Purpose of Position As Information Security Risk Manager (f/m/d) you will own and drive Awin's global Information Security Risk Management capability end-to-end, ensuring the business not only understands its risks but takes measurable action to reduce them. You will be accountable for embedding a strong culture of risk ownership across the organisation, proactively identifying gaps, and driving remediation through to completion. This role requires structured risk identification, assessment, and reporting whilst acting as a advisor to senior leadership and the board. It ensures that risk appetite is clearly defined, actively used in decision-making, and consistently monitored. Your location: Ideally in Berlin, Munich, Madrid, Warsaw, London, Milan, Ia?i, Stockholm, or Paris (or in Germany, Spain, Poland, UK, Italy, Romania, Sweden, or France) Key Tasks Lead enterprise-wide risk identification and assessment across strategic initiatives, technology, and third parties. Ensure risks are prioritised and clearly articulated in business terms (financial, regulatory, reputational) to enable effective decision-making. Drive risk remediation to closure, holding risk owners accountable for delivery and escalating where progress stalls. Ensure risk management is embedded in cross-functional initiatives and considered as part of key business decisions. Own and maintain the Information Security Risk Register, ensuring it reflects true risk exposure, progress, and outcomes, not just status updates. Facilitate risk reviews that are focused on decisions, accountability, and measurable progress. Define, embed, and maintain the organisation's risk appetite, ensuring it is actively used in both business and technology decision-making. Establish and track KPIs that measure real improvements in risk posture, not just activity. Provide clear, opinionated, and actionable risk insights to senior management and the board. Act as the bridge between technical and business teams, ensuring risks are clearly understood and acted upon. Confidently challenge and influence stakeholders to ensure risks are neither understated nor inappropriately accepted. Own and continuously improve Awin's global information security risk management framework, aligned to ISO 27001 and regulatory requirements. Monitor control effectiveness, proactively identify weaknesses, and drive improvements. Embed risk management into business processes so that risks are considered early and proactively, rather than retrospectively. As the most senior member of the team, mentor and develop GRC team members, building capability in risk management and assurance. Lead horizon scanning across emerging threats, regulatory changes, and industry developments, translating these into practical risk implications and actions for the business. Skills & Expertise Proven track record of owning and delivering risk management initiatives end-to-end Experience driving risk remediation across teams without direct authority Strong experience presenting and defending risk positions to senior leadership and boards Hands-on experience within an ISO 27001-certified ISMS environment Strong knowledge of frameworks such as ISO 27001 Experience designing, implementing, or improving control frameworks Experience with GRC platforms (e.g. Hyperproof) Confident communicator (with very good English skills) - able to build relationships and challenge/influence senior stakeholders Our Offer Flexi-Week and Work-Life Balance : We prioritise your mental health and well-being, offering you a flexible four-day Flexi-Week at full pay and with no reduction to your annual holiday allowance. We also offer a variety of different paid special leaves as well as volunteer days. Remote Working Allowance: You will receive a monthly allowance to cover part of your running costs. In addition, we will support you in setting up your remote workspace appropriately. Pension: Awin offers access to an additional pension insurance to all employees in Germany. Flexi-Office: We offer an international culture and flexibility through our Flexi-Office and hybrid/remote work possibilities to work across Awin regions Development : We've built our extensive training suite Awin Academy to cover a wide range of skills that nurture you professionally and personally, with trainings conveniently packaged together to support your overall development. Appreciation : Thank and reward colleagues by sending them a voucher through our peer-to-peer program Established in 2000, Awin is proud of our dynamic, social and inclusive culture. Like all businesses, we've had to adapt and nurture our culture in a virtual environment. Our virtual hub brings our colleagues from across the globe together for various social activities. Diversity & Inclusion are paramount to us, and we proudly pursue and hire diverse team members. We champion uniqueness and authenticity; this is who we are at our core. Our network of affiliate partnerships are diverse and transparent, as are the employees powering our vision to build the world's leading open partner ecosystem. We welcome all backgrounds, identities, and experiences. If you need support at any point in the application or interview process, please let us know. Awin is part of the Axel Springer group.Learn more at , and explore the Axel Springer Essentials here: Apply now to begin the next stage of your career at a progressive company that supports both your professional and personal development.
May 08, 2026
Full time
Purpose of Position As Information Security Risk Manager (f/m/d) you will own and drive Awin's global Information Security Risk Management capability end-to-end, ensuring the business not only understands its risks but takes measurable action to reduce them. You will be accountable for embedding a strong culture of risk ownership across the organisation, proactively identifying gaps, and driving remediation through to completion. This role requires structured risk identification, assessment, and reporting whilst acting as a advisor to senior leadership and the board. It ensures that risk appetite is clearly defined, actively used in decision-making, and consistently monitored. Your location: Ideally in Berlin, Munich, Madrid, Warsaw, London, Milan, Ia?i, Stockholm, or Paris (or in Germany, Spain, Poland, UK, Italy, Romania, Sweden, or France) Key Tasks Lead enterprise-wide risk identification and assessment across strategic initiatives, technology, and third parties. Ensure risks are prioritised and clearly articulated in business terms (financial, regulatory, reputational) to enable effective decision-making. Drive risk remediation to closure, holding risk owners accountable for delivery and escalating where progress stalls. Ensure risk management is embedded in cross-functional initiatives and considered as part of key business decisions. Own and maintain the Information Security Risk Register, ensuring it reflects true risk exposure, progress, and outcomes, not just status updates. Facilitate risk reviews that are focused on decisions, accountability, and measurable progress. Define, embed, and maintain the organisation's risk appetite, ensuring it is actively used in both business and technology decision-making. Establish and track KPIs that measure real improvements in risk posture, not just activity. Provide clear, opinionated, and actionable risk insights to senior management and the board. Act as the bridge between technical and business teams, ensuring risks are clearly understood and acted upon. Confidently challenge and influence stakeholders to ensure risks are neither understated nor inappropriately accepted. Own and continuously improve Awin's global information security risk management framework, aligned to ISO 27001 and regulatory requirements. Monitor control effectiveness, proactively identify weaknesses, and drive improvements. Embed risk management into business processes so that risks are considered early and proactively, rather than retrospectively. As the most senior member of the team, mentor and develop GRC team members, building capability in risk management and assurance. Lead horizon scanning across emerging threats, regulatory changes, and industry developments, translating these into practical risk implications and actions for the business. Skills & Expertise Proven track record of owning and delivering risk management initiatives end-to-end Experience driving risk remediation across teams without direct authority Strong experience presenting and defending risk positions to senior leadership and boards Hands-on experience within an ISO 27001-certified ISMS environment Strong knowledge of frameworks such as ISO 27001 Experience designing, implementing, or improving control frameworks Experience with GRC platforms (e.g. Hyperproof) Confident communicator (with very good English skills) - able to build relationships and challenge/influence senior stakeholders Our Offer Flexi-Week and Work-Life Balance : We prioritise your mental health and well-being, offering you a flexible four-day Flexi-Week at full pay and with no reduction to your annual holiday allowance. We also offer a variety of different paid special leaves as well as volunteer days. Remote Working Allowance: You will receive a monthly allowance to cover part of your running costs. In addition, we will support you in setting up your remote workspace appropriately. Pension: Awin offers access to an additional pension insurance to all employees in Germany. Flexi-Office: We offer an international culture and flexibility through our Flexi-Office and hybrid/remote work possibilities to work across Awin regions Development : We've built our extensive training suite Awin Academy to cover a wide range of skills that nurture you professionally and personally, with trainings conveniently packaged together to support your overall development. Appreciation : Thank and reward colleagues by sending them a voucher through our peer-to-peer program Established in 2000, Awin is proud of our dynamic, social and inclusive culture. Like all businesses, we've had to adapt and nurture our culture in a virtual environment. Our virtual hub brings our colleagues from across the globe together for various social activities. Diversity & Inclusion are paramount to us, and we proudly pursue and hire diverse team members. We champion uniqueness and authenticity; this is who we are at our core. Our network of affiliate partnerships are diverse and transparent, as are the employees powering our vision to build the world's leading open partner ecosystem. We welcome all backgrounds, identities, and experiences. If you need support at any point in the application or interview process, please let us know. Awin is part of the Axel Springer group.Learn more at , and explore the Axel Springer Essentials here: Apply now to begin the next stage of your career at a progressive company that supports both your professional and personal development.
At Workstreet, we're on an exciting journey to help businesses scale securely by designing and implementing cutting edge security and compliance programs. As a fast growing startup, we specialize in a wide range of frameworks-including SOC 2, ISO 27001, GDPR, CMMC, NIST 800-171, NIST 800-53, and FedRAMP-empowering companies to meet regulatory requirements and enhance their cybersecurity posture from day one. The Opportunity We are seeking a Manager, GRC Engineering who leads with a client first mindset and brings exceptional relationship management skills to every engagement. The ideal candidate is an experienced client manager who knows how to build trust, navigate complex accounts, and deliver an outstanding client experience - while also bringing deep expertise in cybersecurity compliance frameworks such as SOC 2, ISO 27001, and NIST CSF. The successful candidate will be able to come up to speed quickly, integrate into the organization, and take on clients within your first 15 days. You will serve as the primary point of contact for a portfolio of clients, leading engagements end to end, managing escalations with composure and urgency, and ensuring every client interaction reflects the highest standard of service. What You'll Do Client Relationship Management (Primary Focus) Own the Client Experience: Serve as the primary point of contact for a portfolio of client accounts, building strong, trusted relationships and ensuring clients feel supported, informed, and valued throughout every engagement. Lead Client Engagements: Guide clients through compliance initiatives end to end - from kickoff through certification - providing clear communication, proactive updates, and expert guidance at every milestone. Handle Escalations with Professionalism: Resolve complex client issues and requests with urgency, composure, and a solution oriented approach that reinforces confidence and long term retention. Be a Trusted Advisor: Understand each client's unique business context and deliver compliance guidance that is practical, actionable, and tailored to their needs. Collaborate Cross Functionally: Partner with internal teams and client stakeholders to embed security and compliance best practices and resolve issues quickly. Manage and Develop a Pod of Analysts: Lead a team of 3-5 analysts through coaching, mentorship, and performance management, fostering accountability, quality, and professional growth. Drive Consistent Delivery: Ensure the team meets deadlines and delivers high quality work across all active client engagements, stepping in to support where needed. GRC & Compliance Execution Develop and Maintain Compliance Frameworks: Create, update, and align compliance policies, procedures, and technical controls with SOC 2 (Type 1 & 2), ISO 27001, HIPAA, and PCI DSS standards. Lead Compliance Certifications: Oversee and execute SOC 2 and ISO 27001 implementation and certification projects across multi cloud environments (AWS, GCP, Azure). Conduct Risk and Security Audits: Perform regular risk assessments and audits to identify vulnerabilities and enhance overall security posture. Monitor Regulatory Developments: Stay informed on evolving regulations and frameworks to maintain the relevance and accuracy of compliance controls. Leverage Compliance Automation Tools: Utilize platforms such as Drata, Vanta, and SecureFrame to track compliance metrics and ensure continuous audit readiness. Who You Are Required Demonstrated experience managing client relationships directly - you are comfortable owning accounts, leading difficult conversations, and being the trusted face of an engagement. Exceptional professionalism in all client facing communication, with outstanding written and verbal English skills. 5+ years of experience managing or leading a team. Proven experience managing compliance programs with hands on familiarity with SOC 2 and ISO 27001 frameworks. Strong knowledge of technical control implementation in cloud platforms (AWS, GCP, Azure). Ability to manage multiple compliance projects simultaneously without sacrificing client experience or quality. Bachelor's degree in Information Technology, Cybersecurity, or a related field. Ability to work independently with a strong sense of initiative. Amenable to working US time zone hours. Nice to Have Experience at a Big 4 firm (e.g., Deloitte, PwC, EY, KPMG) in an advisory or assurance capacity. Consulting experience. Familiarity with additional frameworks and regulations (e.g., HiTRUST, PCI DSS, NIST, GDPR, HIPAA). What We Offer Career Development: Clear growth path with mentorship and training opportunities. Technical Training: Comprehensive onboarding on security and compliance frameworks. Competitive Compensation: Competitive base salary with regular performance reviews, merit based appraisals, and bonus opportunities. Growth Opportunity: Early stage company with significant room for career advancement. Remote First Culture: Flexibility to work from anywhere while collaborating with a global team. Reliable high speed internet connection. Quiet, professional home office setup. Must be amenable to working UK time zone hours. Fluency in written and verbal English communication skills. Workstreet Is An Equal Opportunity Employer As an equal opportunity employer, Workstreet is committed to providing employment opportunities to all individuals. All applicants for positions at Workstreet will be treated without regard to race, color, ethnicity, religion, sex, gender, gender identity and expression, sexual orientation, national origin, disability, age, marital status, veteran status, pregnancy, or any other basis prohibited by applicable law.
May 08, 2026
Full time
At Workstreet, we're on an exciting journey to help businesses scale securely by designing and implementing cutting edge security and compliance programs. As a fast growing startup, we specialize in a wide range of frameworks-including SOC 2, ISO 27001, GDPR, CMMC, NIST 800-171, NIST 800-53, and FedRAMP-empowering companies to meet regulatory requirements and enhance their cybersecurity posture from day one. The Opportunity We are seeking a Manager, GRC Engineering who leads with a client first mindset and brings exceptional relationship management skills to every engagement. The ideal candidate is an experienced client manager who knows how to build trust, navigate complex accounts, and deliver an outstanding client experience - while also bringing deep expertise in cybersecurity compliance frameworks such as SOC 2, ISO 27001, and NIST CSF. The successful candidate will be able to come up to speed quickly, integrate into the organization, and take on clients within your first 15 days. You will serve as the primary point of contact for a portfolio of clients, leading engagements end to end, managing escalations with composure and urgency, and ensuring every client interaction reflects the highest standard of service. What You'll Do Client Relationship Management (Primary Focus) Own the Client Experience: Serve as the primary point of contact for a portfolio of client accounts, building strong, trusted relationships and ensuring clients feel supported, informed, and valued throughout every engagement. Lead Client Engagements: Guide clients through compliance initiatives end to end - from kickoff through certification - providing clear communication, proactive updates, and expert guidance at every milestone. Handle Escalations with Professionalism: Resolve complex client issues and requests with urgency, composure, and a solution oriented approach that reinforces confidence and long term retention. Be a Trusted Advisor: Understand each client's unique business context and deliver compliance guidance that is practical, actionable, and tailored to their needs. Collaborate Cross Functionally: Partner with internal teams and client stakeholders to embed security and compliance best practices and resolve issues quickly. Manage and Develop a Pod of Analysts: Lead a team of 3-5 analysts through coaching, mentorship, and performance management, fostering accountability, quality, and professional growth. Drive Consistent Delivery: Ensure the team meets deadlines and delivers high quality work across all active client engagements, stepping in to support where needed. GRC & Compliance Execution Develop and Maintain Compliance Frameworks: Create, update, and align compliance policies, procedures, and technical controls with SOC 2 (Type 1 & 2), ISO 27001, HIPAA, and PCI DSS standards. Lead Compliance Certifications: Oversee and execute SOC 2 and ISO 27001 implementation and certification projects across multi cloud environments (AWS, GCP, Azure). Conduct Risk and Security Audits: Perform regular risk assessments and audits to identify vulnerabilities and enhance overall security posture. Monitor Regulatory Developments: Stay informed on evolving regulations and frameworks to maintain the relevance and accuracy of compliance controls. Leverage Compliance Automation Tools: Utilize platforms such as Drata, Vanta, and SecureFrame to track compliance metrics and ensure continuous audit readiness. Who You Are Required Demonstrated experience managing client relationships directly - you are comfortable owning accounts, leading difficult conversations, and being the trusted face of an engagement. Exceptional professionalism in all client facing communication, with outstanding written and verbal English skills. 5+ years of experience managing or leading a team. Proven experience managing compliance programs with hands on familiarity with SOC 2 and ISO 27001 frameworks. Strong knowledge of technical control implementation in cloud platforms (AWS, GCP, Azure). Ability to manage multiple compliance projects simultaneously without sacrificing client experience or quality. Bachelor's degree in Information Technology, Cybersecurity, or a related field. Ability to work independently with a strong sense of initiative. Amenable to working US time zone hours. Nice to Have Experience at a Big 4 firm (e.g., Deloitte, PwC, EY, KPMG) in an advisory or assurance capacity. Consulting experience. Familiarity with additional frameworks and regulations (e.g., HiTRUST, PCI DSS, NIST, GDPR, HIPAA). What We Offer Career Development: Clear growth path with mentorship and training opportunities. Technical Training: Comprehensive onboarding on security and compliance frameworks. Competitive Compensation: Competitive base salary with regular performance reviews, merit based appraisals, and bonus opportunities. Growth Opportunity: Early stage company with significant room for career advancement. Remote First Culture: Flexibility to work from anywhere while collaborating with a global team. Reliable high speed internet connection. Quiet, professional home office setup. Must be amenable to working UK time zone hours. Fluency in written and verbal English communication skills. Workstreet Is An Equal Opportunity Employer As an equal opportunity employer, Workstreet is committed to providing employment opportunities to all individuals. All applicants for positions at Workstreet will be treated without regard to race, color, ethnicity, religion, sex, gender, gender identity and expression, sexual orientation, national origin, disability, age, marital status, veteran status, pregnancy, or any other basis prohibited by applicable law.
Supplier Security Assurance Manager (SC Cleared) Employment Type : Contract Day Rate: £550 to £580 p/d Inside IR35 (based on candidate experience) IR35 Status : Inside IR35 Contract Length: 6-months (likely to extend indefinitely) Hybrid Model (Subject to customer requirement): Mostly remote, may occasionally require 1-2 days per week on-site in London office, as well as attendance to client sites for audits/essential meetings etc. Office/Customer Locations: Office locations are spread throughout the country (mostly London, occasionally Leeds, Manchester, Newcastle). Travel to Customer Sites: Expensed by client. Security Clearance : Active SC Clearance (Essential) About the Client and Role: My client, a leading Cyber Security Services provider that specialise in supporting security services to the public sector, such as Police, Government & Defence, is seeking a Supplier Security Assurance Manager to lend their expertise of Security Supplier Assurance. The candidate will be expected to support the delivery of the Supplier Security Assurance process throughout all stages of procurement/contract interactions. Responsibilities will include identifying risks, reporting, security reviews & auditing and ensuring minimum security standards are consistently met. Security Clearance: Active SC is essential Highly Desirable: Experience in Central Government/providing services to government departments Main Responsibilities: Auditing of suppliers for security purposes. Candidates must have outstanding skill producing clear and well documented audits. Ensure security due diligence is conducted on all bid applications as part of the procurement process. Identify physical, personnel and information security risks and/or vulnerabilities and report these prior to contract award. Work with business to provide suppliers with early insight into the mandatory minimums security requirements expected of them during the life of a contract. Supporting and ensuring consistency in approach for the delivery of Supplier Security Assurance across Commercial Directorate Conduct on-going assurance activities post contract award to ensure supplier maintain compliance with minimum security requirements. Conduct on-site supplier security assessments/reports/audits Desirable Certifications: Certified Cyber Professional (CCP) Security Information Risk Advisor (SIRA) Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) Certification in Information Security Management Principles (CISMP) Governance Risk & Compliance Professional (GRCP) ISO27001 Lead Auditor
Oct 08, 2025
Contractor
Supplier Security Assurance Manager (SC Cleared) Employment Type : Contract Day Rate: £550 to £580 p/d Inside IR35 (based on candidate experience) IR35 Status : Inside IR35 Contract Length: 6-months (likely to extend indefinitely) Hybrid Model (Subject to customer requirement): Mostly remote, may occasionally require 1-2 days per week on-site in London office, as well as attendance to client sites for audits/essential meetings etc. Office/Customer Locations: Office locations are spread throughout the country (mostly London, occasionally Leeds, Manchester, Newcastle). Travel to Customer Sites: Expensed by client. Security Clearance : Active SC Clearance (Essential) About the Client and Role: My client, a leading Cyber Security Services provider that specialise in supporting security services to the public sector, such as Police, Government & Defence, is seeking a Supplier Security Assurance Manager to lend their expertise of Security Supplier Assurance. The candidate will be expected to support the delivery of the Supplier Security Assurance process throughout all stages of procurement/contract interactions. Responsibilities will include identifying risks, reporting, security reviews & auditing and ensuring minimum security standards are consistently met. Security Clearance: Active SC is essential Highly Desirable: Experience in Central Government/providing services to government departments Main Responsibilities: Auditing of suppliers for security purposes. Candidates must have outstanding skill producing clear and well documented audits. Ensure security due diligence is conducted on all bid applications as part of the procurement process. Identify physical, personnel and information security risks and/or vulnerabilities and report these prior to contract award. Work with business to provide suppliers with early insight into the mandatory minimums security requirements expected of them during the life of a contract. Supporting and ensuring consistency in approach for the delivery of Supplier Security Assurance across Commercial Directorate Conduct on-going assurance activities post contract award to ensure supplier maintain compliance with minimum security requirements. Conduct on-site supplier security assessments/reports/audits Desirable Certifications: Certified Cyber Professional (CCP) Security Information Risk Advisor (SIRA) Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) Certification in Information Security Management Principles (CISMP) Governance Risk & Compliance Professional (GRCP) ISO27001 Lead Auditor
Information Security Assurance & Cyber Specialist - Hybrid Our client is urgently looking for an experienced Information Security Assurance & Cyber Specialist to join their team based in London on a permanent basis. Please note, the role is hybrid, with 2-4 days per week on-site. You will assist the Cyber & Information Security Specialist in ensuring our firm adheres to governance and assurance obligations, such as ISO 27001:22. You will also collaborate closely with the Information Security Technology Manager to safeguard the company using the latest and most advanced security tools. This multifaceted role combines security governance and assurance with hands-on technical skills, utilising state-of-the-art security products to proactively protect the firm and its valuable assets. Your organisational skills and responsiveness will be crucial, as you will need to maintain a keen eye for detail and adapt to a flexible work schedule with shifting priorities. A positive, can-do attitude is essential as you tackle various tasks with enthusiasm and diligence. You will be rewarded with an excellent salary, as well as a brilliant benefits package including discretionary bonus, annual leave, pension scheme, private medical cover, life assurance, season ticket loan, cycle to work scheme, discounted gym membership and many, many more perks! Information Security Assurance & Cyber Specialist - Key Skills: Highly experienced in information security governance, risk management, and compliance. Demonstrated experience with developing and implementing information security policies, procedures, and standards. Experience with SOC 2, ISO 27001, NIST 800-53 and GDPR compliance frameworks is highly preferred. Strong understanding of security risk management principles and methodologies. Excellent communication, collaboration, and interpersonal skills. Ability to work independently and as part of a team. Proficient in Microsoft Office Suite and security information management tools. Experience with security awareness and training programs. Experience with GRC (Governance, Risk, and Compliance) tools. Certified Information Systems Security Professional (CISSP) or equivalent certification. Information Security Assurance & Cyber Specialist - Hybrid Due to the volume of applications received for positions, it will not be possible to respond to all applications and only applicants who are considered suitable for interview will be contacted. Proactive Appointments Limited operates as an employment agency and employment business and is an equal opportunities organisation We take our obligations to protect your personal data very seriously. Any information provided to us will be processed as detailed in our Privacy Notice, a copy of which can be found on our website
Oct 02, 2025
Full time
Information Security Assurance & Cyber Specialist - Hybrid Our client is urgently looking for an experienced Information Security Assurance & Cyber Specialist to join their team based in London on a permanent basis. Please note, the role is hybrid, with 2-4 days per week on-site. You will assist the Cyber & Information Security Specialist in ensuring our firm adheres to governance and assurance obligations, such as ISO 27001:22. You will also collaborate closely with the Information Security Technology Manager to safeguard the company using the latest and most advanced security tools. This multifaceted role combines security governance and assurance with hands-on technical skills, utilising state-of-the-art security products to proactively protect the firm and its valuable assets. Your organisational skills and responsiveness will be crucial, as you will need to maintain a keen eye for detail and adapt to a flexible work schedule with shifting priorities. A positive, can-do attitude is essential as you tackle various tasks with enthusiasm and diligence. You will be rewarded with an excellent salary, as well as a brilliant benefits package including discretionary bonus, annual leave, pension scheme, private medical cover, life assurance, season ticket loan, cycle to work scheme, discounted gym membership and many, many more perks! Information Security Assurance & Cyber Specialist - Key Skills: Highly experienced in information security governance, risk management, and compliance. Demonstrated experience with developing and implementing information security policies, procedures, and standards. Experience with SOC 2, ISO 27001, NIST 800-53 and GDPR compliance frameworks is highly preferred. Strong understanding of security risk management principles and methodologies. Excellent communication, collaboration, and interpersonal skills. Ability to work independently and as part of a team. Proficient in Microsoft Office Suite and security information management tools. Experience with security awareness and training programs. Experience with GRC (Governance, Risk, and Compliance) tools. Certified Information Systems Security Professional (CISSP) or equivalent certification. Information Security Assurance & Cyber Specialist - Hybrid Due to the volume of applications received for positions, it will not be possible to respond to all applications and only applicants who are considered suitable for interview will be contacted. Proactive Appointments Limited operates as an employment agency and employment business and is an equal opportunities organisation We take our obligations to protect your personal data very seriously. Any information provided to us will be processed as detailed in our Privacy Notice, a copy of which can be found on our website
Are you ready to make a meaningful impact in the world of cyber security? At UK Power Networks, we're seeking a dedicated Senior Cyber Security Risk Specialist to join our Information Systems directorate in either our London or Crawley office. With a competitive salary of up to 75,000.00 plus a 7.5% bonus. Step into a pivotal role where your skills and insights will help shape the security posture of a leading energy distribution company. You'll report directly to the Cyber Security Governance, Risk & Compliance Manager and play a vital part in safeguarding essential business operations from evolving cyber threats. The role is dynamic and collaborative, involving close teamwork with a group of 8-10 GRC professionals and expert partners. You'll mentor less experienced analysts, offer guidance and training, and occasionally deputise for the GRC Manager, representing UK Power Networks at industry forums and regulatory working groups. Communication is at the heart of this position; you'll interact regularly with senior management across IT, IS, and the broader business, as well as with auditors and third-party partners, translating technical risks into actionable recommendations. Your main accountabilities will revolve around conducting cyber security risk assessments using the UK Power Networks framework, identifying, tracking, and remediating control environment risks, and ensuring third-party risks are also addressed. You'll produce management information and regulatory submissions, maintain compliance with major standards like ISO 27001/27002, and provide assurance for policy compliance. Establishing robust GRC policies and procedures, developing the IT controls framework, and supporting business continuity and disaster recovery planning will all fall under your remit. You'll operate and improve our information security management system, ensure ongoing compliance with legal and regulatory requirements such as Cyber Essentials, NIS Regulations, and the Smart Energy Code, and support technical implementation of GRC tools. Imagine being part of a team that is integral to delivering seamless technology solutions and continuous improvement throughout the organisation. The Information Systems Department underpins our commitment to operational excellence, customer service, and cyber resilience. In this role, you'll assess IT and cyber risks, drive improvements in our cyber maturity, collaborate with a variety of internal and external partners, and enable UK Power Networks to maintain its license to operate by demonstrating a strong and sustainable security posture. We're looking for someone with practical experience in GRC, audit, or cyber security, and with relevant training in cyber risk assessment. You should have a deep knowledge of at least three specialist areas such as industry standards, operational controls, risk management, business continuity, or supply chain security. Professional certifications like CISSP, CompTIA, CISA, CISM, CRISC, or an academic background in information security will be highly valued, along with hands-on experience in compliance frameworks, IT/OT risk assessments, and audit engagements. Familiarity with regulated environments, especially within the energy sector, will be advantageous. Beyond a competitive salary and bonus, we offer 25 days of annual leave plus bank holidays, reservist leave, a generous pension plan, tenancy loan deposit and season ticket schemes, tax-efficient benefits, health support, retail discounts, and an employee assistance programme. We are committed to supporting your health, safety, and wellbeing, and are proud to be an equal opportunity employer who values diversity and inclusion at every level. If you are motivated to support a critical infrastructure business, thrive in a collaborative environment, and are passionate about advancing cyber security, we invite you to apply and become a key player in the future of UK Power Networks. Take the next step towards an exciting and rewarding career-your expertise could make all the difference. Click apply to view the full job description on our careers page with a closing date of 28/09/2025
Sep 23, 2025
Full time
Are you ready to make a meaningful impact in the world of cyber security? At UK Power Networks, we're seeking a dedicated Senior Cyber Security Risk Specialist to join our Information Systems directorate in either our London or Crawley office. With a competitive salary of up to 75,000.00 plus a 7.5% bonus. Step into a pivotal role where your skills and insights will help shape the security posture of a leading energy distribution company. You'll report directly to the Cyber Security Governance, Risk & Compliance Manager and play a vital part in safeguarding essential business operations from evolving cyber threats. The role is dynamic and collaborative, involving close teamwork with a group of 8-10 GRC professionals and expert partners. You'll mentor less experienced analysts, offer guidance and training, and occasionally deputise for the GRC Manager, representing UK Power Networks at industry forums and regulatory working groups. Communication is at the heart of this position; you'll interact regularly with senior management across IT, IS, and the broader business, as well as with auditors and third-party partners, translating technical risks into actionable recommendations. Your main accountabilities will revolve around conducting cyber security risk assessments using the UK Power Networks framework, identifying, tracking, and remediating control environment risks, and ensuring third-party risks are also addressed. You'll produce management information and regulatory submissions, maintain compliance with major standards like ISO 27001/27002, and provide assurance for policy compliance. Establishing robust GRC policies and procedures, developing the IT controls framework, and supporting business continuity and disaster recovery planning will all fall under your remit. You'll operate and improve our information security management system, ensure ongoing compliance with legal and regulatory requirements such as Cyber Essentials, NIS Regulations, and the Smart Energy Code, and support technical implementation of GRC tools. Imagine being part of a team that is integral to delivering seamless technology solutions and continuous improvement throughout the organisation. The Information Systems Department underpins our commitment to operational excellence, customer service, and cyber resilience. In this role, you'll assess IT and cyber risks, drive improvements in our cyber maturity, collaborate with a variety of internal and external partners, and enable UK Power Networks to maintain its license to operate by demonstrating a strong and sustainable security posture. We're looking for someone with practical experience in GRC, audit, or cyber security, and with relevant training in cyber risk assessment. You should have a deep knowledge of at least three specialist areas such as industry standards, operational controls, risk management, business continuity, or supply chain security. Professional certifications like CISSP, CompTIA, CISA, CISM, CRISC, or an academic background in information security will be highly valued, along with hands-on experience in compliance frameworks, IT/OT risk assessments, and audit engagements. Familiarity with regulated environments, especially within the energy sector, will be advantageous. Beyond a competitive salary and bonus, we offer 25 days of annual leave plus bank holidays, reservist leave, a generous pension plan, tenancy loan deposit and season ticket schemes, tax-efficient benefits, health support, retail discounts, and an employee assistance programme. We are committed to supporting your health, safety, and wellbeing, and are proud to be an equal opportunity employer who values diversity and inclusion at every level. If you are motivated to support a critical infrastructure business, thrive in a collaborative environment, and are passionate about advancing cyber security, we invite you to apply and become a key player in the future of UK Power Networks. Take the next step towards an exciting and rewarding career-your expertise could make all the difference. Click apply to view the full job description on our careers page with a closing date of 28/09/2025
