Key skills
Risk ManagementCommunicationSales
About this role
Role Overview
- Execute information security control testing across defined frameworks and regulatory requirements, ensuring results are evidence‑based, repeatable, and audit ready.
- Design and maintain automated evidence collation processes to reduce manual effort and improve consistency of assurance activities.
- Support risk reduction initiatives through tracking, coordination, and timely follow‑up of agreed risk treatment plans.
- Drive exception management processes, ensuring exceptions are clearly documented, time‑bound, risk assessed, and reviewed appropriately.
- Coordinate and support periodic user access reviews, working with system owners to validate access, remediate gaps, and retain evidence.
- Produce clear, accurate compliance and risk reporting for internal stakeholders, auditors, and customer assurance activities.
- Act as a central point of coordination between IT, Digital and transformation initiatives, Procurement, Legal, Sales, Service Desk, Internal Audit, and external third parties for risk and compliance‑related matters.
Requirements
- Experience in an information security, cyber risk, or GRC role with practical involvement in risk management, control testing, audit support, or compliance activities.
- Strong understanding of information security frameworks and standards such as ISO 27001, NIST, or equivalent, and how controls operate in practice.
- Proven experience gathering, validating, and maintaining audit‑ready evidence and supporting internal or external audits and customer assurance.
- Working knowledge of risk management, including risk assessment, treatment tracking, exception management, and access reviews.
- Analytical mindset with attention to detail and the ability to objectively assess control effectiveness using evidence and data.
- Experience improving or automating assurance and evidence collection processes to reduce manual effort and improve consistency.
- Clear written and verbal communication skills, able to explain risks, controls, and actions to both technical and non‑technical stakeholders.
- Strong stakeholder coordination skills across IT, digital initiatives, procurement, legal, service desk, internal audit, and third parties.
- Organised and outcome‑focused, able to manage multiple assurance activities, follow‑ups, and dependencies in parallel.
Benefits
- Generous benefits package (including but not limited to pension plan, bonus scheme, and Life Assurance).
- Generous holiday entitlement, with option to ‘buy’ or ‘sell’.
- A focus on continued personal development.
- Paid time off work for volunteering in the community.
- Access to our Employee Assistance Programme, which helps promote and support a healthy lifestyle.