Merseyside, England, United Kingdom Hybrid / WFH Options
Maxwell Bond
AM – 5:30 PM A growing UK-based organisation in the insurance and financial services sector is looking for a GRC Analyst to join their expanding Information Security & Risk team. This opportunity offers a hybrid working model and the chance to play a key role in shaping governance, risk, and compliance across the business during a period of … transformation. The role provides visibility across senior stakeholders and business units while ensuring alignment with regulatory and industry standards. 🔐 Key Responsibilities Support and lead security risk assessments , ensuring risks are documented, tracked, and remediated. Develop, review, and maintain information security and governance policies, standards, and procedures . Manage and improve third-party/vendor risk management processes and … assurance activities. Monitor compliance with regulatory requirements (e.g. FCA, GDPR ) and security frameworks (e.g. ISO 27001, NIST, CIS ). Provide oversight on the riskregister and support risk committees with reporting and metrics. Support internal and external audits , collating evidence and ensuring timely remediation of findings. Deliver security awareness initiatives and foster a strong culture of compliance More ❯
Warrington, Cheshire, United Kingdom Hybrid / WFH Options
Babcock Mission Critical Services España SA
and all programme partners. Foster strong working relationships with design and programme teams to integrate security measures seamlessly with alignment of cybersecurity strategies with client and partner goals. Conduct risk assessments and vulnerability analyses across all digital systems. Providing mitigation strategies to address security risks, monitoring threats and vulnerabilities. Oversee the secure architecture, design, and implementation of all programme … MOD IT Domain, including knowledge of Government/MOD IA policy and process including JSP440, JSP453, JSP628, DIANs and NCSC IA guidance. Able to demonstrate the application of contextualised risk management in the application of technical/procedural/physical security controls within the risk/cost/benefit space. Security Documentation management to include - but not limited … to - review and update of related IA documents including RMADS, Security Cases, SyOPs, Business Impact Assessments, Data Protection Impact Assessments, Risk Registers, DART/Oculus entries, Risk Balance Cases, Information Asset Owner forms, Supplier Assurance Questionnaires. Experienced in relevant Security Policy and Cyber Security Frameworks including the GovS 007, MOD Secure by Design (SbD), ISO27001 - Information Security Management More ❯
