Advise programme and engineering teams on governance, risk, and compliance
helping them identify security requirements.
Work closely with customer stakeholders to push for security solutions that are both effective and realistic.
Own and develop risk management and assurance documentation and Secure by Design artefacts for new projects.
Support the security aspects of bids and contracts and liaise with contracting authorities and accrediting bodies.
Support compliance with UK defence and government requirements, including the MOD Cyber Security Model and Def Stan 05-138, the NCSC Cyber Assessment Framework, Secure by Design, and JSP 440 / Defence Security Policy Framework expectations.
Track changes to relevant legislation, standards and guidance, including NCSC guidance, MOD requirements, ISO standards and UK GDPR / the Data Protection Act 2018.
Help deliver security awareness and training, building a strong security culture.

Experience in a security governance, risk and compliance, information security, audit or assurance role.
A sound understanding of security governance and compliance principles.
Working knowledge of ISO 27001 and information security risk management, including risk assessment and treatment.
Experience maintaining policies, controls and evidence, and supporting internal or external audits.
Strong written skills, with the ability to produce clear policies, reports and risk documentation.
Sound risk judgement and the ability to make proportionate, well-reasoned decisions.
A methodical, detail-oriented approach, with the discipline to keep accurate records and evidence.
Strong communication skills, with the ability to turn standards and guidance into clear actions.
Confidence to challenge and advise constructively at all levels.
Ability to work at pace, manage competing priorities, while maintaining quality and control.
A degree, or equivalent experience, in cyber security, information assurance, risk management or a related discipline.
One or more recognised certifications, such as CISMP, ISO 27001 Lead Auditor or Lead Implementer, CISSP, CISM, CISA or CRISC held or being worked towards.
Familiarity with UK defence and government frameworks.
Knowledge of NIST CSF or 800-53 and of UK GDPR / the Data Protection Act 2018.
Experience working in a defence, government or other regulated or secure environment.

We are committed to building a flexible, inclusive, and enabling company. Our aim is to create a diverse team of talented people with unique skills, experience, and backgrounds, so please apply and come as you are!
We also recognise the importance of flexible working and support this wherever we can. We typically operate a flexible, hybrid-working model, with an average 3 days in the office each week (dependent on the role). We welcome the opportunity to discuss flexibility, part-time working requirements and/or workplace adjustments with all our applicants.
Rowden is a Disability Confident Committed company, and we actively encourage people with disabilities and health conditions to apply for our roles. Please let us know your requirements early on so that we can make sure you have everything you need up front to help make the recruitment process and experience as easy as possible.
Finally, if you feel that you don’t meet all the criteria included above but have transferable skills and relevant experience, we’d still love to hear from you!

Security Governance Risk & Compliance Officer

Key skills