKTJ
Role Description The Technical Analyst - Data Lineage will support a Data Governance, Controls, and Reporting program for a top-tier banking client. Responsible for establishing and validating end-to-end lineage across critical datasets used in operational and regulatory reporting. Translate governance and reporting requirements into actionable lineage deliverables (source-to-target mapping, lineage diagrams, metadata standards, and audit evidence). Work with Data Platform, Data Engineering, Architecture, Risk, Compliance, and Security teams to define lineage standards, metadata capture, and control points. Maintain lineage artifacts for Critical Data Elements (CDEs), key reports, and priority data products. Support control design to ensure traceability from source systems transformations curated layers consumption (dashboards/reports/APIs). Actively participate from discovery workshops through to implementation and continuous improvement. Ensure traceability from data definition transformation logic lineage evidence audit readiness. Location The role supports one of our top-tier banking clients in London (Canary Wharf) and requires a minimum of three days on-site presence. This is a permanent position based in the UK. We will only consider applicants who are eligible to work in the UK. For this role do NOT offer visa sponsorship. Experience Requirements & Qualifications Minimum 3 years of relevant experience in data analytics, data quality, reporting controls, or data transformation programs (preferably in financial services). Core Skills & Experience Minimum 3 years of relevant experience in data governance, lineage, metadata management, or controls programs within finance/banking. Strong understanding of data lineage concepts: technical lineage, business lineage, column-level lineage, impact analysis, and provenance. Hands on experience with data lineage / metadata tooling in enterprise environments (e.g., Collibra, Alation, Informatica EDC/IDMC, IBM Infosphere, Microsoft Purview, Apache Atlas, Amundsen, DataHub or similar). Proven ability to build lineage for complex platforms: data lakes, warehouses, marts, and distributed processing (Spark based pipelines). Strong proficiency in SQL for tracing transformations and validating mappings across layers. Working knowledge of ETL/ELT patterns, data modeling (dimensional + normalized), and batch scheduling dependencies. Ability to interpret data transformation logic from pipelines (Spark SQL / PySpark / Hive queries / orchestration configs). Strong documentation capability: source to target mappings, lineage diagrams, data dictionaries, metadata standards, and control evidence packs. Technical Skills Strong proficiency in Python (data analysis/automation for metadata extraction, validation scripts, rule checks). Hands on experience with PySpark and Spark SQL in production environments. Solid knowledge of Hive, Impala, HDFS, and Parquet. Advanced SQL skills; experience with Oracle databases is preferred. Working knowledge of Autosys & Apache Airflow. Experience with CI/CD tools (Git, Harness, UrbanCode Deploy (UCD), Red Hat OpenShift). Familiarity with AWS S3 for large-scale data storage. Exposure to Tableau (understanding data sources, extracts, dependencies) is a plus. Nice-to-Have Experience with regulatory reporting data domains (risk, liquidity, capital, finance, BCBS 239 alignment, etc.). Knowledge of data governance operating models: CDEs, data ownership, stewardship, data quality dimensions. Experience creating audit ready documentation and participating in audit walkthroughs. Experience working in Agile/Scrum delivery models. Familiarity with monitoring and alerting tools for data pipelines. Experience Requirements & Qualifications Conduct discovery workshops to identify priority reports, data products, and Critical Data Elements (CDEs). Build and maintain end-to-end lineage across systems, including column level mappings where required. Produce and maintain Source-to-Target Mapping (STTM) documentation and metadata standards. Validate lineage accuracy by tracing logic through SQL/Spark transformations and pipeline configurations. Support impact analysis for proposed changes (upstream/downstream dependencies, report impact, control impact). Partner with engineers and platform teams to improve metadata capture and lineage automation (where possible). Define lineage related control points and produce audit ready evidence (diagrams, mappings, query proofs, run evidence). Support UAT by validating that reported numbers can be traced and explained back to trusted sources. Maintain the lineage backlog and track changes across releases to ensure artifacts remain current.
08/06/2026
Full time
Role Description The Technical Analyst - Data Lineage will support a Data Governance, Controls, and Reporting program for a top-tier banking client. Responsible for establishing and validating end-to-end lineage across critical datasets used in operational and regulatory reporting. Translate governance and reporting requirements into actionable lineage deliverables (source-to-target mapping, lineage diagrams, metadata standards, and audit evidence). Work with Data Platform, Data Engineering, Architecture, Risk, Compliance, and Security teams to define lineage standards, metadata capture, and control points. Maintain lineage artifacts for Critical Data Elements (CDEs), key reports, and priority data products. Support control design to ensure traceability from source systems transformations curated layers consumption (dashboards/reports/APIs). Actively participate from discovery workshops through to implementation and continuous improvement. Ensure traceability from data definition transformation logic lineage evidence audit readiness. Location The role supports one of our top-tier banking clients in London (Canary Wharf) and requires a minimum of three days on-site presence. This is a permanent position based in the UK. We will only consider applicants who are eligible to work in the UK. For this role do NOT offer visa sponsorship. Experience Requirements & Qualifications Minimum 3 years of relevant experience in data analytics, data quality, reporting controls, or data transformation programs (preferably in financial services). Core Skills & Experience Minimum 3 years of relevant experience in data governance, lineage, metadata management, or controls programs within finance/banking. Strong understanding of data lineage concepts: technical lineage, business lineage, column-level lineage, impact analysis, and provenance. Hands on experience with data lineage / metadata tooling in enterprise environments (e.g., Collibra, Alation, Informatica EDC/IDMC, IBM Infosphere, Microsoft Purview, Apache Atlas, Amundsen, DataHub or similar). Proven ability to build lineage for complex platforms: data lakes, warehouses, marts, and distributed processing (Spark based pipelines). Strong proficiency in SQL for tracing transformations and validating mappings across layers. Working knowledge of ETL/ELT patterns, data modeling (dimensional + normalized), and batch scheduling dependencies. Ability to interpret data transformation logic from pipelines (Spark SQL / PySpark / Hive queries / orchestration configs). Strong documentation capability: source to target mappings, lineage diagrams, data dictionaries, metadata standards, and control evidence packs. Technical Skills Strong proficiency in Python (data analysis/automation for metadata extraction, validation scripts, rule checks). Hands on experience with PySpark and Spark SQL in production environments. Solid knowledge of Hive, Impala, HDFS, and Parquet. Advanced SQL skills; experience with Oracle databases is preferred. Working knowledge of Autosys & Apache Airflow. Experience with CI/CD tools (Git, Harness, UrbanCode Deploy (UCD), Red Hat OpenShift). Familiarity with AWS S3 for large-scale data storage. Exposure to Tableau (understanding data sources, extracts, dependencies) is a plus. Nice-to-Have Experience with regulatory reporting data domains (risk, liquidity, capital, finance, BCBS 239 alignment, etc.). Knowledge of data governance operating models: CDEs, data ownership, stewardship, data quality dimensions. Experience creating audit ready documentation and participating in audit walkthroughs. Experience working in Agile/Scrum delivery models. Familiarity with monitoring and alerting tools for data pipelines. Experience Requirements & Qualifications Conduct discovery workshops to identify priority reports, data products, and Critical Data Elements (CDEs). Build and maintain end-to-end lineage across systems, including column level mappings where required. Produce and maintain Source-to-Target Mapping (STTM) documentation and metadata standards. Validate lineage accuracy by tracing logic through SQL/Spark transformations and pipeline configurations. Support impact analysis for proposed changes (upstream/downstream dependencies, report impact, control impact). Partner with engineers and platform teams to improve metadata capture and lineage automation (where possible). Define lineage related control points and produce audit ready evidence (diagrams, mappings, query proofs, run evidence). Support UAT by validating that reported numbers can be traced and explained back to trusted sources. Maintain the lineage backlog and track changes across releases to ensure artifacts remain current.
CoreWeave is The Essential Cloud for AI . Built for pioneers by pioneers, CoreWeave delivers a platform of technology, tools, and teams that enables innovators to build and scale AI with confidence. Trusted by leading AI labs, startups, and global enterprises, CoreWeave combines superior infrastructure performance with deep technical expertise to accelerate breakthroughs and turn compute into capability. Founded in 2017, CoreWeave became a publicly traded company (Nasdaq: CRWV) in March 2025. We're proud to be a Living Wage accredited Employer. What You'll Do: The Monolith AI Platform Engineering Team at CoreWeave is responsible for building and scaling the data and workflow backbone that powers the world's most advanced engineering simulation and AI workflows - our ambition is to become the super intelligent AI test lab for the engineering industry, helping customers ship science, faster. From high throughput data ingestion and feature pipelines to model training and real time inference, our platform delivers the performant, reliable, and trustworthy data foundation trusted by the world's largest engineering companies. The Senior DataOps Engineer II will own and drive all things data observability and operations across our client estate - building the practices, tooling, and culture that make Monolith's data flows debuggable, auditable, and safe to evolve. You'll sit at the intersection of platform engineering, data engineering, and reliability, implementing end to end lineage and DataOps practices while mentoring data producers and consumers on how to manage data as a first class product. You'll partner closely with Monolith's Product, Engineering and forward deployed teams, as well as with CoreWeave's infrastructure and AI platform groups, to turn fragmented, real world engineering data into well governed, observable, and operationally robust pipelines powering our SaaS platform and client specific deployments. About the Role: We're seeking an Senior DataOps Engineer II who can act as the hands on owner for Monolith's data observability and operational surface: from batch and streaming pipelines running on our platform, through to the lineage, quality, and runbooks that keep customer environments healthy. You'll define and roll out DataOps practices (CI/CD, infra as code, data SLOs, incident response) across the Monolith estate, implement end to end data lineage and observability, and serve as the go to mentor for engineering teams and client facing colleagues on best practice data management. In this role, you will: Own Monolith's Data Observability & Operations Surface Design and implement the end to end observability stack for data workloads (metrics, logs, traces, and data quality signals) across batch and streaming pipelines. Define and maintain operational SLOs/SLAs for critical data flows powering training, inference, and analytics, and ensure they are measurable and actionable. Build dashboards, alerts, and runbooks that allow engineers and on call responders to quickly detect, triage, and remediate data incidents. Standardise "golden paths" for how teams instrument pipelines, expose health signals, and respond to data related failures. Implement Data Lineage, Quality & Governance Deploy and maintain end to end data lineage for key domains - from client sources through transformations to features, models, and downstream analytics so teams can debug, audit, and reason about change. Define and roll out data quality checks (schema, freshness, completeness, distribution, drift) and ensure failures integrate cleanly into alerting and incident workflows. Partner with Security, Compliance, and customer facing teams to encode data governance requirements (e.g., retention, residency, access controls) into our pipelines and tooling. Help shape metadata models and catalog conventions so that producers and consumers can reliably discover, understand, and use shared datasets. Enable DataOps Practices Across Teams Establish CI/CD patterns for data pipelines and related infrastructure, including testing strategies, promotion workflows, and change management guardrails. Drive adoption of infra as code for data infrastructure (e.g., pipeline orchestration, storage, observability components), reducing manual drift across environments. Define and continuously improve DataOps processes - incident response, post incident review, change review, on call rotations - with a focus on learning rather than blame. Evaluate and integrate best of breed DataOps and observability tooling where it accelerates our teams, balancing build vs. buy pragmatically. Partner Across Monolith, CoreWeave & Clients Work with Monolith platform, data, agent, and reliability teams to expose observability and lineage as shared services and patterns other engineers can build on. Collaborate with CoreWeave infrastructure and AI platform teams to leverage underlying storage, compute, networking, and observability in service of robust data flows. Serve as a technical escalation point for forward deployed and customer facing engineers when data issues cross service boundaries or require deeper architectural insight. Mentor data producers (product teams, integrations, forward deployed engineers) and data consumers (data scientists, analysts, client engineers) on resilient schemas, contracts, and operational practices. Who You Are: Experience & Level Typically 5-6+ years of experience in DataOps, Data Engineering, DevOps/SRE for data platforms, or similar roles, including end to end ownership of production data pipelines and their operations. Proven track record of operating at Senior IC scope: leading cross team initiatives, introducing new practices/tooling, and improving reliability at the platform level. DataOps, Pipelines & Tooling Strong hands on experience designing, deploying, and operating data pipelines in production (batch and/or streaming), including failure modes, retries, and backfills. Practical experience with data orchestration and ETL/ELT tooling (e.g., Airflow, Dagster, dbt, Temporal, or similar) and comfort evaluating and integrating new tools where appropriate. Solid SQL and/or Spark skills and experience with at least one major analytical database or warehouse; familiarity with time series / telemetry data is a plus. Observability, Lineage & Data Quality Extensive experience implementing data observability - metrics, logging, tracing, dashboards, and alerting - for data centric workloads. Hands on work with data quality frameworks and/or observability platforms to monitor freshness, completeness, schema changes, and anomalies. Experience deploying and using data lineage or metadata/catalog solutions, and applying them to debugging, compliance, and change impact analysis. Platform, Infrastructure & Automation Comfortable working in containerised, cloud native environments (Kubernetes plus at least one major cloud provider); experience with GPU or compute intensive workloads is a bonus. Strong automation mindset: infra as code, CI/CD, and configuration management for data infrastructure and observability components. Proficient in Python for building tooling, pipeline glue, and platform integrations; additional languages are a plus. Collaboration, Mentorship & Communication Clear communicator who can explain complex data flows and failure modes to both deeply technical and non specialist audiences. Experience mentoring engineers and data practitioners on better data management, observability, and operational hygiene - through documentation, examples, reviews, and office hours. Comfortable working in a fast moving, high ambiguity environment where we balance rapid iteration with the safety and reliability demanded by enterprise engineering clients. Preferred: Experience in ML/AI platforms or MLOps environments where data pipelines power experimentation, training, and inference at scale. Background with test, simulation, or time series data (e.g., physical test benches, battery labs, automotive/aerospace R&D). Familiarity with feature stores, experiment tracking, or model registries and their interaction with upstream data pipelines. Prior work in multi tenant SaaS platforms, especially those with strong compliance, observability, and uptime requirements. Experience supporting or partnering closely with forward deployed / professional services teams in complex customer environments. Wondering if you're a good fit? We believe in investing in our people, and value candidates who bring diverse experiences - even if you don't tick every single box. Here are a few qualities we've found compatible with our team. If some of this sounds like you, we'd love to talk: Data obsessed operator - You care deeply about making data systems observable, predictable, and easy to reason about, not just "working most of the time." Systems thinker - You enjoy mapping complex data flows across services, understanding failure modes, and designing for graceful degradation and rapid recovery. Pragmatic - You know when to build the ideal abstraction and when to ship the smallest change that meaningfully reduces risk or toil. Collaborative mentor . click apply for full job details
08/06/2026
Full time
CoreWeave is The Essential Cloud for AI . Built for pioneers by pioneers, CoreWeave delivers a platform of technology, tools, and teams that enables innovators to build and scale AI with confidence. Trusted by leading AI labs, startups, and global enterprises, CoreWeave combines superior infrastructure performance with deep technical expertise to accelerate breakthroughs and turn compute into capability. Founded in 2017, CoreWeave became a publicly traded company (Nasdaq: CRWV) in March 2025. We're proud to be a Living Wage accredited Employer. What You'll Do: The Monolith AI Platform Engineering Team at CoreWeave is responsible for building and scaling the data and workflow backbone that powers the world's most advanced engineering simulation and AI workflows - our ambition is to become the super intelligent AI test lab for the engineering industry, helping customers ship science, faster. From high throughput data ingestion and feature pipelines to model training and real time inference, our platform delivers the performant, reliable, and trustworthy data foundation trusted by the world's largest engineering companies. The Senior DataOps Engineer II will own and drive all things data observability and operations across our client estate - building the practices, tooling, and culture that make Monolith's data flows debuggable, auditable, and safe to evolve. You'll sit at the intersection of platform engineering, data engineering, and reliability, implementing end to end lineage and DataOps practices while mentoring data producers and consumers on how to manage data as a first class product. You'll partner closely with Monolith's Product, Engineering and forward deployed teams, as well as with CoreWeave's infrastructure and AI platform groups, to turn fragmented, real world engineering data into well governed, observable, and operationally robust pipelines powering our SaaS platform and client specific deployments. About the Role: We're seeking an Senior DataOps Engineer II who can act as the hands on owner for Monolith's data observability and operational surface: from batch and streaming pipelines running on our platform, through to the lineage, quality, and runbooks that keep customer environments healthy. You'll define and roll out DataOps practices (CI/CD, infra as code, data SLOs, incident response) across the Monolith estate, implement end to end data lineage and observability, and serve as the go to mentor for engineering teams and client facing colleagues on best practice data management. In this role, you will: Own Monolith's Data Observability & Operations Surface Design and implement the end to end observability stack for data workloads (metrics, logs, traces, and data quality signals) across batch and streaming pipelines. Define and maintain operational SLOs/SLAs for critical data flows powering training, inference, and analytics, and ensure they are measurable and actionable. Build dashboards, alerts, and runbooks that allow engineers and on call responders to quickly detect, triage, and remediate data incidents. Standardise "golden paths" for how teams instrument pipelines, expose health signals, and respond to data related failures. Implement Data Lineage, Quality & Governance Deploy and maintain end to end data lineage for key domains - from client sources through transformations to features, models, and downstream analytics so teams can debug, audit, and reason about change. Define and roll out data quality checks (schema, freshness, completeness, distribution, drift) and ensure failures integrate cleanly into alerting and incident workflows. Partner with Security, Compliance, and customer facing teams to encode data governance requirements (e.g., retention, residency, access controls) into our pipelines and tooling. Help shape metadata models and catalog conventions so that producers and consumers can reliably discover, understand, and use shared datasets. Enable DataOps Practices Across Teams Establish CI/CD patterns for data pipelines and related infrastructure, including testing strategies, promotion workflows, and change management guardrails. Drive adoption of infra as code for data infrastructure (e.g., pipeline orchestration, storage, observability components), reducing manual drift across environments. Define and continuously improve DataOps processes - incident response, post incident review, change review, on call rotations - with a focus on learning rather than blame. Evaluate and integrate best of breed DataOps and observability tooling where it accelerates our teams, balancing build vs. buy pragmatically. Partner Across Monolith, CoreWeave & Clients Work with Monolith platform, data, agent, and reliability teams to expose observability and lineage as shared services and patterns other engineers can build on. Collaborate with CoreWeave infrastructure and AI platform teams to leverage underlying storage, compute, networking, and observability in service of robust data flows. Serve as a technical escalation point for forward deployed and customer facing engineers when data issues cross service boundaries or require deeper architectural insight. Mentor data producers (product teams, integrations, forward deployed engineers) and data consumers (data scientists, analysts, client engineers) on resilient schemas, contracts, and operational practices. Who You Are: Experience & Level Typically 5-6+ years of experience in DataOps, Data Engineering, DevOps/SRE for data platforms, or similar roles, including end to end ownership of production data pipelines and their operations. Proven track record of operating at Senior IC scope: leading cross team initiatives, introducing new practices/tooling, and improving reliability at the platform level. DataOps, Pipelines & Tooling Strong hands on experience designing, deploying, and operating data pipelines in production (batch and/or streaming), including failure modes, retries, and backfills. Practical experience with data orchestration and ETL/ELT tooling (e.g., Airflow, Dagster, dbt, Temporal, or similar) and comfort evaluating and integrating new tools where appropriate. Solid SQL and/or Spark skills and experience with at least one major analytical database or warehouse; familiarity with time series / telemetry data is a plus. Observability, Lineage & Data Quality Extensive experience implementing data observability - metrics, logging, tracing, dashboards, and alerting - for data centric workloads. Hands on work with data quality frameworks and/or observability platforms to monitor freshness, completeness, schema changes, and anomalies. Experience deploying and using data lineage or metadata/catalog solutions, and applying them to debugging, compliance, and change impact analysis. Platform, Infrastructure & Automation Comfortable working in containerised, cloud native environments (Kubernetes plus at least one major cloud provider); experience with GPU or compute intensive workloads is a bonus. Strong automation mindset: infra as code, CI/CD, and configuration management for data infrastructure and observability components. Proficient in Python for building tooling, pipeline glue, and platform integrations; additional languages are a plus. Collaboration, Mentorship & Communication Clear communicator who can explain complex data flows and failure modes to both deeply technical and non specialist audiences. Experience mentoring engineers and data practitioners on better data management, observability, and operational hygiene - through documentation, examples, reviews, and office hours. Comfortable working in a fast moving, high ambiguity environment where we balance rapid iteration with the safety and reliability demanded by enterprise engineering clients. Preferred: Experience in ML/AI platforms or MLOps environments where data pipelines power experimentation, training, and inference at scale. Background with test, simulation, or time series data (e.g., physical test benches, battery labs, automotive/aerospace R&D). Familiarity with feature stores, experiment tracking, or model registries and their interaction with upstream data pipelines. Prior work in multi tenant SaaS platforms, especially those with strong compliance, observability, and uptime requirements. Experience supporting or partnering closely with forward deployed / professional services teams in complex customer environments. Wondering if you're a good fit? We believe in investing in our people, and value candidates who bring diverse experiences - even if you don't tick every single box. Here are a few qualities we've found compatible with our team. If some of this sounds like you, we'd love to talk: Data obsessed operator - You care deeply about making data systems observable, predictable, and easy to reason about, not just "working most of the time." Systems thinker - You enjoy mapping complex data flows across services, understanding failure modes, and designing for graceful degradation and rapid recovery. Pragmatic - You know when to build the ideal abstraction and when to ship the smallest change that meaningfully reduces risk or toil. Collaborative mentor . click apply for full job details
Security Governance & Assurance Analyst - Flutter UKI, Hybrid (Fixed-term, 6 months) This position is open across multiple Flutter UK & Ireland office locations. The benefits and package will be in line with the entity in your location. Your Talent Partner will discuss this in further detail. An exciting opportunity has opened up for a Security Governance and Assurance Analyst to join the team, initially as a 6-Month Fixed-Term Contract covering maternity leave. The role reporting into the Senior Governance & Assurance Manager - UKI, the Security Governance and Assurance Analyst will be responsible for the day to day delivery of the tech workstream for Flutter UKI's audits and assessments. What you'll do Responsible for day-to-day delivery of some of Flutter UKI's external compliance programmes, which may include ISO 27001, PCI DSS and SOX. Responsible for facilitation of some of our other second and third line audits e.g. NIST CSF 2.0, Internal Audit, UKI Risk & Assurance assessments. Assisting the ISMS & Policy Manager as required with the ISO 27001 audits and the creation, annual review cycle, withdrawal of policies and standards. Understands the UKI Tech & Infosec principles and supports the team in delivering on these. How you'll do it Solid understanding of regulatory compliance frameworks such as Sarbanes-Oxley, PCI DSS, ISO27001, NIST CSF 2.0, GDPR. Experienced in successfully delivering and facilitating multiple projects / pieces of work simultaneously, re-prioritising as appropriate to meet deadlines with a pragmatic approach. Well versed in risk management and has a sound understanding of how controls are implemented in line with business risk appetite & regulatory need. Can demonstrate the communication of complex technical matters to both tech/non-tech audiences, both internally and externally (auditors). Can easily navigate internal/external audit & compliance engagements, along with supporting controls testing & evidencing requirements. Ability to identify key issues & can communicate them to stakeholders leveraging colleagues as needed to find solutions. Understand the people & cultural aspects to information security. Assertive, results orientated and good attention to detail. Competencies Required Hungry for Results: Achieves results at pace with energy and drive; consistently achieves and exceeds expectations; takes accountability and always delivers on what has been promised; action orientated, agile in approach, calls out when things go wrong; sets stretch goals and holds self and others to high standards of performance; demonstrates rigour and commitment to activities; always acts with integrity and invests in building trust with all stakeholders. Wins Together: Is a team player- by working collaboratively is able to establish and engage networks to achieve shared objectives; acting as a key support whenever possible; effectively communicates and shares information to ensure others are fully informed; praises others for their contributions and accomplishments; gains trust and support of others. Resilient: Maintains excellent composure and professionalism even in very difficult situations; confident under pressure, handles and manages crises effectively; bounces back from setbacks and acts as a role model for others; maintains a positive attitude despite adversity; skilfully handles challenges and obstacles applying insights from others and lessons learned from mistakes. Game changer: Remains curious and generates new and useful ideas or solutions to solve challenges; is open to innovations and gets involved in unfamiliar tasks or new areas; learns new methods, tools and technologies and applies them to work. Nimble: Quickly understands and adapts well to new and unfamiliar situations or challenges; consistently performs experiments to find the best solution; learns from others' experiences and shares lessons learned from own mistakes; is transparent about failure and views mistakes as opportunities to learn. Quality decision maker: Considers all relevant factors and uses appropriate decision-making criteria and principles; takes smart, independent action in urgent and unusual situations; collaborates effectively to speed up decision making and clearly understands when to elevate to others; shares ideas and applies insights from experienced team members on how to address new situations; comfortable giving opinions and takes decisive action; strives for excellence. Effective communicator: Is effective in a variety of communication settings; one-on-one, F2F, virtual meetings, small and large groups, or among diverse styles; actively listens to others and takes opinions and ideas on board; demonstrates humility in their dealings with others; provides timely and helpful information to others across the organisation.
08/06/2026
Full time
Security Governance & Assurance Analyst - Flutter UKI, Hybrid (Fixed-term, 6 months) This position is open across multiple Flutter UK & Ireland office locations. The benefits and package will be in line with the entity in your location. Your Talent Partner will discuss this in further detail. An exciting opportunity has opened up for a Security Governance and Assurance Analyst to join the team, initially as a 6-Month Fixed-Term Contract covering maternity leave. The role reporting into the Senior Governance & Assurance Manager - UKI, the Security Governance and Assurance Analyst will be responsible for the day to day delivery of the tech workstream for Flutter UKI's audits and assessments. What you'll do Responsible for day-to-day delivery of some of Flutter UKI's external compliance programmes, which may include ISO 27001, PCI DSS and SOX. Responsible for facilitation of some of our other second and third line audits e.g. NIST CSF 2.0, Internal Audit, UKI Risk & Assurance assessments. Assisting the ISMS & Policy Manager as required with the ISO 27001 audits and the creation, annual review cycle, withdrawal of policies and standards. Understands the UKI Tech & Infosec principles and supports the team in delivering on these. How you'll do it Solid understanding of regulatory compliance frameworks such as Sarbanes-Oxley, PCI DSS, ISO27001, NIST CSF 2.0, GDPR. Experienced in successfully delivering and facilitating multiple projects / pieces of work simultaneously, re-prioritising as appropriate to meet deadlines with a pragmatic approach. Well versed in risk management and has a sound understanding of how controls are implemented in line with business risk appetite & regulatory need. Can demonstrate the communication of complex technical matters to both tech/non-tech audiences, both internally and externally (auditors). Can easily navigate internal/external audit & compliance engagements, along with supporting controls testing & evidencing requirements. Ability to identify key issues & can communicate them to stakeholders leveraging colleagues as needed to find solutions. Understand the people & cultural aspects to information security. Assertive, results orientated and good attention to detail. Competencies Required Hungry for Results: Achieves results at pace with energy and drive; consistently achieves and exceeds expectations; takes accountability and always delivers on what has been promised; action orientated, agile in approach, calls out when things go wrong; sets stretch goals and holds self and others to high standards of performance; demonstrates rigour and commitment to activities; always acts with integrity and invests in building trust with all stakeholders. Wins Together: Is a team player- by working collaboratively is able to establish and engage networks to achieve shared objectives; acting as a key support whenever possible; effectively communicates and shares information to ensure others are fully informed; praises others for their contributions and accomplishments; gains trust and support of others. Resilient: Maintains excellent composure and professionalism even in very difficult situations; confident under pressure, handles and manages crises effectively; bounces back from setbacks and acts as a role model for others; maintains a positive attitude despite adversity; skilfully handles challenges and obstacles applying insights from others and lessons learned from mistakes. Game changer: Remains curious and generates new and useful ideas or solutions to solve challenges; is open to innovations and gets involved in unfamiliar tasks or new areas; learns new methods, tools and technologies and applies them to work. Nimble: Quickly understands and adapts well to new and unfamiliar situations or challenges; consistently performs experiments to find the best solution; learns from others' experiences and shares lessons learned from own mistakes; is transparent about failure and views mistakes as opportunities to learn. Quality decision maker: Considers all relevant factors and uses appropriate decision-making criteria and principles; takes smart, independent action in urgent and unusual situations; collaborates effectively to speed up decision making and clearly understands when to elevate to others; shares ideas and applies insights from experienced team members on how to address new situations; comfortable giving opinions and takes decisive action; strives for excellence. Effective communicator: Is effective in a variety of communication settings; one-on-one, F2F, virtual meetings, small and large groups, or among diverse styles; actively listens to others and takes opinions and ideas on board; demonstrates humility in their dealings with others; provides timely and helpful information to others across the organisation.
Title and Summary Manager, 1st Line Controls Testing, Certification and Assurance Main purpose of the role The newly established 1st Line Control Office function within Vocalink Limited (VLL) is seeking a Manager to join the Control Testing, Certification and Assurance team. This role will be responsible for managing certifications, certification audits and other assurance activities, including conducting control testing to support the retention of VLL's certifications across multiple frameworks and the delivery of assurance obligations. The position requires a broad understanding of security and technology control frameworks, with hands on experience across standards such as ISO27001, ISO22301, PCIDSS, PCIPIN, SWIFTCSP, ISAE3000, etc. The successful candidate must have proven expertise in analysing and assessing control design, implementation and operating effectiveness against at least one of these standards, ensuring compliance and identifying gaps. The role will also include coordinating and managing external audits to ensure smooth execution, therefore experience of this is required. Key Responsibilities Certification and Assurance Responsibilities Maintain certification and assurance related documentation. Prepare the organisation for annual certification audits. Support the assessment and validation of controls and processes against a variety of security standards and obligations. Support the team in the management of VLL certifications, e.g. ISO27001 and PCIDSS. Support the team in the management of other assurance activities, e.g. ISAE3000. Conduct periodic testing of key and non key controls in line with the Control Testing Methodology. Evaluate compliance with internal policies, standards, regulatory requirements and customer obligations. Prepare and review control testing documentation, including test procedures, results, and identified gaps. Ensure timely escalation of control deficiencies and support remediation tracking. Create and quality assure reports and team outputs. Team Leadership, Collaboration & Stakeholder Engagement Supervise and mentor junior team members (e.g. Senior Analysts), providing guidance on certification requirements, assurance requirements, testing execution and quality assurance. Support the Vice President and Director of Certification and Assurance in the development and maintenance of the annual Control Testing, Certification and Assurance plan. Build and maintain strong partnerships with Control and Process Owners and Operators to ensure efficient and effective execution of certification maintenance and assurance activities. Contribute to reporting for governance forums, including dashboards, thematic reviews, and trend analysis. Governance & Continuous Improvement Support the development and refinement of certification management, assurance/control testing processes, standards, tools and methodologies. Contribute to the maturity of the 3 Lines of Defence model and promote a culture of proactive risk management. Stay informed on emerging risks, regulatory changes, certification changes and industry best practices with a focus on cybersecurity risks. Knowledge, Skills and Expertise Experience Experience working with security related control frameworks and standards (e.g. ISO27001, NIST, CRI, or PCI DSS). Experience conducting security related audits/reviews and managing/co ordinating external audits including certification audits. Ability to assess control design and operating effectiveness in complex environments and to identify control gaps and improvement opportunities. Experience resolving certification and assurance issues. Knowledge and experience of all areas of security. Strong investigative and analytical experience (e.g. enquiry, scanning, analysis, interviewing, testing), problem solving and decision making skills. Experience collaborating cross functionally to identify and implement good practice security audit management and assurance processes. Excellent communication and stakeholder engagement skills. Qualifications Certifications such as ISO27001 Lead Auditor, CISA, CISM, CISSP, PCISSCISA, CRISC, or equivalent are desirable. Preferred Skills & Attributes Bachelor's degree in Computer Science, Cyber Security, Information Technology or a related field. Good knowledge of security controls and IT general controls across a variety of technologies and environments. Proficiency in Microsoft Office Suite (MSWord, MSExcel, MSAccess and MSPowerPoint). Strong organisational skills with the ability to prioritise and manage multiple tasks. Self starter with a continuous improvement mindset and a collaborative approach. Experience creating presentations for business discussions and reporting. Experience of Risk Management / GRC related technologies and toolsets. Experience working in cross functional large projects with dispersed teams.
08/06/2026
Full time
Title and Summary Manager, 1st Line Controls Testing, Certification and Assurance Main purpose of the role The newly established 1st Line Control Office function within Vocalink Limited (VLL) is seeking a Manager to join the Control Testing, Certification and Assurance team. This role will be responsible for managing certifications, certification audits and other assurance activities, including conducting control testing to support the retention of VLL's certifications across multiple frameworks and the delivery of assurance obligations. The position requires a broad understanding of security and technology control frameworks, with hands on experience across standards such as ISO27001, ISO22301, PCIDSS, PCIPIN, SWIFTCSP, ISAE3000, etc. The successful candidate must have proven expertise in analysing and assessing control design, implementation and operating effectiveness against at least one of these standards, ensuring compliance and identifying gaps. The role will also include coordinating and managing external audits to ensure smooth execution, therefore experience of this is required. Key Responsibilities Certification and Assurance Responsibilities Maintain certification and assurance related documentation. Prepare the organisation for annual certification audits. Support the assessment and validation of controls and processes against a variety of security standards and obligations. Support the team in the management of VLL certifications, e.g. ISO27001 and PCIDSS. Support the team in the management of other assurance activities, e.g. ISAE3000. Conduct periodic testing of key and non key controls in line with the Control Testing Methodology. Evaluate compliance with internal policies, standards, regulatory requirements and customer obligations. Prepare and review control testing documentation, including test procedures, results, and identified gaps. Ensure timely escalation of control deficiencies and support remediation tracking. Create and quality assure reports and team outputs. Team Leadership, Collaboration & Stakeholder Engagement Supervise and mentor junior team members (e.g. Senior Analysts), providing guidance on certification requirements, assurance requirements, testing execution and quality assurance. Support the Vice President and Director of Certification and Assurance in the development and maintenance of the annual Control Testing, Certification and Assurance plan. Build and maintain strong partnerships with Control and Process Owners and Operators to ensure efficient and effective execution of certification maintenance and assurance activities. Contribute to reporting for governance forums, including dashboards, thematic reviews, and trend analysis. Governance & Continuous Improvement Support the development and refinement of certification management, assurance/control testing processes, standards, tools and methodologies. Contribute to the maturity of the 3 Lines of Defence model and promote a culture of proactive risk management. Stay informed on emerging risks, regulatory changes, certification changes and industry best practices with a focus on cybersecurity risks. Knowledge, Skills and Expertise Experience Experience working with security related control frameworks and standards (e.g. ISO27001, NIST, CRI, or PCI DSS). Experience conducting security related audits/reviews and managing/co ordinating external audits including certification audits. Ability to assess control design and operating effectiveness in complex environments and to identify control gaps and improvement opportunities. Experience resolving certification and assurance issues. Knowledge and experience of all areas of security. Strong investigative and analytical experience (e.g. enquiry, scanning, analysis, interviewing, testing), problem solving and decision making skills. Experience collaborating cross functionally to identify and implement good practice security audit management and assurance processes. Excellent communication and stakeholder engagement skills. Qualifications Certifications such as ISO27001 Lead Auditor, CISA, CISM, CISSP, PCISSCISA, CRISC, or equivalent are desirable. Preferred Skills & Attributes Bachelor's degree in Computer Science, Cyber Security, Information Technology or a related field. Good knowledge of security controls and IT general controls across a variety of technologies and environments. Proficiency in Microsoft Office Suite (MSWord, MSExcel, MSAccess and MSPowerPoint). Strong organisational skills with the ability to prioritise and manage multiple tasks. Self starter with a continuous improvement mindset and a collaborative approach. Experience creating presentations for business discussions and reporting. Experience of Risk Management / GRC related technologies and toolsets. Experience working in cross functional large projects with dispersed teams.
Role: Configuration Management Lead / Configuration Manager Location: Warwick Experience: 8+ years Work mode: Hybrid Key Responsibilities Configuration Management Strategy & Governance Define and implement the Configuration Management strategy, policies, and processes. Establish and maintain the CMDB governance framework aligned with ITIL best practices. Ensure standardization of configuration management processes across the organization. Drive CMDB maturity and continuous improvement initiatives. CMDB Management & Data Integrity Own and maintain the CMDB platform ensuring accuracy, completeness, and consistency of data. Define CI classes, attributes, relationships, and lifecycle management. Implement processes for CI identification, control, status accounting, and verification/audit. Conduct regular audits and reconciliation of CMDB data with discovery tools. IT Asset & Service Mapping Manage IT asset lifecycle (hardware, software, cloud resources). Enable service mapping and dependency mapping across applications and infrastructure. Integrate CMDB with discovery and monitoring tools for real time updates. Ensure alignment between asset management and configuration management. Integration with ITSM Processes Collaborate with Incident, Problem, Change, and Release Management teams. Ensure CMDB supports impact analysis, root cause analysis, and change risk assessment. Enable accurate service impact visibility during outages or changes. Drive adoption of CMDB across operations teams. Tools & Automation Lead implementation and enhancement of tools such as ServiceNow CMDB, BMC Helix, etc. Leverage automation and discovery tools for CI population and updates. Define integrations with monitoring, cloud, DevOps, and security systems. Improve efficiency through scripting, APIs, and automation frameworks. Reporting & Analytics Develop dashboards and reports for CMDB health, data quality, and compliance. Track KPIs such as data accuracy, CI completeness, audit compliance, and usage metrics. Provide insights for decision making and operational improvements. Stakeholder & Team Management Engage with cross functional teams (Infrastructure, Cloud, Security, DevOps). Act as SME for configuration management processes and toolsets. Lead and mentor CMDB analysts and administrators. Collaborate with vendors and tool partners. Risk, Compliance & Audit Ensure compliance with internal policies and regulatory requirements. Support audit activities and provide CMDB evidence as required. Identify risks in configuration data and implement mitigation actions. Required Skills & Competencies Technical Skills Strong expertise in Configuration Management, CMDB, and IT Asset Management. Deep understanding of ITIL v3/v4 (Service Asset & Configuration Management). Hands on experience with tools like ServiceNow CMDB, BMC Remedy/Helix, Micro Focus. Knowledge of Discovery tools (e.g., ServiceNow Discovery, SCCM, Tanium). Understanding of cloud platforms (Azure, AWS, GCP) and hybrid environments. Familiarity with APIs, automation tools, and scripting (PowerShell, Python). Functional Skills Service mapping and dependency modeling. Data governance and quality management. IT Operations and Service Management integration. Leadership Skills Strong stakeholder management and collaboration abilities. Ability to lead cross functional teams and influence without authority. Analytical and problem solving mindset. Excellent communication and presentation skills.
08/06/2026
Full time
Role: Configuration Management Lead / Configuration Manager Location: Warwick Experience: 8+ years Work mode: Hybrid Key Responsibilities Configuration Management Strategy & Governance Define and implement the Configuration Management strategy, policies, and processes. Establish and maintain the CMDB governance framework aligned with ITIL best practices. Ensure standardization of configuration management processes across the organization. Drive CMDB maturity and continuous improvement initiatives. CMDB Management & Data Integrity Own and maintain the CMDB platform ensuring accuracy, completeness, and consistency of data. Define CI classes, attributes, relationships, and lifecycle management. Implement processes for CI identification, control, status accounting, and verification/audit. Conduct regular audits and reconciliation of CMDB data with discovery tools. IT Asset & Service Mapping Manage IT asset lifecycle (hardware, software, cloud resources). Enable service mapping and dependency mapping across applications and infrastructure. Integrate CMDB with discovery and monitoring tools for real time updates. Ensure alignment between asset management and configuration management. Integration with ITSM Processes Collaborate with Incident, Problem, Change, and Release Management teams. Ensure CMDB supports impact analysis, root cause analysis, and change risk assessment. Enable accurate service impact visibility during outages or changes. Drive adoption of CMDB across operations teams. Tools & Automation Lead implementation and enhancement of tools such as ServiceNow CMDB, BMC Helix, etc. Leverage automation and discovery tools for CI population and updates. Define integrations with monitoring, cloud, DevOps, and security systems. Improve efficiency through scripting, APIs, and automation frameworks. Reporting & Analytics Develop dashboards and reports for CMDB health, data quality, and compliance. Track KPIs such as data accuracy, CI completeness, audit compliance, and usage metrics. Provide insights for decision making and operational improvements. Stakeholder & Team Management Engage with cross functional teams (Infrastructure, Cloud, Security, DevOps). Act as SME for configuration management processes and toolsets. Lead and mentor CMDB analysts and administrators. Collaborate with vendors and tool partners. Risk, Compliance & Audit Ensure compliance with internal policies and regulatory requirements. Support audit activities and provide CMDB evidence as required. Identify risks in configuration data and implement mitigation actions. Required Skills & Competencies Technical Skills Strong expertise in Configuration Management, CMDB, and IT Asset Management. Deep understanding of ITIL v3/v4 (Service Asset & Configuration Management). Hands on experience with tools like ServiceNow CMDB, BMC Remedy/Helix, Micro Focus. Knowledge of Discovery tools (e.g., ServiceNow Discovery, SCCM, Tanium). Understanding of cloud platforms (Azure, AWS, GCP) and hybrid environments. Familiarity with APIs, automation tools, and scripting (PowerShell, Python). Functional Skills Service mapping and dependency modeling. Data governance and quality management. IT Operations and Service Management integration. Leadership Skills Strong stakeholder management and collaboration abilities. Ability to lead cross functional teams and influence without authority. Analytical and problem solving mindset. Excellent communication and presentation skills.
Salary: £45,000 - £52,000 per annum Employment type: Permanent Hours per week: 37 Reporting into: Senior Information Security Analyst Department: IT About Arden University We are an aspirational and multi-award-winning university, delivering rapid growth with ambitious plans to disrupt the HE sector through our passion for innovation and digital education. Our vision is to become the first-choice university for career-focused lifelong learners worldwide, ensuring that everyone, everywhere can access higher education. There has never been a more exciting time to join Arden University, as we expand into new disciplines, forge worldwide partnerships, and expand our locations. About our Department The Information Security Analyst sits within the Information Security Team as part of the wider IT Department. This team is crucial in ensuring that the security of all Arden information is world class and ensures that projects can be delivered and the right solutions can be found so that our employees and students can work effectively. Our IT team is made up of around 60 employees with a vast range of skills from Software Development to IT Operations and IT Security. Our IT Department values employee development and we have lots of great examples of employee progression and promotions within the team. About the Opportunity As an Information Security Analyst, you'll play a key role in protecting the university's information assets while helping to shape and strengthen our security culture. You'll be responsible for maintaining and enhancing our information security framework, ensuring that policies, procedures, controls, and risk management activities remain effective and aligned with industry best practice. You'll have the opportunity to contribute to the design and implementation of new security controls, helping to continually improve our security posture and support our ongoing compliance with ISO 27001. This is a varied and collaborative role where you'll work closely with colleagues across IT, Cyber Security, and the wider university community to embed security into everyday operations and strategic initiatives. You'll also take a leading role in coordinating Business Continuity Management activities, supporting the university's resilience objectives and alignment with ISO 22301. Whether you're conducting risk assessments, supporting audits, advising stakeholders, or helping drive security improvements, you'll have the opportunity to make a tangible impact in a growing organisation that places digital innovation and student success at the heart of everything it does. About You If you're passionate about information security, enjoy working with a wide range of stakeholders, and want to contribute to a meaningful mission in higher education, we'd love to hear from you. Essential requirements Strong understanding of information security principles, governance frameworks, and security control management. Knowledge of Information Security Management Systems (ISMS) and associated compliance requirements. Working knowledge of recognised security frameworks and standards such as ISO 27001, NIST, Cyber Essentials, or PCI DSS. Conducting risk assessments and developing appropriate risk treatment recommendations. Drafting and maintaining information security policies, procedures, standards, and supporting documentation. Strong understanding of risk management, assurance, and business continuity principles. Familiarity with ISO 22301, BCI Good Practice Guidelines, and business continuity best practices. Ability to assess the effectiveness of security controls and identify areas for improvement using logical and analytical thinking. Strong analytical skills with the ability to interpret data and produce clear, actionable reports. Excellent written and verbal communication skills, with the ability to engage stakeholders at all levels of the organisation. Meticulous attention to detail and a methodical approach to problem-solving. Ability to manage multiple priorities and work effectively in a complex organisational environment. A minimum of two years' involvement in information security, information governance, risk management, or a related discipline. Why Arden At Arden, you will become a part of a passionate and dedicated team who are committed to removing unnecessary barriers to learning and making education more accessible. Our people work hard to ensure our students journeys are the best they can possibly be, as such we want to reward our people with fantastic benefits. Employees benefit from: 30 days holiday + bank holidays on-top, and even a Christmas closure! A generous Aviva pension plan, company contributions starting from 7% BUPA Cash Plan Private Medical Insurance coverage (applies to certain job roles) Access to Perkbox benefits Study any Arden course for free, with a discount for all family and friends Plus, other excellent benefits Our 'Golden Ticket' which allows you to gift anyone in your life a free Arden education Our Values Stand out, Progressive, Accessible, Resourceful, Kindness, reflect who we are as an institution, a team and as individuals. If they also reflect you and you are excited by the chance to be the driving, creative force within a growing business, we want to hear from you. There has never been a more exciting time to join Arden University, as we expand into new disciplines and locations. Closing Date: 18th June (midnight) Equity, Diversity & Inclusion Arden University is proud to be a Disability Confident Employer. This means that if you have a disability, as defined by the Disability Equality Act 2010, you may be guaranteed an interview if you meet the essential criteria for the role. If you wish to be considered under this scheme, you can indicate via the application form below. By doing so, you are also consenting for this information to be shared with the hiring team. For more details on what qualifies as a disability under the Disability Equality Act 2010, please refer the guidance here. As an Equal Opportunity Employer we celebrate diversity and are committed to creating a diverse and inclusive workplace. Therefore, we make sure that our recruitment and selection processes never discriminate based upon people's age, disability, gender, race or ethnicity, religion or belief, sexual orientation, or other personal circumstances, and actively welcome applications from all groups. Sponsorship statement Please be aware that some roles may not meet the points requirement for a Sponsored Skilled Worker visa, or fulfil the criteria we have for providing sponsorship. However we welcome applications from candidates who do not currently have the right to work in the UK but may be eligible for a visa through an alternative route.
07/06/2026
Full time
Salary: £45,000 - £52,000 per annum Employment type: Permanent Hours per week: 37 Reporting into: Senior Information Security Analyst Department: IT About Arden University We are an aspirational and multi-award-winning university, delivering rapid growth with ambitious plans to disrupt the HE sector through our passion for innovation and digital education. Our vision is to become the first-choice university for career-focused lifelong learners worldwide, ensuring that everyone, everywhere can access higher education. There has never been a more exciting time to join Arden University, as we expand into new disciplines, forge worldwide partnerships, and expand our locations. About our Department The Information Security Analyst sits within the Information Security Team as part of the wider IT Department. This team is crucial in ensuring that the security of all Arden information is world class and ensures that projects can be delivered and the right solutions can be found so that our employees and students can work effectively. Our IT team is made up of around 60 employees with a vast range of skills from Software Development to IT Operations and IT Security. Our IT Department values employee development and we have lots of great examples of employee progression and promotions within the team. About the Opportunity As an Information Security Analyst, you'll play a key role in protecting the university's information assets while helping to shape and strengthen our security culture. You'll be responsible for maintaining and enhancing our information security framework, ensuring that policies, procedures, controls, and risk management activities remain effective and aligned with industry best practice. You'll have the opportunity to contribute to the design and implementation of new security controls, helping to continually improve our security posture and support our ongoing compliance with ISO 27001. This is a varied and collaborative role where you'll work closely with colleagues across IT, Cyber Security, and the wider university community to embed security into everyday operations and strategic initiatives. You'll also take a leading role in coordinating Business Continuity Management activities, supporting the university's resilience objectives and alignment with ISO 22301. Whether you're conducting risk assessments, supporting audits, advising stakeholders, or helping drive security improvements, you'll have the opportunity to make a tangible impact in a growing organisation that places digital innovation and student success at the heart of everything it does. About You If you're passionate about information security, enjoy working with a wide range of stakeholders, and want to contribute to a meaningful mission in higher education, we'd love to hear from you. Essential requirements Strong understanding of information security principles, governance frameworks, and security control management. Knowledge of Information Security Management Systems (ISMS) and associated compliance requirements. Working knowledge of recognised security frameworks and standards such as ISO 27001, NIST, Cyber Essentials, or PCI DSS. Conducting risk assessments and developing appropriate risk treatment recommendations. Drafting and maintaining information security policies, procedures, standards, and supporting documentation. Strong understanding of risk management, assurance, and business continuity principles. Familiarity with ISO 22301, BCI Good Practice Guidelines, and business continuity best practices. Ability to assess the effectiveness of security controls and identify areas for improvement using logical and analytical thinking. Strong analytical skills with the ability to interpret data and produce clear, actionable reports. Excellent written and verbal communication skills, with the ability to engage stakeholders at all levels of the organisation. Meticulous attention to detail and a methodical approach to problem-solving. Ability to manage multiple priorities and work effectively in a complex organisational environment. A minimum of two years' involvement in information security, information governance, risk management, or a related discipline. Why Arden At Arden, you will become a part of a passionate and dedicated team who are committed to removing unnecessary barriers to learning and making education more accessible. Our people work hard to ensure our students journeys are the best they can possibly be, as such we want to reward our people with fantastic benefits. Employees benefit from: 30 days holiday + bank holidays on-top, and even a Christmas closure! A generous Aviva pension plan, company contributions starting from 7% BUPA Cash Plan Private Medical Insurance coverage (applies to certain job roles) Access to Perkbox benefits Study any Arden course for free, with a discount for all family and friends Plus, other excellent benefits Our 'Golden Ticket' which allows you to gift anyone in your life a free Arden education Our Values Stand out, Progressive, Accessible, Resourceful, Kindness, reflect who we are as an institution, a team and as individuals. If they also reflect you and you are excited by the chance to be the driving, creative force within a growing business, we want to hear from you. There has never been a more exciting time to join Arden University, as we expand into new disciplines and locations. Closing Date: 18th June (midnight) Equity, Diversity & Inclusion Arden University is proud to be a Disability Confident Employer. This means that if you have a disability, as defined by the Disability Equality Act 2010, you may be guaranteed an interview if you meet the essential criteria for the role. If you wish to be considered under this scheme, you can indicate via the application form below. By doing so, you are also consenting for this information to be shared with the hiring team. For more details on what qualifies as a disability under the Disability Equality Act 2010, please refer the guidance here. As an Equal Opportunity Employer we celebrate diversity and are committed to creating a diverse and inclusive workplace. Therefore, we make sure that our recruitment and selection processes never discriminate based upon people's age, disability, gender, race or ethnicity, religion or belief, sexual orientation, or other personal circumstances, and actively welcome applications from all groups. Sponsorship statement Please be aware that some roles may not meet the points requirement for a Sponsored Skilled Worker visa, or fulfil the criteria we have for providing sponsorship. However we welcome applications from candidates who do not currently have the right to work in the UK but may be eligible for a visa through an alternative route.
Discover your future at Citi Working at Citi is far more than just a job. A career with us means joining a team of more than 230,000 dedicated people from around the globe. At Citi, you'll have the opportunity to grow your career, give back to your community and make a real impact. Job Overview Engineer the future of global finance. At Citi, our Tech team doesn't just support finance - we are helping to redefine it. Every day, $5 trillion crosses through our network. We do business in 180+ countries operating at a scale few can match. From deploying advanced AI to helping shape global markets, we build systems that matter. Look to join a team where your work helps influence economies, your ideas can drive innovation and outcomes, and your growth is backed by mentorship, continuous learning and flexibility with potential hybrid work opportunities. Help solve real world challenges that touch millions and get the opportunity to build the future of finance with Citi Tech. Role Overview In this role, you will be responsible for coordinating and executing individual rights requests (IRR) in accordance with global privacy regulations, including GDPR, CCPA/CPRA, and other applicable frameworks. The role ensures timely and compliant responses to data subjects exercising their privacy rights, including access, correction, deletion, restriction, and portability. You will collaborate closely with legal, technology, and data governance functions to manage requests end to end, maintain evidence of compliance, and continuously improve operational efficiency. Responsibilities Manage intake, validation, and processing of IRRs, ensuring accuracy and adherence to regulatory timelines. Ensure the completion of the identity verification process and assess complexity of each request; coordinate with business units and data owners to retrieve and validate relevant data. Review and redact responsive data prior to disclosure, ensuring compliance with legal exemptions and internal data handling policies. Maintain centralized tracking and audit records for all requests, documenting decisions, communications, and actions. Partner with Legal, Privacy, and Information Security teams to interpret obligations and apply consistent decision criteria. Use privacy management platforms for workflow, evidence, and reporting. Identify opportunities for automation and process optimization, including templated responses, SLA monitoring, and cross tool integration. Support regulatory inquiries, internal audits, and 2LoD reviews by providing metrics and documentation. Assist with preparation of performance metrics and trends on request types, completion time, and compliance rates. Qualifications Extensive experience in privacy operations, compliance, or information governance, preferably in a financial services environment. Strong understanding of data protection regulations (GDPR, CCPA/CPRA, GLBA, etc.). Demonstrated ability to work cross functionally and manage complex data discovery efforts. Communicates effectively, develops and delivers multi mode communications that convey a clear understanding of the unique needs of different audiences; able to drive consensus, and influence relationships at all levels. Collaborates effectively by building partnerships and working well with others to meet shared objectives. Strong negotiation, influencing and stakeholder management skills across a variety of stakeholders at different levels. Optimizes work processes by balancing effective/efficient processes with a focus on continuous improvement. Demonstrates ability to balance between understanding the "big picture" while paying close attention to detail. Up to date understanding of key data privacy risk and control concepts, tools and trends. Certifications such as CIPP/E, CIPP/US, or CIPM preferred. Education Bachelor's/University degree or equivalent experience This job description provides a high level review of the types of work performed. Other job related duties may be assigned as required. What we'll provide you By joining Citi, you will not only be part of a business casual workplace with a hybrid working model (up to 2 days working at home per week), but also receive a competitive base salary (which is annually reviewed), and enjoy a whole host of additional benefits such as: 27 days annual leave (plus bank holidays) A discretionary annual performance related bonus Private Medical Care & Life Insurance Employee Assistance Program Pension Plan Paid Parental Leave Special discounts for employees, family, and friends Access to an array of learning and development resources Visit ourGlobal Benefitspage to learn more. Alongside these benefits Citi is committed to ensuring our workplace is where everyone feels comfortable coming to work as their whole self, every day. We want the best talent around the world to be energized to join us, motivated to stay and empowered to thrive. Other Details Job Family Group: Data Governance Job Family: Data Privacy & Data Transfers Time Type: Full time Most Relevant Skills: Constructive Debate, Data Governance, Data Management, Internal Controls, Laws and Regulations, Management Reporting, Policy and Procedure, Program Management, Regulatory Management, Risk Controls and Monitors. Other Relevant Skills: For complementary skills, please see above and/or contact the recruiter. Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi. View Citi's EEO Policy Statement and the Know Your Rights poster.
07/06/2026
Full time
Discover your future at Citi Working at Citi is far more than just a job. A career with us means joining a team of more than 230,000 dedicated people from around the globe. At Citi, you'll have the opportunity to grow your career, give back to your community and make a real impact. Job Overview Engineer the future of global finance. At Citi, our Tech team doesn't just support finance - we are helping to redefine it. Every day, $5 trillion crosses through our network. We do business in 180+ countries operating at a scale few can match. From deploying advanced AI to helping shape global markets, we build systems that matter. Look to join a team where your work helps influence economies, your ideas can drive innovation and outcomes, and your growth is backed by mentorship, continuous learning and flexibility with potential hybrid work opportunities. Help solve real world challenges that touch millions and get the opportunity to build the future of finance with Citi Tech. Role Overview In this role, you will be responsible for coordinating and executing individual rights requests (IRR) in accordance with global privacy regulations, including GDPR, CCPA/CPRA, and other applicable frameworks. The role ensures timely and compliant responses to data subjects exercising their privacy rights, including access, correction, deletion, restriction, and portability. You will collaborate closely with legal, technology, and data governance functions to manage requests end to end, maintain evidence of compliance, and continuously improve operational efficiency. Responsibilities Manage intake, validation, and processing of IRRs, ensuring accuracy and adherence to regulatory timelines. Ensure the completion of the identity verification process and assess complexity of each request; coordinate with business units and data owners to retrieve and validate relevant data. Review and redact responsive data prior to disclosure, ensuring compliance with legal exemptions and internal data handling policies. Maintain centralized tracking and audit records for all requests, documenting decisions, communications, and actions. Partner with Legal, Privacy, and Information Security teams to interpret obligations and apply consistent decision criteria. Use privacy management platforms for workflow, evidence, and reporting. Identify opportunities for automation and process optimization, including templated responses, SLA monitoring, and cross tool integration. Support regulatory inquiries, internal audits, and 2LoD reviews by providing metrics and documentation. Assist with preparation of performance metrics and trends on request types, completion time, and compliance rates. Qualifications Extensive experience in privacy operations, compliance, or information governance, preferably in a financial services environment. Strong understanding of data protection regulations (GDPR, CCPA/CPRA, GLBA, etc.). Demonstrated ability to work cross functionally and manage complex data discovery efforts. Communicates effectively, develops and delivers multi mode communications that convey a clear understanding of the unique needs of different audiences; able to drive consensus, and influence relationships at all levels. Collaborates effectively by building partnerships and working well with others to meet shared objectives. Strong negotiation, influencing and stakeholder management skills across a variety of stakeholders at different levels. Optimizes work processes by balancing effective/efficient processes with a focus on continuous improvement. Demonstrates ability to balance between understanding the "big picture" while paying close attention to detail. Up to date understanding of key data privacy risk and control concepts, tools and trends. Certifications such as CIPP/E, CIPP/US, or CIPM preferred. Education Bachelor's/University degree or equivalent experience This job description provides a high level review of the types of work performed. Other job related duties may be assigned as required. What we'll provide you By joining Citi, you will not only be part of a business casual workplace with a hybrid working model (up to 2 days working at home per week), but also receive a competitive base salary (which is annually reviewed), and enjoy a whole host of additional benefits such as: 27 days annual leave (plus bank holidays) A discretionary annual performance related bonus Private Medical Care & Life Insurance Employee Assistance Program Pension Plan Paid Parental Leave Special discounts for employees, family, and friends Access to an array of learning and development resources Visit ourGlobal Benefitspage to learn more. Alongside these benefits Citi is committed to ensuring our workplace is where everyone feels comfortable coming to work as their whole self, every day. We want the best talent around the world to be energized to join us, motivated to stay and empowered to thrive. Other Details Job Family Group: Data Governance Job Family: Data Privacy & Data Transfers Time Type: Full time Most Relevant Skills: Constructive Debate, Data Governance, Data Management, Internal Controls, Laws and Regulations, Management Reporting, Policy and Procedure, Program Management, Regulatory Management, Risk Controls and Monitors. Other Relevant Skills: For complementary skills, please see above and/or contact the recruiter. Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi. View Citi's EEO Policy Statement and the Know Your Rights poster.
Bristow Holland is recruiting for a Cyber Security Analyst to join a growing organisation based in Felixstowe. The role offers a hybrid working model with 50% working from home and 50% in the office. This is a fantastic opportunity for someone early in their cyber security career who is looking to build hands-on experience across IT security, networking, governance, and compliance within a business-focused environment. You ll be joining a small but experienced security team where you ll gain exposure across a wide range of areas including cyber security operations, risk management, audits, and compliance frameworks such as Cyber Essentials and ISO 27001. Key Responsibilities Support day-to-day IT and cyber security operations across the business Assist with monitoring and responding to security alerts and incidents Help maintain and improve network and system security controls Support Cyber Essentials and ISO 27001 compliance activities Assist with internal and external security audits Contribute to security policies, procedures, and documentation Work closely with IT and infrastructure teams to improve security posture Gain exposure to vulnerability management and risk assessments Skills & Experience Required One of the following three: 1 years experience in Cyber Security or IT Security A degree in a relevant IT or Cyber Security discipline Or relevant cyber security training / certifications (e.g. CompTIA Security+, etc.) Strong interest in cyber security and IT infrastructure Basic understanding of networking (TCP/IP, DNS, firewalls) Good communication and willingness to learn Analytical mindset with strong attention to detail
07/06/2026
Full time
Bristow Holland is recruiting for a Cyber Security Analyst to join a growing organisation based in Felixstowe. The role offers a hybrid working model with 50% working from home and 50% in the office. This is a fantastic opportunity for someone early in their cyber security career who is looking to build hands-on experience across IT security, networking, governance, and compliance within a business-focused environment. You ll be joining a small but experienced security team where you ll gain exposure across a wide range of areas including cyber security operations, risk management, audits, and compliance frameworks such as Cyber Essentials and ISO 27001. Key Responsibilities Support day-to-day IT and cyber security operations across the business Assist with monitoring and responding to security alerts and incidents Help maintain and improve network and system security controls Support Cyber Essentials and ISO 27001 compliance activities Assist with internal and external security audits Contribute to security policies, procedures, and documentation Work closely with IT and infrastructure teams to improve security posture Gain exposure to vulnerability management and risk assessments Skills & Experience Required One of the following three: 1 years experience in Cyber Security or IT Security A degree in a relevant IT or Cyber Security discipline Or relevant cyber security training / certifications (e.g. CompTIA Security+, etc.) Strong interest in cyber security and IT infrastructure Basic understanding of networking (TCP/IP, DNS, firewalls) Good communication and willingness to learn Analytical mindset with strong attention to detail
Sr. Electrical Engineer Job Type: Full-time Role Overview Join our Global Information Security Governance & Assurance team as our new Senior Lead Analyst - Cyber Investigations & Assurance and work with us to close the gap to a sustainable future. Responsibilities Handle sensitive and complex investigations that require trust, discretion, and strong judgement. Help strengthen Ramboll's integrity, compliance, and resilience in a rapidly changing risk landscape. Work at the intersection of cybersecurity, governance, and ethics in a global organization.
06/06/2026
Full time
Sr. Electrical Engineer Job Type: Full-time Role Overview Join our Global Information Security Governance & Assurance team as our new Senior Lead Analyst - Cyber Investigations & Assurance and work with us to close the gap to a sustainable future. Responsibilities Handle sensitive and complex investigations that require trust, discretion, and strong judgement. Help strengthen Ramboll's integrity, compliance, and resilience in a rapidly changing risk landscape. Work at the intersection of cybersecurity, governance, and ethics in a global organization.
We have an exciting opportunity for a GRC Analyst - Data Protection & GDPR Compliance to join our award winning Business Change and Technology (BC&T) team on a 12 month Fixed Term Contract. You will be based in Birmingham City Centre, working in a hybrid role. Reporting to the IT Licensing & Compliance Manager, these roles support Mitchells & Butlers' governance, risk, and compliance (GRC) activities, with a strong focus on information security, privacy, and regulatory assurance across the organisation. Here at Mitchells & Butlers, we own and run more than 1,600 pubs, bars and restaurants including the stylish All Bar One brand, legendary Miller & Carter steakhouses, and the iconic Toby Carvery, alongside our Mediterranean brands Ego and Pesto. We set the industry standard within hospitality. This specialism focuses on data protection assurance and GDPR compliance, ensuring personal data is processed lawfully, proportionately, and in line with regulatory and organisational requirements. Benefits 35 hours per week, Monday to Friday, with flexibility around personal commitments. 33% discount across all M&B brands and hotels. A pension that pays, with contributions matched at 1.5x, up to 5%. Private healthcare, dental plan, cycle to work, and keep fit schemes. 26 days annual leave plus bank holidays. Competitive salary. Key responsibilities include: Reviewing how personal data is used across M&B systems, business processes, and technology solutions. Assessing and documenting PII risks, gaps, and recommended actions in line with GDPR, the UK Data Protection Act, and M&B risk management processes. Ensuring data minimisation principles are applied by identifying unnecessary collection, processing, or retention of personal data. Constructively challenging business teams where personal data processing is excessive or insufficiently justified. Identifying opportunities to reduce, anonymise, or eliminate personal data processing where it is not essential to business needs. Maintaining visibility of personal data usage, including data classification, sensitivity, and lifecycle controls. Providing clear, pragmatic risk assessments and guidance to business stakeholders on personal data processing. Governance, Risk & Compliance Support the review, development, and rollout of information security and data protection policies. Contribute to the management of information security, third party, and privacy risk registers. Produce compliance reports, dashboards, and metrics for management and senior stakeholders. Assist with internal and external audits, including GDPR assurance, PCI DSS, and financial audits. Support control reviews, evidence gathering, and policy adoption across the organisation. Maintain clear, accurate, and auditable compliance documentation. Security & Privacy Operations Track remediation of identified security, privacy, and compliance issues to ensure timely closure. Support incident and breach response activities, including investigation, documentation, and follow up actions. Review and document business, data, and supplier processes to support governance, risk, and compliance activities. Provide clear, auditable documentation to evidence risk decisions, approvals, and outcomes. What you'll need to bring Strong understanding of GDPR, the UK Data Protection Act, and privacy and security control requirements. Experience working in GRC, information security, data protection, supplier assurance, or a related compliance role. Ability to interpret and assess technical and organisational controls. Strong analytical skills with excellent attention to detail. Confident written and verbal communication skills, able to engage across legal, technical, and operational teams. Experience contributing to incident or breach investigations. Ability to manage multiple competing priorities and constructively challenge established processes. Qualifications Minimum 3 years' experience in a relevant role. CIPP/E, CIPM, CompTIA Security+, or BCS Practitioner Certificate in Data Protection desirable. Closing date Monday 25th May :59pm
06/06/2026
Full time
We have an exciting opportunity for a GRC Analyst - Data Protection & GDPR Compliance to join our award winning Business Change and Technology (BC&T) team on a 12 month Fixed Term Contract. You will be based in Birmingham City Centre, working in a hybrid role. Reporting to the IT Licensing & Compliance Manager, these roles support Mitchells & Butlers' governance, risk, and compliance (GRC) activities, with a strong focus on information security, privacy, and regulatory assurance across the organisation. Here at Mitchells & Butlers, we own and run more than 1,600 pubs, bars and restaurants including the stylish All Bar One brand, legendary Miller & Carter steakhouses, and the iconic Toby Carvery, alongside our Mediterranean brands Ego and Pesto. We set the industry standard within hospitality. This specialism focuses on data protection assurance and GDPR compliance, ensuring personal data is processed lawfully, proportionately, and in line with regulatory and organisational requirements. Benefits 35 hours per week, Monday to Friday, with flexibility around personal commitments. 33% discount across all M&B brands and hotels. A pension that pays, with contributions matched at 1.5x, up to 5%. Private healthcare, dental plan, cycle to work, and keep fit schemes. 26 days annual leave plus bank holidays. Competitive salary. Key responsibilities include: Reviewing how personal data is used across M&B systems, business processes, and technology solutions. Assessing and documenting PII risks, gaps, and recommended actions in line with GDPR, the UK Data Protection Act, and M&B risk management processes. Ensuring data minimisation principles are applied by identifying unnecessary collection, processing, or retention of personal data. Constructively challenging business teams where personal data processing is excessive or insufficiently justified. Identifying opportunities to reduce, anonymise, or eliminate personal data processing where it is not essential to business needs. Maintaining visibility of personal data usage, including data classification, sensitivity, and lifecycle controls. Providing clear, pragmatic risk assessments and guidance to business stakeholders on personal data processing. Governance, Risk & Compliance Support the review, development, and rollout of information security and data protection policies. Contribute to the management of information security, third party, and privacy risk registers. Produce compliance reports, dashboards, and metrics for management and senior stakeholders. Assist with internal and external audits, including GDPR assurance, PCI DSS, and financial audits. Support control reviews, evidence gathering, and policy adoption across the organisation. Maintain clear, accurate, and auditable compliance documentation. Security & Privacy Operations Track remediation of identified security, privacy, and compliance issues to ensure timely closure. Support incident and breach response activities, including investigation, documentation, and follow up actions. Review and document business, data, and supplier processes to support governance, risk, and compliance activities. Provide clear, auditable documentation to evidence risk decisions, approvals, and outcomes. What you'll need to bring Strong understanding of GDPR, the UK Data Protection Act, and privacy and security control requirements. Experience working in GRC, information security, data protection, supplier assurance, or a related compliance role. Ability to interpret and assess technical and organisational controls. Strong analytical skills with excellent attention to detail. Confident written and verbal communication skills, able to engage across legal, technical, and operational teams. Experience contributing to incident or breach investigations. Ability to manage multiple competing priorities and constructively challenge established processes. Qualifications Minimum 3 years' experience in a relevant role. CIPP/E, CIPM, CompTIA Security+, or BCS Practitioner Certificate in Data Protection desirable. Closing date Monday 25th May :59pm
Ramboll Group A/S is seeking a Senior Lead Analyst to join their Global Information Security Governance & Assurance team. This full-time position requires handling sensitive investigations, thereby strengthening the organization's integrity and compliance. The chosen candidate will work at the intersection of cybersecurity, governance, and ethics, contributing to a resilient and sustainable future amid a rapidly changing risk landscape.
06/06/2026
Full time
Ramboll Group A/S is seeking a Senior Lead Analyst to join their Global Information Security Governance & Assurance team. This full-time position requires handling sensitive investigations, thereby strengthening the organization's integrity and compliance. The chosen candidate will work at the intersection of cybersecurity, governance, and ethics, contributing to a resilient and sustainable future amid a rapidly changing risk landscape.
Choose a partner with intimate knowledge of your industry and first-hand experience of defining its future.Your locationYour locationIndustriesChoose a partner with intimate knowledge of your industry and first-hand experience of defining its future.# Senior PMO AnalystTelfordWe're looking for a Senior PMO Analyst who lives and breathes financial control: forecasting, month end, variances, and data driven insight that helps leaders make the right calls at the right time. You'll pair sharp financial analysis with strong PMO discipline to keep complex programmes on track-commercially, operationally, and strategically. We're also seeking candidates with the ambition and drive to progress into a future PMO Lead role as part of their career development journey.When programmes scale, the difference between success and slippage is often financial clarity. In this role, you will own the financial heartbeat of delivery-turning data into decisions, surfacing risk early, and giving senior stakeholders the confidence to move fast with control.Hybrid working: The places that you work from day to day will vary according to your role, your needs, and those of the business; it will be a blend of Company offices, client sites, and your home; noting that you will be unable to work at home 100% of the time.If you are successfully offered this position, you will go through a series of pre-employment checks, including: identity, nationality (single or dual) or immigration status, employment history going back 3 continuous years, and unspent criminal record check (known as Disclosure and Barring Service) Your role Own the numbers (Critical) • Lead the forecasting and reporting cycle-budgets, actuals, variances-delivered accurately and on time. • Partner with Finance and Project Managers to validate inputs, reconcile discrepancies, and maintain a single source of truth. • Support month end close, cost tracking, commercial alignment, and audit/compliance readiness.Drive predictability • Build and maintain integrated plans, key milestones, and capacity views that align to the financial baseline. • Track progress, spot slippage early, and recommend corrective actions backed by data.Raise the bar on governance • Run high quality RAID and assurance processes across multiple workstreams. • Keep governance artefacts audit ready and contract compliant at all times.Communicate with clarity • Create executive ready packs and dashboards that distil complex data into concise, decision ready insights. • Build trusted relationships and challenge constructively at all levels.Champion continuous improvement & AI driven efficiency • Drive a culture of smarter, faster, more effective delivery by continuously improving PMO processes and standards. Identify opportunities to streamline workflows, remove manual effort, and enhance data quality. • Champion the adoption and responsible use of AI tools and automation to improve forecasting accuracy, reporting speed, risk visibility, and overall PMO efficiency. • Pilot new ways of working, share best practice, and coach colleagues to build confidence and capability in modern PMO tooling. Your skills and experience • Financial governance expertise within programmes or portfolios (forecasting, budgets, cost control, month end , variance analysis). • Strong analytical mindset; able to interrogate data, spot anomalies, and tell the story behind the numbers. • Solid PMO fundamentals across planning, governance, reporting, and assurance. • Excellent communication skills and the confidence to influence senior stakeholders. • Proactive, self driven , and comfortable owning defined areas of delivery.To be successfully appointed to this role, it is a requirement to obtain Security Check (SC) clearance. To obtain SC clearance, the successful applicant must have resided continuously within the United Kingdom for the last 5 years, along with other criteria and requirements.Throughout the recruitment process, you will be asked questions about your security clearance eligibility such as, but not limited to, country of residence and nationality.Some posts are restricted to sole UK Nationals for security reasons; therefore, you may be asked about your citizenship in the application process.We realise a Total Reward package should be more than just compensation. At Capgemini we offer range of core and flexible benefits and have a Peer Recognition Portal called Applaud. You will be empowered to explore, innovate, and progress. You will benefit from Capgemini's 'learning for life' mindset, meaning you will have countless training and development opportunities from thinktanks to hackathons, and access to 250,000 courses with numerous external certifications from AWS, Microsoft, Harvard ManageMentor, Cybersecurity qualifications and much more. Why you should consider Capgemini Growing clients' businesses while building a more sustainable, more inclusive future is a tough ask. When you join Capgemini, you'll join a thriving company and become part of a collective of free-thinkers, entrepreneurs and industry experts. We find new ways technology can help us reimagine what's possible. It's why, together, we seek out opportunities that will transform the world's leading businesses, and it's how you'll gain the experiences and connections you need to shape your future. By learning from each other every day, sharing knowledge, and always pushing yourself to do better, you'll build the skills you want. You'll use your skills to help our clients leverage technology to innovate and grow their business. So, it might not always be easy, but making the world a better place rarely is.
06/06/2026
Full time
Choose a partner with intimate knowledge of your industry and first-hand experience of defining its future.Your locationYour locationIndustriesChoose a partner with intimate knowledge of your industry and first-hand experience of defining its future.# Senior PMO AnalystTelfordWe're looking for a Senior PMO Analyst who lives and breathes financial control: forecasting, month end, variances, and data driven insight that helps leaders make the right calls at the right time. You'll pair sharp financial analysis with strong PMO discipline to keep complex programmes on track-commercially, operationally, and strategically. We're also seeking candidates with the ambition and drive to progress into a future PMO Lead role as part of their career development journey.When programmes scale, the difference between success and slippage is often financial clarity. In this role, you will own the financial heartbeat of delivery-turning data into decisions, surfacing risk early, and giving senior stakeholders the confidence to move fast with control.Hybrid working: The places that you work from day to day will vary according to your role, your needs, and those of the business; it will be a blend of Company offices, client sites, and your home; noting that you will be unable to work at home 100% of the time.If you are successfully offered this position, you will go through a series of pre-employment checks, including: identity, nationality (single or dual) or immigration status, employment history going back 3 continuous years, and unspent criminal record check (known as Disclosure and Barring Service) Your role Own the numbers (Critical) • Lead the forecasting and reporting cycle-budgets, actuals, variances-delivered accurately and on time. • Partner with Finance and Project Managers to validate inputs, reconcile discrepancies, and maintain a single source of truth. • Support month end close, cost tracking, commercial alignment, and audit/compliance readiness.Drive predictability • Build and maintain integrated plans, key milestones, and capacity views that align to the financial baseline. • Track progress, spot slippage early, and recommend corrective actions backed by data.Raise the bar on governance • Run high quality RAID and assurance processes across multiple workstreams. • Keep governance artefacts audit ready and contract compliant at all times.Communicate with clarity • Create executive ready packs and dashboards that distil complex data into concise, decision ready insights. • Build trusted relationships and challenge constructively at all levels.Champion continuous improvement & AI driven efficiency • Drive a culture of smarter, faster, more effective delivery by continuously improving PMO processes and standards. Identify opportunities to streamline workflows, remove manual effort, and enhance data quality. • Champion the adoption and responsible use of AI tools and automation to improve forecasting accuracy, reporting speed, risk visibility, and overall PMO efficiency. • Pilot new ways of working, share best practice, and coach colleagues to build confidence and capability in modern PMO tooling. Your skills and experience • Financial governance expertise within programmes or portfolios (forecasting, budgets, cost control, month end , variance analysis). • Strong analytical mindset; able to interrogate data, spot anomalies, and tell the story behind the numbers. • Solid PMO fundamentals across planning, governance, reporting, and assurance. • Excellent communication skills and the confidence to influence senior stakeholders. • Proactive, self driven , and comfortable owning defined areas of delivery.To be successfully appointed to this role, it is a requirement to obtain Security Check (SC) clearance. To obtain SC clearance, the successful applicant must have resided continuously within the United Kingdom for the last 5 years, along with other criteria and requirements.Throughout the recruitment process, you will be asked questions about your security clearance eligibility such as, but not limited to, country of residence and nationality.Some posts are restricted to sole UK Nationals for security reasons; therefore, you may be asked about your citizenship in the application process.We realise a Total Reward package should be more than just compensation. At Capgemini we offer range of core and flexible benefits and have a Peer Recognition Portal called Applaud. You will be empowered to explore, innovate, and progress. You will benefit from Capgemini's 'learning for life' mindset, meaning you will have countless training and development opportunities from thinktanks to hackathons, and access to 250,000 courses with numerous external certifications from AWS, Microsoft, Harvard ManageMentor, Cybersecurity qualifications and much more. Why you should consider Capgemini Growing clients' businesses while building a more sustainable, more inclusive future is a tough ask. When you join Capgemini, you'll join a thriving company and become part of a collective of free-thinkers, entrepreneurs and industry experts. We find new ways technology can help us reimagine what's possible. It's why, together, we seek out opportunities that will transform the world's leading businesses, and it's how you'll gain the experiences and connections you need to shape your future. By learning from each other every day, sharing knowledge, and always pushing yourself to do better, you'll build the skills you want. You'll use your skills to help our clients leverage technology to innovate and grow their business. So, it might not always be easy, but making the world a better place rarely is.
Job Description Purpose of the role: To provide a primary liaison service between the business, technology, and security functions. In order to ensure the confidentiality, integrity and availability of information, and support the mitigation of security risk. Accountabilities Collaboration with stakeholders to understand their security requirements in business processes and IT projects, to enhance overall risk management. Execution of risk assessments to identify and prioritise potential cybersecurity threats that could impact the banks operations and data and guide the implementation of mitigation strategies and communicate findings to relevant senior stakeholders. Collaboration with business units to develop and implement security policies and procedures for the banks operations aligned to the risk management framework. Management of the implementation, testing and monitoring of security controls across the banks IT systems to ensure the effectiveness of controls and mitigation of risk. Execution of training content and sessions to educate employees, enhance cybersecurity awareness and provide guidance on safe online practices. Management of complex cybersecurity incidents by collaborating with IT teams and response experts to effectively resolve cases through analysis, expertise support and project supervision. Identification of emerging cybersecurity trends, threats, and new technologies to address potential risks by advocating the adoption of new security solutions. Director Expectations To manage a business function, providing significant input to function wide strategic initiatives. Contribute to and influence policy and procedures for the function and plan, manage and consult on multiple complex and critical strategic projects, which may be business wide. They manage the direction of a large team or sub-function, leading other people managers and embedding a performance culture aligned to the values of the business. Or for an individual contributor, they lead organisation wide projects and act as deep technical expert and thought leader, identifying new ways of working and collaborating cross functionally. They will train, guide and coach less experienced specialists and provide information affecting long term profits, organisational risks and strategic decisions. Provide expert advice to senior functional management and committees to influence decisions made outside of own function, offering significant input to function wide strategic initiatives. Manage, coordinate and enable resourcing, budgeting and policy creation for a significant sub-function. Escalates breaches of policies / procedure appropriately. Foster and guide compliance, ensure regulations are observed that relevant processes in place to facilitate adherence. Focus on the external environment, regulators, or advocacy groups to both monitor and influence on behalf of Barclays, when appropriate. Demonstrate extensive knowledge of how the function integrates with the business division / Group to achieve the overall business objectives. Maintain broad and comprehensive knowledge of industry theories and practices within own discipline alongside up-to-date relevant sector / functional knowledge, and insight into external market developments / initiatives. Use interpretative thinking and advanced analytical skills to solve problems and design solutions in often complex/ sensitive situations. Exercise management authority to make significant decisions and certain strategic decisions or recommendations within own area. Negotiate with and influence stakeholders at a senior level both internally and externally. Act as principal contact point for key clients and counterparts in other functions/ businesses divisions. Mandated as a spokesperson for the function and business division. All Senior Leaders are expected to demonstrate a clear set of leadership behaviours to create an environment for colleagues to thrive and deliver to a consistently excellent standard. The four LEAD behaviours are: L - Listen and be authentic, E - Energise and inspire, A - Align across the enterprise, D - Develop others. All colleagues will be expected to demonstrate the Barclays Values of Respect, Integrity, Service, Excellence and Stewardship - our moral compass, helping us do what we believe is right. They will also be expected to demonstrate the Barclays Mindset - to Empower, Challenge and Drive - the operating manual for how we behave. Head of GRC - Key Responsibilities Own the security policy framework, ensuring policies are current, proportionate, and aligned to PCI DSS, FCA expectations, UK GDPR, and DORA requirements. Maintain and operate the security risk register, ensuring risks are assessed consistently using a defined methodology, owned explicitly, and reported accurately to the CISO and Executive Leadership Team (ETL). Manage the relationship with external auditors, the Qualified Security Assessor (QSA), and 2nd/3rd Line of Defence (LoD) on all security and technology risk matters. Own the third party security assurance process, ensuring all vendors, partners, and card scheme integrations are risk assessed with a tiered approach proportionate to data access and criticality. Chair the monthly Cyber and Tech Risk and Controls Forum, presenting risk posture, compliance status, and material findings to the CISO, CIO and ELT. Design and maintain the control framework, mapping controls to PCI DSS, FCA, UK GDPR, and DORA requirements, and ensuring control effectiveness is tested on a continuous cycle. Produce KRI dashboards and risk reporting for CISO, CIO, and ELT consumption, ensuring risk is communicated in business terms. Lead regulatory and audit engagement on security matters, coordinating regulatory review and audit interactions and proactively managing stakeholder relationships. Own the risk assessment calendar, ensuring both cyclical and event driven assessments are executed on schedule with appropriate rigour. Manage the risk acceptance process, ensuring risk acceptance decisions are documented, time bound, approved at the appropriate authority level, and reviewed before expiry. Manage and develop the GRC team, building capability across risk assessment, compliance, and third party assurance disciplines. Key Deliverables Security risk register, reviewed and updated monthly with full audit trail in the GRC platform. PCI DSS compliance roadmap and continuously maintained evidence repository. Monthly Cyber and Tech risk and compliance report for CISO and ELT. Quarterly KRI dashboard and risk trend analysis for Risk Committee reporting. Annual third party security assurance plan with tiered assessment calendar and completion tracking. Control framework mapping document (controls mapped to PCI DSS4.0 / FCA / UK GDPR / DORA requirements). Risk assessment calendar (cyclical and event driven) with capacity planning. Risk acceptance authority matrix and active acceptance register. Required Skills and Experience CISM, CRISC, or CISSP certification. Experience with DORA (Digital Operational Resilience Act) compliance requirements and implementation. ISO27001 Lead Auditor or Lead Implementer certification. PCI QSA or Internal Security Assessor (ISA) qualification. Previous experience in FinTech, Digital Banking, Payment Acquiring organisation. Experience with Visa GACS and Mastercard SDP acquirer compliance programmes. Significant experience of progressive experience in information security governance, risk, and compliance, with at least 5 years leading a GRC team in a regulated environment. Strong understanding of UK GDPR and the role of security controls in meeting data protection obligations, including breach notification requirements and data protection impact assessments. Experience designing and operating security control frameworks mapped to multiple regulatory requirements simultaneously (e.g., a single framework serving PCI DSS, FCA, and GDPR). Understanding of cloud native architectures and their implications for compliance and risk management. Proven ability to translate technical security risks into business language for executive audiences. Experience managing internal and external audit relationships, regulatory examinations, and QSA assessments. Understanding of risk quantification methodologies and experience producing risk reporting that supports investment decisions. Proven people management experience, developing analysts and building team capability in a growing organisation. Experience with GRC tooling and platforms (e.g., Drata, Vanta, ServiceNow GRC, OneTrust, or equivalent).
06/06/2026
Full time
Job Description Purpose of the role: To provide a primary liaison service between the business, technology, and security functions. In order to ensure the confidentiality, integrity and availability of information, and support the mitigation of security risk. Accountabilities Collaboration with stakeholders to understand their security requirements in business processes and IT projects, to enhance overall risk management. Execution of risk assessments to identify and prioritise potential cybersecurity threats that could impact the banks operations and data and guide the implementation of mitigation strategies and communicate findings to relevant senior stakeholders. Collaboration with business units to develop and implement security policies and procedures for the banks operations aligned to the risk management framework. Management of the implementation, testing and monitoring of security controls across the banks IT systems to ensure the effectiveness of controls and mitigation of risk. Execution of training content and sessions to educate employees, enhance cybersecurity awareness and provide guidance on safe online practices. Management of complex cybersecurity incidents by collaborating with IT teams and response experts to effectively resolve cases through analysis, expertise support and project supervision. Identification of emerging cybersecurity trends, threats, and new technologies to address potential risks by advocating the adoption of new security solutions. Director Expectations To manage a business function, providing significant input to function wide strategic initiatives. Contribute to and influence policy and procedures for the function and plan, manage and consult on multiple complex and critical strategic projects, which may be business wide. They manage the direction of a large team or sub-function, leading other people managers and embedding a performance culture aligned to the values of the business. Or for an individual contributor, they lead organisation wide projects and act as deep technical expert and thought leader, identifying new ways of working and collaborating cross functionally. They will train, guide and coach less experienced specialists and provide information affecting long term profits, organisational risks and strategic decisions. Provide expert advice to senior functional management and committees to influence decisions made outside of own function, offering significant input to function wide strategic initiatives. Manage, coordinate and enable resourcing, budgeting and policy creation for a significant sub-function. Escalates breaches of policies / procedure appropriately. Foster and guide compliance, ensure regulations are observed that relevant processes in place to facilitate adherence. Focus on the external environment, regulators, or advocacy groups to both monitor and influence on behalf of Barclays, when appropriate. Demonstrate extensive knowledge of how the function integrates with the business division / Group to achieve the overall business objectives. Maintain broad and comprehensive knowledge of industry theories and practices within own discipline alongside up-to-date relevant sector / functional knowledge, and insight into external market developments / initiatives. Use interpretative thinking and advanced analytical skills to solve problems and design solutions in often complex/ sensitive situations. Exercise management authority to make significant decisions and certain strategic decisions or recommendations within own area. Negotiate with and influence stakeholders at a senior level both internally and externally. Act as principal contact point for key clients and counterparts in other functions/ businesses divisions. Mandated as a spokesperson for the function and business division. All Senior Leaders are expected to demonstrate a clear set of leadership behaviours to create an environment for colleagues to thrive and deliver to a consistently excellent standard. The four LEAD behaviours are: L - Listen and be authentic, E - Energise and inspire, A - Align across the enterprise, D - Develop others. All colleagues will be expected to demonstrate the Barclays Values of Respect, Integrity, Service, Excellence and Stewardship - our moral compass, helping us do what we believe is right. They will also be expected to demonstrate the Barclays Mindset - to Empower, Challenge and Drive - the operating manual for how we behave. Head of GRC - Key Responsibilities Own the security policy framework, ensuring policies are current, proportionate, and aligned to PCI DSS, FCA expectations, UK GDPR, and DORA requirements. Maintain and operate the security risk register, ensuring risks are assessed consistently using a defined methodology, owned explicitly, and reported accurately to the CISO and Executive Leadership Team (ETL). Manage the relationship with external auditors, the Qualified Security Assessor (QSA), and 2nd/3rd Line of Defence (LoD) on all security and technology risk matters. Own the third party security assurance process, ensuring all vendors, partners, and card scheme integrations are risk assessed with a tiered approach proportionate to data access and criticality. Chair the monthly Cyber and Tech Risk and Controls Forum, presenting risk posture, compliance status, and material findings to the CISO, CIO and ELT. Design and maintain the control framework, mapping controls to PCI DSS, FCA, UK GDPR, and DORA requirements, and ensuring control effectiveness is tested on a continuous cycle. Produce KRI dashboards and risk reporting for CISO, CIO, and ELT consumption, ensuring risk is communicated in business terms. Lead regulatory and audit engagement on security matters, coordinating regulatory review and audit interactions and proactively managing stakeholder relationships. Own the risk assessment calendar, ensuring both cyclical and event driven assessments are executed on schedule with appropriate rigour. Manage the risk acceptance process, ensuring risk acceptance decisions are documented, time bound, approved at the appropriate authority level, and reviewed before expiry. Manage and develop the GRC team, building capability across risk assessment, compliance, and third party assurance disciplines. Key Deliverables Security risk register, reviewed and updated monthly with full audit trail in the GRC platform. PCI DSS compliance roadmap and continuously maintained evidence repository. Monthly Cyber and Tech risk and compliance report for CISO and ELT. Quarterly KRI dashboard and risk trend analysis for Risk Committee reporting. Annual third party security assurance plan with tiered assessment calendar and completion tracking. Control framework mapping document (controls mapped to PCI DSS4.0 / FCA / UK GDPR / DORA requirements). Risk assessment calendar (cyclical and event driven) with capacity planning. Risk acceptance authority matrix and active acceptance register. Required Skills and Experience CISM, CRISC, or CISSP certification. Experience with DORA (Digital Operational Resilience Act) compliance requirements and implementation. ISO27001 Lead Auditor or Lead Implementer certification. PCI QSA or Internal Security Assessor (ISA) qualification. Previous experience in FinTech, Digital Banking, Payment Acquiring organisation. Experience with Visa GACS and Mastercard SDP acquirer compliance programmes. Significant experience of progressive experience in information security governance, risk, and compliance, with at least 5 years leading a GRC team in a regulated environment. Strong understanding of UK GDPR and the role of security controls in meeting data protection obligations, including breach notification requirements and data protection impact assessments. Experience designing and operating security control frameworks mapped to multiple regulatory requirements simultaneously (e.g., a single framework serving PCI DSS, FCA, and GDPR). Understanding of cloud native architectures and their implications for compliance and risk management. Proven ability to translate technical security risks into business language for executive audiences. Experience managing internal and external audit relationships, regulatory examinations, and QSA assessments. Understanding of risk quantification methodologies and experience producing risk reporting that supports investment decisions. Proven people management experience, developing analysts and building team capability in a growing organisation. Experience with GRC tooling and platforms (e.g., Drata, Vanta, ServiceNow GRC, OneTrust, or equivalent).
