GRC Analyst Risk, Audit & Compliance Liverpool 40k - 50k + Benefits/Progression Zachary Daniels are delighted to be partnering with a well-established UK business during a key phase of growth and investment, to recruit a GRC Analyst. This is a role centred around governance, risk management, and compliance, working closely with stakeholders across the business to strengthen frameworks, ensure controls are effective, and support ongoing audit and regulatory requirements. You'll play a key part in embedding a mature security and compliance culture while supporting wider technology and business transformation initiatives. Benefits You'll Enjoy: Competitive salary up to 50,000 (DOE) Generous annual leave entitlement, rising with service Enhanced maternity, paternity, and parental leave Life assurance Regular social events Role Responsibilities: Conduct and support security and operational risk assessments, ensuring mitigation plans are defined and tracked Assist in the development and maintenance of policies, standards, and control frameworks Support internal and external audits, including ISO 27001 and related compliance frameworks Manage and contribute to third-party and supplier risk assessments Monitor and report on risk posture, control effectiveness, and compliance metrics Identify gaps in controls and processes, driving continuous improvement across governance frameworks Work with technical teams to ensure security and compliance requirements are embedded into systems and projects Contribute to incident reviews and post-incident analysis, ensuring improvements are implemented About You: 2+ years' experience in a GRC, risk, audit, or compliance-focused role Strong understanding of risk management methodologies and control environments Experience supporting or participating in audits (e.g. ISO 27001, GDPR, NIST or similar) Exposure to third-party risk management and supplier assurance Understanding of technical security concepts, with the ability to assess and challenge controls Detail-oriented, structured, and comfortable working within governance frameworks Strong communication skills, able to engage effectively with stakeholders across the business This is a great opportunity for someone looking to build a career in GRC, gaining exposure to risk, audit, and compliance within a growing organisation that is investing in its security and governance capability. Apply today with your most up-to-date CV! BH35513
May 30, 2026
Full time
GRC Analyst Risk, Audit & Compliance Liverpool 40k - 50k + Benefits/Progression Zachary Daniels are delighted to be partnering with a well-established UK business during a key phase of growth and investment, to recruit a GRC Analyst. This is a role centred around governance, risk management, and compliance, working closely with stakeholders across the business to strengthen frameworks, ensure controls are effective, and support ongoing audit and regulatory requirements. You'll play a key part in embedding a mature security and compliance culture while supporting wider technology and business transformation initiatives. Benefits You'll Enjoy: Competitive salary up to 50,000 (DOE) Generous annual leave entitlement, rising with service Enhanced maternity, paternity, and parental leave Life assurance Regular social events Role Responsibilities: Conduct and support security and operational risk assessments, ensuring mitigation plans are defined and tracked Assist in the development and maintenance of policies, standards, and control frameworks Support internal and external audits, including ISO 27001 and related compliance frameworks Manage and contribute to third-party and supplier risk assessments Monitor and report on risk posture, control effectiveness, and compliance metrics Identify gaps in controls and processes, driving continuous improvement across governance frameworks Work with technical teams to ensure security and compliance requirements are embedded into systems and projects Contribute to incident reviews and post-incident analysis, ensuring improvements are implemented About You: 2+ years' experience in a GRC, risk, audit, or compliance-focused role Strong understanding of risk management methodologies and control environments Experience supporting or participating in audits (e.g. ISO 27001, GDPR, NIST or similar) Exposure to third-party risk management and supplier assurance Understanding of technical security concepts, with the ability to assess and challenge controls Detail-oriented, structured, and comfortable working within governance frameworks Strong communication skills, able to engage effectively with stakeholders across the business This is a great opportunity for someone looking to build a career in GRC, gaining exposure to risk, audit, and compliance within a growing organisation that is investing in its security and governance capability. Apply today with your most up-to-date CV! BH35513
Policy & Governance Lead / GRC Analyst (SC Cleared) - Reading (Hybrid) We're recruiting a Policy & Governance Lead / GRC Analyst to support sensitive MOD/UK aerospace programmes with Edgewing . You must hold active SC clearance and be able to work on-site in Reading (hybrid/custom working available where appropriate). The Role (Policy, Governance & Assurance / GRC) You'll define, maintain and assure compliance with the organisation's ISMS policy framework , supporting audit readiness and ongoing control assurance aligned to ISO 27001 . Key Responsibilities Own and maintain ISMS policies, standards, procedures and guidelines aligned to ISO 27001 Manage updates, reviews, version control and stakeholder approvals Run the evidence room , ensuring evidence is catalogued, tagged and mapped correctly Track control implementation and maturity across the organisation Produce audit packs , control records and compliance dashboards Support GRC activity including control assessments , policy exceptions , and risk treatment monitoring Skills & Experience Proven experience in GRC, policy governance or compliance Strong working knowledge of ISO 27001 (Annex A controls) and documentation requirements Excellent analytical and writing skills Demonstrable MOD / Defence Digital / UK aerospace & defence experience (architecture delivery in secure environments) Location: Reading (hybrid/custom working where appropriate) Security: Active SC Clearance required Long term contract role, through to Dec 2027. Inside of scope Reply with your CV and SC status to apply. Should you require any support or assistance, please contact your local Gi Group office. Gi Group Holdings Recruitment Limited are proud founding members of Menopause in business, corperate members for Neurodiversity in business, Disability Confident committed members, Gold status for the Armed Forces Covenant, Bronze trail blazers for Racial Equality matters and Age Freindly Employer pledge members. Gi Group Holdings Recruitment Limited group of companies includes Gi Recruitment Limited, Draefern Limited, Gi Group Recruitment Ltd, INTOO (UK) Limited, Marks Sattin (UK) Limited, TACK TMI UK Limited, Grafton Professional Staffing Limited, Encore Personnel Services, Gi Group Ireland Limited and Kelly Services (UK) Ltd. Gi Group Ireland Limited are acting as an Employment Agency in relation to this role. We are committed to protecting the privacy of all our candidates and clients. If you choose to apply, your information will be processed in accordance with the Gi Group Privacy Statement. To view a copy and to help you understand how we collect, use and process your personal data please visit the Privacy page on our Gi Group website.
May 29, 2026
Seasonal
Policy & Governance Lead / GRC Analyst (SC Cleared) - Reading (Hybrid) We're recruiting a Policy & Governance Lead / GRC Analyst to support sensitive MOD/UK aerospace programmes with Edgewing . You must hold active SC clearance and be able to work on-site in Reading (hybrid/custom working available where appropriate). The Role (Policy, Governance & Assurance / GRC) You'll define, maintain and assure compliance with the organisation's ISMS policy framework , supporting audit readiness and ongoing control assurance aligned to ISO 27001 . Key Responsibilities Own and maintain ISMS policies, standards, procedures and guidelines aligned to ISO 27001 Manage updates, reviews, version control and stakeholder approvals Run the evidence room , ensuring evidence is catalogued, tagged and mapped correctly Track control implementation and maturity across the organisation Produce audit packs , control records and compliance dashboards Support GRC activity including control assessments , policy exceptions , and risk treatment monitoring Skills & Experience Proven experience in GRC, policy governance or compliance Strong working knowledge of ISO 27001 (Annex A controls) and documentation requirements Excellent analytical and writing skills Demonstrable MOD / Defence Digital / UK aerospace & defence experience (architecture delivery in secure environments) Location: Reading (hybrid/custom working where appropriate) Security: Active SC Clearance required Long term contract role, through to Dec 2027. Inside of scope Reply with your CV and SC status to apply. Should you require any support or assistance, please contact your local Gi Group office. Gi Group Holdings Recruitment Limited are proud founding members of Menopause in business, corperate members for Neurodiversity in business, Disability Confident committed members, Gold status for the Armed Forces Covenant, Bronze trail blazers for Racial Equality matters and Age Freindly Employer pledge members. Gi Group Holdings Recruitment Limited group of companies includes Gi Recruitment Limited, Draefern Limited, Gi Group Recruitment Ltd, INTOO (UK) Limited, Marks Sattin (UK) Limited, TACK TMI UK Limited, Grafton Professional Staffing Limited, Encore Personnel Services, Gi Group Ireland Limited and Kelly Services (UK) Ltd. Gi Group Ireland Limited are acting as an Employment Agency in relation to this role. We are committed to protecting the privacy of all our candidates and clients. If you choose to apply, your information will be processed in accordance with the Gi Group Privacy Statement. To view a copy and to help you understand how we collect, use and process your personal data please visit the Privacy page on our Gi Group website.
GRC Analyst Information Security London Hybrid £50,000 - £55,000 + Bonus VIQU has partnered with a leading transport organisation to recruit a GRC Analyst to join their Finance and Information Security team. This is a fantastic opportunity for a GRC Analyst to take ownership of established governance frameworks, policies, and risk processes within a highly regulated environment. The GRC Analyst will play a key role in maintaining compliance, supporting audits, and embedding a strong risk-aware culture across the business. Key Responsibilities of the GRC Analyst: Support and maintain the organisation s risk management framework, including risk identification, assessment, and monitoring Facilitate risk assessments across business units and support mitigation planning Monitor risk trends, control effectiveness, and emerging threats, providing insights to senior stakeholders Support compliance programmes, ensuring adherence to regulatory and industry standards (e.g. ISO27001, NIST CSF) Coordinate internal and external audits, including evidence gathering and action tracking Contribute to governance policies, standards, and procedures development and review Produce clear governance and risk reports for leadership teams Support governance and assurance of technology change management processes Assist with risk, compliance, and security awareness initiatives across the organisation Key Requirements of the GRC Analyst: 4 5 years experience in governance, risk, or compliance roles within regulated or critical environments Strong understanding of frameworks such as ISO27001 and NIST CSF Experience supporting audits, compliance reporting, and evidence management Ability to interpret regulatory requirements into practical controls and processes Excellent communication and stakeholder engagement skills Strong organisational skills with the ability to manage multiple priorities Experience within regulated sectors such as transport, utilities, financial services, or government Exposure to Operational Technology (OT) or Industrial Control Systems (ICS) (desirable) Relevant certifications (ISO27001 Lead Implementer/Auditor, CISMP, CRISC, CISM) (desirable) Degree in Information Security, Risk, Business, Law, or equivalent experience Additional Information: Hybrid working: Initially 5 days onsite, reducing to 3 days onsite after probation 5% bonus 10% pension contribution Free Zone 1 6 travel for you and a nominated household member 75% discount on National Rail season tickets Interview process: 2 stages (Face-to-face and virtual) Apply today to speak with VIQU in confidence or contact Noah Yeoman at (url removed). Know someone exceptional for this GRC Analyst position? Refer them and receive up to £1,000 if successful (terms apply). Follow us on IT Recruitment for more exciting opportunities.
May 29, 2026
Full time
GRC Analyst Information Security London Hybrid £50,000 - £55,000 + Bonus VIQU has partnered with a leading transport organisation to recruit a GRC Analyst to join their Finance and Information Security team. This is a fantastic opportunity for a GRC Analyst to take ownership of established governance frameworks, policies, and risk processes within a highly regulated environment. The GRC Analyst will play a key role in maintaining compliance, supporting audits, and embedding a strong risk-aware culture across the business. Key Responsibilities of the GRC Analyst: Support and maintain the organisation s risk management framework, including risk identification, assessment, and monitoring Facilitate risk assessments across business units and support mitigation planning Monitor risk trends, control effectiveness, and emerging threats, providing insights to senior stakeholders Support compliance programmes, ensuring adherence to regulatory and industry standards (e.g. ISO27001, NIST CSF) Coordinate internal and external audits, including evidence gathering and action tracking Contribute to governance policies, standards, and procedures development and review Produce clear governance and risk reports for leadership teams Support governance and assurance of technology change management processes Assist with risk, compliance, and security awareness initiatives across the organisation Key Requirements of the GRC Analyst: 4 5 years experience in governance, risk, or compliance roles within regulated or critical environments Strong understanding of frameworks such as ISO27001 and NIST CSF Experience supporting audits, compliance reporting, and evidence management Ability to interpret regulatory requirements into practical controls and processes Excellent communication and stakeholder engagement skills Strong organisational skills with the ability to manage multiple priorities Experience within regulated sectors such as transport, utilities, financial services, or government Exposure to Operational Technology (OT) or Industrial Control Systems (ICS) (desirable) Relevant certifications (ISO27001 Lead Implementer/Auditor, CISMP, CRISC, CISM) (desirable) Degree in Information Security, Risk, Business, Law, or equivalent experience Additional Information: Hybrid working: Initially 5 days onsite, reducing to 3 days onsite after probation 5% bonus 10% pension contribution Free Zone 1 6 travel for you and a nominated household member 75% discount on National Rail season tickets Interview process: 2 stages (Face-to-face and virtual) Apply today to speak with VIQU in confidence or contact Noah Yeoman at (url removed). Know someone exceptional for this GRC Analyst position? Refer them and receive up to £1,000 if successful (terms apply). Follow us on IT Recruitment for more exciting opportunities.
Information Security Analyst 6 months Contract Outside IR35 A client is looking for an experienced Information Security analyst to own the full end to end onboarding of a new third party risk management (TPRM) tool. The role will focus on supplier due diligence, risk assessments, security control reviews, continuous monitoring, audit support, remediation tracking, and technology risk reporting across the wider estate. Key Responsibilities of the Information Security Analyst: Managing and supporting the end-to-end TPRM lifecycle Conducting supplier due diligence and risk assessments Reviewing security controls, contractual clauses, and exit strategies Supporting continuous monitoring and supplier assurance activities Assisting with internal and external technology audits Coordinating audit evidence, remediation tracking, and management responses Producing risk reporting, dashboards, and stakeholder updates Skills and Experience of the Information Security Analyst: Proven experience in Information Security and Governance, Risk and Compliance (GRC). Experience managing the full lifecycle of Third-Party Risk Management Systems Strong working understanding of supplier risk assessments, audit processes, and security controls. Knowledge of deployment and tailoring systems within a business is desirable Confident stakeholder engagement and communication skills The Successful Information Security Analyst will be expected to work 2 / 3 days a week onsite. Apply now to speak with VIQU IT in confidence. Or reach out to Matt Farrell via the VIQU IT website. Do you know someone great? We ll thank you with up to £1,000 if your referral is successful (terms apply). For more exciting roles and opportunities like this, please follow us on IT Recruitment
May 27, 2026
Contractor
Information Security Analyst 6 months Contract Outside IR35 A client is looking for an experienced Information Security analyst to own the full end to end onboarding of a new third party risk management (TPRM) tool. The role will focus on supplier due diligence, risk assessments, security control reviews, continuous monitoring, audit support, remediation tracking, and technology risk reporting across the wider estate. Key Responsibilities of the Information Security Analyst: Managing and supporting the end-to-end TPRM lifecycle Conducting supplier due diligence and risk assessments Reviewing security controls, contractual clauses, and exit strategies Supporting continuous monitoring and supplier assurance activities Assisting with internal and external technology audits Coordinating audit evidence, remediation tracking, and management responses Producing risk reporting, dashboards, and stakeholder updates Skills and Experience of the Information Security Analyst: Proven experience in Information Security and Governance, Risk and Compliance (GRC). Experience managing the full lifecycle of Third-Party Risk Management Systems Strong working understanding of supplier risk assessments, audit processes, and security controls. Knowledge of deployment and tailoring systems within a business is desirable Confident stakeholder engagement and communication skills The Successful Information Security Analyst will be expected to work 2 / 3 days a week onsite. Apply now to speak with VIQU IT in confidence. Or reach out to Matt Farrell via the VIQU IT website. Do you know someone great? We ll thank you with up to £1,000 if your referral is successful (terms apply). For more exciting roles and opportunities like this, please follow us on IT Recruitment
Solus Accident Repair Centres
Birchanger, Hertfordshire
Overview At Solus, we are strengthening our technology governance and cyber resilience as we continue to grow. We are looking for an IT Governance, Risk and Compliance (GRC) Analyst to help us maintain a secure, well governed and compliant technology environment across the business. This is a great role for someone who enjoys analysing detail, challenging constructively, influencing stakeholders and helping teams make confident, risk-based decisions. About the role As our IT GRC Analyst, you will support the Cyber Security, Risk and Assurance function with a mixture of governance activity, assurance reviews, supplier assessments and compliance oversight. You will help us meet Aviva Group requirements, regulatory expectations and industry standards while ensuring our technology risks are understood and well managed. Location: Hybrid (Stansted - 3 days per week, 2 days remote) Responsibilities Maintain and improve our IT risk register, ensuring risks are clear, evidenced and tracked Support risk owners with guidance on controls, remediation and governance requirements Complete compliance reviews, control testing and assurance activities Produce risk and compliance reporting for leadership forums Carry out supplier assurance assessments, recommend improvements and escalate risk where needed Keep IT policies and standards up to date and aligned with Aviva and recognised frameworks Provide clear insight to non technical colleagues on risk, controls and potential impacts Support Group assurance activity and represent Solus in relevant forums This is an individual contributor role with a high level of ownership and plenty of opportunity to influence how we operate. Qualifications You will thrive in this role if you have: Knowledge of GRC frameworks such as ISO 27001, NIST CSF, Cyber Essentials or DPA Experience in risk management, governance or cyber/security assurance The ability to analyse complex information and turn it into clear, meaningful insight Confidence challenging and advising colleagues at all levels Strong communication and stakeholder management skills Certifications such as CISM, CRISC or CGRC are desirable but not essential. Who are Solus? Solus, who are owned by Aviva, are one of the UK leaders in vehicle repairs, returning cars to the road in just 11 days on average and a 4.6/5 star customer rating. With an award-winning apprenticeship programme and winners of other recognised industry awards Solus are proud to be shaping the future of vehicle repair. Why Join Solus? We have so much to offer when it comes to being a Solus colleague: Competitive salary based on location, skills, experience, and qualifications. Bonus opportunity tied to your performance and the overall success of Solus. Company pension scheme with employer contributions. 33 days' holiday (including bank holidays), with the option to buy or sell up to 5 days. Save money with up to 40% discount on Aviva products and other retailer discounts. Share in Aviva's success through the Aviva Save As You Earn scheme. Supportive policies including parental and carer's leave. Wellbeing focus with tools like Group Income Protection and 24/7 GP access. At Solus, we value inclusivity and welcome all applicants. If you're excited but don't tick every box, we encourage you to apply-your unique skills might be just what we need. We guarantee an interview for disabled applicants meeting the minimum criteria-just email us after applying to let us know. Ready to join us? Apply online today, and our team will be in touch within 14 days.
May 24, 2026
Full time
Overview At Solus, we are strengthening our technology governance and cyber resilience as we continue to grow. We are looking for an IT Governance, Risk and Compliance (GRC) Analyst to help us maintain a secure, well governed and compliant technology environment across the business. This is a great role for someone who enjoys analysing detail, challenging constructively, influencing stakeholders and helping teams make confident, risk-based decisions. About the role As our IT GRC Analyst, you will support the Cyber Security, Risk and Assurance function with a mixture of governance activity, assurance reviews, supplier assessments and compliance oversight. You will help us meet Aviva Group requirements, regulatory expectations and industry standards while ensuring our technology risks are understood and well managed. Location: Hybrid (Stansted - 3 days per week, 2 days remote) Responsibilities Maintain and improve our IT risk register, ensuring risks are clear, evidenced and tracked Support risk owners with guidance on controls, remediation and governance requirements Complete compliance reviews, control testing and assurance activities Produce risk and compliance reporting for leadership forums Carry out supplier assurance assessments, recommend improvements and escalate risk where needed Keep IT policies and standards up to date and aligned with Aviva and recognised frameworks Provide clear insight to non technical colleagues on risk, controls and potential impacts Support Group assurance activity and represent Solus in relevant forums This is an individual contributor role with a high level of ownership and plenty of opportunity to influence how we operate. Qualifications You will thrive in this role if you have: Knowledge of GRC frameworks such as ISO 27001, NIST CSF, Cyber Essentials or DPA Experience in risk management, governance or cyber/security assurance The ability to analyse complex information and turn it into clear, meaningful insight Confidence challenging and advising colleagues at all levels Strong communication and stakeholder management skills Certifications such as CISM, CRISC or CGRC are desirable but not essential. Who are Solus? Solus, who are owned by Aviva, are one of the UK leaders in vehicle repairs, returning cars to the road in just 11 days on average and a 4.6/5 star customer rating. With an award-winning apprenticeship programme and winners of other recognised industry awards Solus are proud to be shaping the future of vehicle repair. Why Join Solus? We have so much to offer when it comes to being a Solus colleague: Competitive salary based on location, skills, experience, and qualifications. Bonus opportunity tied to your performance and the overall success of Solus. Company pension scheme with employer contributions. 33 days' holiday (including bank holidays), with the option to buy or sell up to 5 days. Save money with up to 40% discount on Aviva products and other retailer discounts. Share in Aviva's success through the Aviva Save As You Earn scheme. Supportive policies including parental and carer's leave. Wellbeing focus with tools like Group Income Protection and 24/7 GP access. At Solus, we value inclusivity and welcome all applicants. If you're excited but don't tick every box, we encourage you to apply-your unique skills might be just what we need. We guarantee an interview for disabled applicants meeting the minimum criteria-just email us after applying to let us know. Ready to join us? Apply online today, and our team will be in touch within 14 days.
Information Security Analyst (GRC) Attractive salary & package. Hertfordshire - with flexibility to work from home. A global client of ours are looking to hire an Information Security Analyst. T his company offer the chance for you to work in a very attractive industry, with a great benefit package also. This Information Security Analyst (GRC) role would suit someone with experience with information security risk assessments, reporting risks and who holds the ISO 27001 lead implementer/auditor certification. Any other certifications that you hold will be beneficial. Experience dealing with non-UK entities & stakeholder management experience will also be very attractive. In this role you will be performing regular checks and audits of the Security environment. If you would like to know more, please do get in touch. Unfortunately, this company is unable to provide sponsorship
Oct 07, 2025
Full time
Information Security Analyst (GRC) Attractive salary & package. Hertfordshire - with flexibility to work from home. A global client of ours are looking to hire an Information Security Analyst. T his company offer the chance for you to work in a very attractive industry, with a great benefit package also. This Information Security Analyst (GRC) role would suit someone with experience with information security risk assessments, reporting risks and who holds the ISO 27001 lead implementer/auditor certification. Any other certifications that you hold will be beneficial. Experience dealing with non-UK entities & stakeholder management experience will also be very attractive. In this role you will be performing regular checks and audits of the Security environment. If you would like to know more, please do get in touch. Unfortunately, this company is unable to provide sponsorship
IT Security Analyst Location: Hybrid - Middlesbrough Salary: 50,000 - 60,000 + Benefits 83zero are partnered with a market-leading software company who are on a mission to transform the construction and related industries through their end-to-end digital solutions. With teams across the UK, Europe, USA and India, they are delivering large-scale transformation projects on a global scale and are continuing to expand. We are now looking for a highly organised and detail-driven IT Security Analyst to join their growing security function. This role plays a key part in securing customer trust and supplier integrity, ensuring compliance with recognised frameworks, and supporting wider security initiatives. The Role Own and manage responses to customer security questionnaires (SIG, CAIQ, bespoke). Work cross-functionally with Legal, Compliance, Procurement, Product and Security teams. Maintain the security assurance matrix in line with ISO 27001, Cyber Essentials, and SOC 2. Act as the key point of contact for security assurance queries. Conduct vendor risk assessments against ISO 27001, NIST, and CIS Controls. Manage the third-party due diligence programme, including onboarding and periodic reviews. Track and publish key security metrics such as risk severity, SLA adherence, and turnaround times. Provide audit artefacts and support internal/external audits. Contribute to broader security initiatives and continuous improvement within the organisation. About You 3+ years' experience in Information Security, GRC, or Vendor Risk Management. Strong experience issuing or responding to security questionnaires. Knowledge of ISO 27001 Annex A, SOC 2, and GDPR/CCPA. Excellent communication skills, able to translate technical risk to non-technical stakeholders. Eligible to work in the UK and able to pass background checks. Desirable: Certifications such as CRISC, CISSP, CISA, or ISO 27001 Lead Auditor. Familiarity with SaaS/cloud platforms (AWS, Azure, GCP). Understanding of secure software supply chains (SBOM, SLSA). What's on Offer 50,000 - 55,000 base salary 25 days annual leave + public holidays (increasing with service) Matched pension scheme Private medical insurance & life assurance Fitness allowance Paid study leave & volunteering days Flexible hybrid working Excellent career development and training opportunities
Oct 03, 2025
Full time
IT Security Analyst Location: Hybrid - Middlesbrough Salary: 50,000 - 60,000 + Benefits 83zero are partnered with a market-leading software company who are on a mission to transform the construction and related industries through their end-to-end digital solutions. With teams across the UK, Europe, USA and India, they are delivering large-scale transformation projects on a global scale and are continuing to expand. We are now looking for a highly organised and detail-driven IT Security Analyst to join their growing security function. This role plays a key part in securing customer trust and supplier integrity, ensuring compliance with recognised frameworks, and supporting wider security initiatives. The Role Own and manage responses to customer security questionnaires (SIG, CAIQ, bespoke). Work cross-functionally with Legal, Compliance, Procurement, Product and Security teams. Maintain the security assurance matrix in line with ISO 27001, Cyber Essentials, and SOC 2. Act as the key point of contact for security assurance queries. Conduct vendor risk assessments against ISO 27001, NIST, and CIS Controls. Manage the third-party due diligence programme, including onboarding and periodic reviews. Track and publish key security metrics such as risk severity, SLA adherence, and turnaround times. Provide audit artefacts and support internal/external audits. Contribute to broader security initiatives and continuous improvement within the organisation. About You 3+ years' experience in Information Security, GRC, or Vendor Risk Management. Strong experience issuing or responding to security questionnaires. Knowledge of ISO 27001 Annex A, SOC 2, and GDPR/CCPA. Excellent communication skills, able to translate technical risk to non-technical stakeholders. Eligible to work in the UK and able to pass background checks. Desirable: Certifications such as CRISC, CISSP, CISA, or ISO 27001 Lead Auditor. Familiarity with SaaS/cloud platforms (AWS, Azure, GCP). Understanding of secure software supply chains (SBOM, SLSA). What's on Offer 50,000 - 55,000 base salary 25 days annual leave + public holidays (increasing with service) Matched pension scheme Private medical insurance & life assurance Fitness allowance Paid study leave & volunteering days Flexible hybrid working Excellent career development and training opportunities
IT Security Analyst Location: Hybrid - Buckinghamshire Salary: 50,000 - 55,000 + Benefits 83zero are partnered with a market-leading software company who are on a mission to transform the construction and related industries through their end-to-end digital solutions. With teams across the UK, Europe, USA and India, they are delivering large-scale transformation projects on a global scale and are continuing to expand. We are now looking for a highly organised and detail-driven IT Security Analyst to join their growing security function. This role plays a key part in securing customer trust and supplier integrity, ensuring compliance with recognised frameworks, and supporting wider security initiatives. The Role Own and manage responses to customer security questionnaires (SIG, CAIQ, bespoke). Work cross-functionally with Legal, Compliance, Procurement, Product and Security teams. Maintain the security assurance matrix in line with ISO 27001, Cyber Essentials, and SOC 2. Act as the key point of contact for security assurance queries. Conduct vendor risk assessments against ISO 27001, NIST, and CIS Controls. Manage the third-party due diligence programme, including onboarding and periodic reviews. Track and publish key security metrics such as risk severity, SLA adherence, and turnaround times. Provide audit artefacts and support internal/external audits. Contribute to broader security initiatives and continuous improvement within the organisation. About You 3+ years' experience in Information Security, GRC, or Vendor Risk Management. Strong experience issuing or responding to security questionnaires. Knowledge of ISO 27001 Annex A, SOC 2, and GDPR/CCPA. Excellent communication skills, able to translate technical risk to non-technical stakeholders. Eligible to work in the UK and able to pass background checks. Desirable: Certifications such as CRISC, CISSP, CISA, or ISO 27001 Lead Auditor. Familiarity with SaaS/cloud platforms (AWS, Azure, GCP). Understanding of secure software supply chains (SBOM, SLSA). What's on Offer 50,000 - 55,000 base salary 25 days annual leave + public holidays (increasing with service) Matched pension scheme Private medical insurance & life assurance Fitness allowance Paid study leave & volunteering days Flexible hybrid working Excellent career development and training opportunities
Oct 03, 2025
Full time
IT Security Analyst Location: Hybrid - Buckinghamshire Salary: 50,000 - 55,000 + Benefits 83zero are partnered with a market-leading software company who are on a mission to transform the construction and related industries through their end-to-end digital solutions. With teams across the UK, Europe, USA and India, they are delivering large-scale transformation projects on a global scale and are continuing to expand. We are now looking for a highly organised and detail-driven IT Security Analyst to join their growing security function. This role plays a key part in securing customer trust and supplier integrity, ensuring compliance with recognised frameworks, and supporting wider security initiatives. The Role Own and manage responses to customer security questionnaires (SIG, CAIQ, bespoke). Work cross-functionally with Legal, Compliance, Procurement, Product and Security teams. Maintain the security assurance matrix in line with ISO 27001, Cyber Essentials, and SOC 2. Act as the key point of contact for security assurance queries. Conduct vendor risk assessments against ISO 27001, NIST, and CIS Controls. Manage the third-party due diligence programme, including onboarding and periodic reviews. Track and publish key security metrics such as risk severity, SLA adherence, and turnaround times. Provide audit artefacts and support internal/external audits. Contribute to broader security initiatives and continuous improvement within the organisation. About You 3+ years' experience in Information Security, GRC, or Vendor Risk Management. Strong experience issuing or responding to security questionnaires. Knowledge of ISO 27001 Annex A, SOC 2, and GDPR/CCPA. Excellent communication skills, able to translate technical risk to non-technical stakeholders. Eligible to work in the UK and able to pass background checks. Desirable: Certifications such as CRISC, CISSP, CISA, or ISO 27001 Lead Auditor. Familiarity with SaaS/cloud platforms (AWS, Azure, GCP). Understanding of secure software supply chains (SBOM, SLSA). What's on Offer 50,000 - 55,000 base salary 25 days annual leave + public holidays (increasing with service) Matched pension scheme Private medical insurance & life assurance Fitness allowance Paid study leave & volunteering days Flexible hybrid working Excellent career development and training opportunities
Security Risk Analyst 6-month contract London/Remote Inside IR35 My Customer is looking for a Security Risk Analyst to join their Governance, Risk & Compliance (GRC) team. You will play a key role in strengthening their risk management processes, working primarily with Archer and other GRC tools to support risk assessment, compliance, and governance activities. In this role, you will be responsible for identifying, assessing, and tracking security risks across assets, systems, and third parties, ensuring compliance with internal standards, policies, and regulatory frameworks. Key Skills from the Security Risk Analyst: Strong background in Security Risk and Governance with hands-on experience in Archer (experience with other GRC tools is also valuable). Solid understanding of risk assessment methodologies, security frameworks (NIST, ISO (phone number removed , and compliance requirements (GDPR, PCI DSS, SOX). Strong written communication skills, able to produce clear technical reports and risk documentation. Excellent stakeholder management, able to collaborate across technical and non-technical teams. Beneficial certifications: CISSP, CISA, CISM (or equivalent). ISO27001 / ISMS Accredited qualifications would be beneficial Experience working in financial sector would be beneficial Experience in ensuring internal IT system compliance against agreed standards Key Responsibilities of the Security Risk Analyst: Maintain and improve the security risk assessment framework, procedures, and workflows. Manage and update security questionnaires to align with compliance requirements, industry standards, and regulations. Conduct asset-level and third-party/vendor risk assessments. Analyse and document inherent and residual risks, providing clear recommendations. Produce detailed technical reports highlighting findings, control gaps, and proposed remediation plans. Drive remediation Perform periodic and ad-hoc risk assessments in line with organisational policies. The Security Risk Analyst is required onsite in London, once a week. Apply now to speak with VIQU IT in confidence about the Security Risk Analyst role. Or reach out to Connor Smal via the VIQU IT website. Do you know someone great? We ll thank you with up to £1,000 if your referral is successful (terms apply). For more exciting roles and opportunities like this, please follow us on IT Recruitment.
Oct 02, 2025
Contractor
Security Risk Analyst 6-month contract London/Remote Inside IR35 My Customer is looking for a Security Risk Analyst to join their Governance, Risk & Compliance (GRC) team. You will play a key role in strengthening their risk management processes, working primarily with Archer and other GRC tools to support risk assessment, compliance, and governance activities. In this role, you will be responsible for identifying, assessing, and tracking security risks across assets, systems, and third parties, ensuring compliance with internal standards, policies, and regulatory frameworks. Key Skills from the Security Risk Analyst: Strong background in Security Risk and Governance with hands-on experience in Archer (experience with other GRC tools is also valuable). Solid understanding of risk assessment methodologies, security frameworks (NIST, ISO (phone number removed , and compliance requirements (GDPR, PCI DSS, SOX). Strong written communication skills, able to produce clear technical reports and risk documentation. Excellent stakeholder management, able to collaborate across technical and non-technical teams. Beneficial certifications: CISSP, CISA, CISM (or equivalent). ISO27001 / ISMS Accredited qualifications would be beneficial Experience working in financial sector would be beneficial Experience in ensuring internal IT system compliance against agreed standards Key Responsibilities of the Security Risk Analyst: Maintain and improve the security risk assessment framework, procedures, and workflows. Manage and update security questionnaires to align with compliance requirements, industry standards, and regulations. Conduct asset-level and third-party/vendor risk assessments. Analyse and document inherent and residual risks, providing clear recommendations. Produce detailed technical reports highlighting findings, control gaps, and proposed remediation plans. Drive remediation Perform periodic and ad-hoc risk assessments in line with organisational policies. The Security Risk Analyst is required onsite in London, once a week. Apply now to speak with VIQU IT in confidence about the Security Risk Analyst role. Or reach out to Connor Smal via the VIQU IT website. Do you know someone great? We ll thank you with up to £1,000 if your referral is successful (terms apply). For more exciting roles and opportunities like this, please follow us on IT Recruitment.
Are you ready to make a meaningful impact in the world of cyber security? At UK Power Networks, we're seeking a dedicated Senior Cyber Security Risk Specialist to join our Information Systems directorate in either our London or Crawley office. With a competitive salary of up to 75,000.00 plus a 7.5% bonus. Step into a pivotal role where your skills and insights will help shape the security posture of a leading energy distribution company. You'll report directly to the Cyber Security Governance, Risk & Compliance Manager and play a vital part in safeguarding essential business operations from evolving cyber threats. The role is dynamic and collaborative, involving close teamwork with a group of 8-10 GRC professionals and expert partners. You'll mentor less experienced analysts, offer guidance and training, and occasionally deputise for the GRC Manager, representing UK Power Networks at industry forums and regulatory working groups. Communication is at the heart of this position; you'll interact regularly with senior management across IT, IS, and the broader business, as well as with auditors and third-party partners, translating technical risks into actionable recommendations. Your main accountabilities will revolve around conducting cyber security risk assessments using the UK Power Networks framework, identifying, tracking, and remediating control environment risks, and ensuring third-party risks are also addressed. You'll produce management information and regulatory submissions, maintain compliance with major standards like ISO 27001/27002, and provide assurance for policy compliance. Establishing robust GRC policies and procedures, developing the IT controls framework, and supporting business continuity and disaster recovery planning will all fall under your remit. You'll operate and improve our information security management system, ensure ongoing compliance with legal and regulatory requirements such as Cyber Essentials, NIS Regulations, and the Smart Energy Code, and support technical implementation of GRC tools. Imagine being part of a team that is integral to delivering seamless technology solutions and continuous improvement throughout the organisation. The Information Systems Department underpins our commitment to operational excellence, customer service, and cyber resilience. In this role, you'll assess IT and cyber risks, drive improvements in our cyber maturity, collaborate with a variety of internal and external partners, and enable UK Power Networks to maintain its license to operate by demonstrating a strong and sustainable security posture. We're looking for someone with practical experience in GRC, audit, or cyber security, and with relevant training in cyber risk assessment. You should have a deep knowledge of at least three specialist areas such as industry standards, operational controls, risk management, business continuity, or supply chain security. Professional certifications like CISSP, CompTIA, CISA, CISM, CRISC, or an academic background in information security will be highly valued, along with hands-on experience in compliance frameworks, IT/OT risk assessments, and audit engagements. Familiarity with regulated environments, especially within the energy sector, will be advantageous. Beyond a competitive salary and bonus, we offer 25 days of annual leave plus bank holidays, reservist leave, a generous pension plan, tenancy loan deposit and season ticket schemes, tax-efficient benefits, health support, retail discounts, and an employee assistance programme. We are committed to supporting your health, safety, and wellbeing, and are proud to be an equal opportunity employer who values diversity and inclusion at every level. If you are motivated to support a critical infrastructure business, thrive in a collaborative environment, and are passionate about advancing cyber security, we invite you to apply and become a key player in the future of UK Power Networks. Take the next step towards an exciting and rewarding career-your expertise could make all the difference. Click apply to view the full job description on our careers page with a closing date of 28/09/2025
Sep 23, 2025
Full time
Are you ready to make a meaningful impact in the world of cyber security? At UK Power Networks, we're seeking a dedicated Senior Cyber Security Risk Specialist to join our Information Systems directorate in either our London or Crawley office. With a competitive salary of up to 75,000.00 plus a 7.5% bonus. Step into a pivotal role where your skills and insights will help shape the security posture of a leading energy distribution company. You'll report directly to the Cyber Security Governance, Risk & Compliance Manager and play a vital part in safeguarding essential business operations from evolving cyber threats. The role is dynamic and collaborative, involving close teamwork with a group of 8-10 GRC professionals and expert partners. You'll mentor less experienced analysts, offer guidance and training, and occasionally deputise for the GRC Manager, representing UK Power Networks at industry forums and regulatory working groups. Communication is at the heart of this position; you'll interact regularly with senior management across IT, IS, and the broader business, as well as with auditors and third-party partners, translating technical risks into actionable recommendations. Your main accountabilities will revolve around conducting cyber security risk assessments using the UK Power Networks framework, identifying, tracking, and remediating control environment risks, and ensuring third-party risks are also addressed. You'll produce management information and regulatory submissions, maintain compliance with major standards like ISO 27001/27002, and provide assurance for policy compliance. Establishing robust GRC policies and procedures, developing the IT controls framework, and supporting business continuity and disaster recovery planning will all fall under your remit. You'll operate and improve our information security management system, ensure ongoing compliance with legal and regulatory requirements such as Cyber Essentials, NIS Regulations, and the Smart Energy Code, and support technical implementation of GRC tools. Imagine being part of a team that is integral to delivering seamless technology solutions and continuous improvement throughout the organisation. The Information Systems Department underpins our commitment to operational excellence, customer service, and cyber resilience. In this role, you'll assess IT and cyber risks, drive improvements in our cyber maturity, collaborate with a variety of internal and external partners, and enable UK Power Networks to maintain its license to operate by demonstrating a strong and sustainable security posture. We're looking for someone with practical experience in GRC, audit, or cyber security, and with relevant training in cyber risk assessment. You should have a deep knowledge of at least three specialist areas such as industry standards, operational controls, risk management, business continuity, or supply chain security. Professional certifications like CISSP, CompTIA, CISA, CISM, CRISC, or an academic background in information security will be highly valued, along with hands-on experience in compliance frameworks, IT/OT risk assessments, and audit engagements. Familiarity with regulated environments, especially within the energy sector, will be advantageous. Beyond a competitive salary and bonus, we offer 25 days of annual leave plus bank holidays, reservist leave, a generous pension plan, tenancy loan deposit and season ticket schemes, tax-efficient benefits, health support, retail discounts, and an employee assistance programme. We are committed to supporting your health, safety, and wellbeing, and are proud to be an equal opportunity employer who values diversity and inclusion at every level. If you are motivated to support a critical infrastructure business, thrive in a collaborative environment, and are passionate about advancing cyber security, we invite you to apply and become a key player in the future of UK Power Networks. Take the next step towards an exciting and rewarding career-your expertise could make all the difference. Click apply to view the full job description on our careers page with a closing date of 28/09/2025
