1 to 25 of 57 Permanent Risk Register Jobs in the UK excluding London

value projects across multiple industries. Managing the full project lifecycle – from planning and scoping through to delivery and reporting. Creating and maintaining detailed documentation including project plans, RAID logs, risk registers, and status updates. Coordinating with cross-functional teams and stakeholders to ensure aligned and timely delivery. Supporting business development activities such as RFPs, tenders, and proposal writing. Facilitating More ❯

Senior Cybersecurity Risk Analyst (Remote) needed, £28.49ph PAYE - Reference: RQ Role Overview We are looking for a highly skilled and technically proficient Senior Cybersecurity Risk Analyst to join our team on an interim basis. This role is critical in identifying, assessing, and managing information security risks across the organization. The ideal candidate will have a strong technical background … the ability to translate threats into business risks, and experience working in fast-paced environments. Key Responsibilities - Conduct in-depth security risk assessments across systems, applications, and infrastructure. - Identify and evaluate technical and operational risks, vulnerabilities, and control gaps. - Translate complex technical threats into clear, actionable business risks. - Maintain and update the Cybersecurity Risk Register. - Produce detailed risk … the Security Operations Centre (SOC). - Support compliance with relevant standards (e.g. ISO 27001, NIST, UK GDPR). - Review security aspects of tenders and conduct third-party/vendor risk assessments to ensure alignment with organisational security requirements. - Perform additional security-related tasks as directed by the Head of Information Security You will Ideally have - - Proven experience in technical More ❯

Role Overview We're looking for an experienced Senior Cyber Risk Analyst to join a purpose-driven organisation on a part-time basis . In this role, you'll take the lead in strengthening the organisation's security posture by driving forward incident response, vulnerability management, and compliance initiatives. You'll be a key player in embedding security best … Work 7-hour days, 3 days a week Act as a trusted advisor on information security matters, supporting projects, solution development, and change initiatives with expert guidance. Perform regular risk evaluations to uncover and address potential security gaps. Lead the end-to-end management of security incidents, ensuring swift and effective resolution. Design and deliver engaging training sessions to … Essentials Plus, ISO 27001, and PCI DSS. What you'll need to succeed Willingness to work 7-hour days, 3 days a week Demonstrated expertise in conducting technical security risk assessments and developing threat models. Comprehensive knowledge of core cybersecurity domains, including network, endpoint, and cloud security. Skilled at translating technical vulnerabilities into business-relevant language for diverse audiences. More ❯

This role is crucial in ensuring IT risks are identified, measured, and actively managed to protect the organisation from potential impacts. You will develop and implement IT policies, conduct risk assessments, and ensure compliance with regulatory requirements while driving improvements in IT governance processes. Key Accountabilities * Identify, evaluate, and manage IT risks across infrastructure, data protection, and lifecycle management. … Own and maintain the IT risk register, ensuring mitigation plans are in place. * Align risk management frameworks with industry standards (ISO27001, NIST, CIS Critical Controls). * Lead IT audits, coordinate fieldwork, and track findings to ensure timely resolution. * Develop and implement IT policies, procedures, and security awareness initiatives. * Act as an SME, providing guidance on IT governance … compliance, and risk mitigation strategies. Required Skills & Qualifications * Proven experience in IT risk management, security governance, and compliance. * Strong knowledge of ISO27001, GDPR, PCI-DSS, and cybersecurity frameworks. * Experience in IT audit coordination and risk assessment methodologies. * Excellent communication and stakeholder management skills. * Desirable - Certifications such as CRISC, CISA, CISM, or CISSP Benefits * 10% discretionary performance related More ❯

adheres to best practices and legislation in data protection, information security, quality management, environmental compliance and industry-specific security standards. The ideal candidate will have experience in compliance management, risk assessment, audits, security frameworks and policy implementation. They will need to work across teams such as IT, Operations, Finance, Delivery and Engineering to ensure robust governance, risk management … and compliance Information security and Cyber Essentials Plus Oversee Cyber Essentials Plus compliance ensuring security controls are in place Work closely with the IT team to assess vulnerabilities, manage risk and implement cyber security policies Work with the Head of IT to manage incident response planning and ensure security incidents are managed in line with best practices Data protection … Assessments (DPIAs) Implement processes around Data Subject Access Requests (DSARs) and breach management Ensure compliance with any client and third-party data processing agreements (DPAs) and data retention rules Risk management and policy development Review, update, maintain and enforce policies and procedures related to: Information security Data protection Environmental sustainability Business continuity Incident response Supplier security assessment Maintain a More ❯

IT Risk & Compliance Manager Location: Newport Job Type: Full-time, Hybrid (1 day per week) Salary: 60 - 70K plus benefits We are seeking an IT Risk & Compliance Manager to join our client's IT team. This role is crucial in ensuring IT risks are identified, measured, and actively managed to protect the organisation from potential impacts. You will … develop and implement IT policies, conduct risk assessments, and ensure compliance with regulatory requirements while driving improvements in IT governance processes. Key Accountabilities * Identify, evaluate, and manage IT risks across infrastructure, data protection, and lifecycle management. * Own and maintain the IT risk register, ensuring mitigation plans are in place. * Align risk management frameworks with industry standards … fieldwork, and track findings to ensure timely resolution. * Develop and implement IT policies, procedures, and security awareness initiatives. * Act as an SME, providing guidance on IT governance, compliance, and risk mitigation strategies. Required Skills & Qualifications * Proven experience in IT risk management, security governance, and compliance. * Strong knowledge of ISO27001, GDPR, PCI-DSS, and cybersecurity frameworks. * Experience in IT More ❯

IT Risk & Compliance Manager Location: Newport Job Type: Full-time, Hybrid (1 day per week) Salary: 60 - 70K plus benefits We are seeking an IT Risk & Compliance Manager to join our client's IT team. This role is crucial in ensuring IT risks are identified, measured, and actively managed to protect the organisation from potential impacts. You will … develop and implement IT policies, conduct risk assessments, and ensure compliance with regulatory requirements while driving improvements in IT governance processes. Key Accountabilities Identify, evaluate, and manage IT risks across infrastructure, data protection, and lifecycle management. Own and maintain the IT risk register, ensuring mitigation plans are in place. Align risk management frameworks with industry standards … fieldwork, and track findings to ensure timely resolution. Develop and implement IT policies, procedures, and security awareness initiatives. Act as an SME, providing guidance on IT governance, compliance, and risk mitigation strategies. Required Skills & Qualifications Proven experience in IT risk management, security governance, and compliance. Strong knowledge of ISO27001, GDPR, PCI-DSS, and cybersecurity frameworks. Experience in IT More ❯

escalation routes, and RAG-rate accordingly Ensure accurate and timely reporting to internal governance structures Coordinate project documentation, audit trails, and evidence for funding compliance Maintain and update programme risk registers, working with Finance, Assurance and Delivery teams Lead on monthly SPOC site visits and implementation checks with stakeholders Contribute to wider programme planning, communications, procurement, and evaluation activity … in project or programme management, ideally within energy, construction, regeneration, or public services A clear understanding of grant-funded programme delivery, monitoring and compliance Strong skills in stakeholder engagement, risk management, and financial forecasting Experience in analysing performance data and presenting recommendations Excellent interpersonal and communication skills across technical and non-technical audiences Ability to manage competing priorities and … a week spent in the office. How to apply . Applying for a role with WMCA is straight forward. Follow these steps to get started. Create your Careers Account. Register with your name, email address, and a password. Build your Profile. Upload your CV to help populate your career and education details. Write your Supporting Statement. Make sure to More ❯

system design, deployment, and ongoing operations. Define cybersecurity requirements within the client's environment, including rail-specific systems, legacy OT, and modern industrial platforms. Support developing and delivering security risk assessments, threat models, and control frameworks following the relevant standards. Contribute to the production and review of assurance artefacts, including security cases, risk registers, control implementation evidence, and … depth understanding of operational technology (OT) environments, including SCADA systems, field devices, industrial protocols, and control network architectures. Firm grounding in cybersecurity principles for critical infrastructure, including threat modelling, risk analysis, defence-in-depth, and zero-trust architectures. Demonstrated ability to define, implement, and assure security controls across complex OT/IT systems within large engineering or infrastructure programmes. … safety standards. Strong communication and stakeholder engagement skills, with the ability to liaise confidently across engineering, programme delivery, assurance, and regulatory audiences. Ability to produce high-quality documentation, including risk assessments, technical guidance, assurance artefacts, and audit-ready deliverables. Familiarity with UK cybersecurity regulations and sector guidance, including the NIS Regulations, CNI expectations, and industry-specific frameworks. Capable of More ❯

system design, deployment, and ongoing operations. Define cybersecurity requirements within the client's environment, including rail-specific systems, legacy OT, and modern industrial platforms. Support developing and delivering security risk assessments, threat models, and control frameworks following the relevant standards. Contribute to the production and review of assurance artefacts, including security cases, risk registers, control implementation evidence, and … depth understanding of operational technology (OT) environments, including SCADA systems, field devices, industrial protocols, and control network architectures. Firm grounding in cybersecurity principles for critical infrastructure, including threat modelling, risk analysis, defence-in-depth, and zero-trust architectures. Demonstrated ability to define, implement, and assure security controls across complex OT/IT systems within large engineering or infrastructure programmes. … safety standards. Strong communication and stakeholder engagement skills, with the ability to liaise confidently across engineering, programme delivery, assurance, and regulatory audiences. Ability to produce high-quality documentation, including risk assessments, technical guidance, assurance artefacts, and audit-ready deliverables. Familiarity with UK cybersecurity regulations and sector guidance, including the NIS Regulations, CNI expectations, and industry-specific frameworks. Capable of More ❯

party providers Promoting a culture of collaboration, transparency, and service excellence Key Deliverables End-to-end IT service governance and assurance Up-to-date licensing schedules , cost controls, and risk registers Effective reporting on service metrics , issues, and compliance gaps Coordination of risk management , change control, and continuous improvement Delivery of reliable, secure, and scalable IT services aligned More ❯

stakeholders across the business, managing multiple projects and driving efficiencies through innovative technology solutions. Key Responsibilities: Lead and manage full lifecycle software implementation projects. Develop and maintain project plans, risk registers, and stakeholder communications. Ensure projects are delivered on time, within scope, and budget. Liaise with internal teams, external vendors, and clients to align project goals. Identify and mitigate More ❯

Lead and manage the full lifecycle of IT projects, from initiation and planning through to execution, monitoring, controlling, and closure. Develop and maintain comprehensive project documentation, including project plans, risk registers, issue logs, and progress reports. Effectively manage project budgets, timelines, resources, and scope, ensuring projects are delivered on time and within budget. Build and maintain strong relationships with More ❯

European regulations (e.g., GDPR, DORA, PSD2 SCA, CSSF) and global standards (PCI DSS, SWIFT CSP). This role requires technical knowledge, strategic thinking, and expertise in managing third-party risk, outsourcing compliance, and identity governance to safeguard operational resilience. What you will be doing: Regulatory & Technical Compliance: Support compliance with GDPR and complementary regulations like DORA (Digital Operational Resilience … DSS, and SWIFT CSP into technical security controls. Maintain IT security governance frameworks (ISO 27001, NIST CSF, CIS Controls). Manage and maintain Security Policies and procedures Third-Party Risk & Outsourcing Management: Design and implement third-party risk management programs to assess vendors, cloud providers, and outsourced services. Ensure compliance with DORA’s outsourcing requirements, including due diligence … planning. Audit & Assurance: Participate in internal/external audits (ISO 27001, SOC 2) and regulatory examinations, focusing on third-party and outsourcing compliance. Remediate gaps in processes or documentation. Risk Management: Maintain the enterprise risk register, prioritizing risks tied to third-party dependencies, outsourcing, and ICT disruptions. Quantify risks using methodologies. Technical Compliance & Security: Advise on vulnerability More ❯

European regulations (e.g., GDPR, DORA, PSD2 SCA, CSSF) and global standards (PCI DSS, SWIFT CSP). This role requires technical knowledge, strategic thinking, and expertise in managing third-party risk, outsourcing compliance, and identity governance to safeguard operational resilience. What you will be doing: Regulatory & Technical Compliance: Support compliance with GDPR and complementary regulations like DORA (Digital Operational Resilience … DSS, and SWIFT CSP into technical security controls. Maintain IT security governance frameworks (ISO 27001, NIST CSF, CIS Controls). Manage and maintain Security Policies and procerdures Third-Party Risk & Outsourcing Management: Design and implement third-party risk management programs to assess vendors, cloud providers, and outsourced services. Ensure compliance with DORA’s outsourcing requirements, including due diligence … planning. Audit & Assurance: Participate in internal/external audits (ISO 27001, SOC 2) and regulatory examinations, focusing on third-party and outsourcing compliance. Remediate gaps in processes or documentation. Risk Management: Maintain the enterprise risk register, prioritizing risks tied to third-party dependencies, outsourcing, and ICT disruptions. Quantify risks using methodologies. Technical Compliance & Security: Advise on vulnerability More ❯

European regulations (e.g., GDPR, DORA, PSD2 SCA, CSSF) and global standards (PCI DSS, SWIFT CSP). This role requires technical knowledge, strategic thinking, and expertise in managing third-party risk , outsourcing compliance , and identity governance to safeguard operational resilience. What you will be doing: Regulatory & Technical Compliance: Support compliance with GDPR and complementary regulations like DORA (Digital Operational Resilience … DSS , and SWIFT CSP into technical security controls. Maintain IT security governance frameworks (ISO 27001, NIST CSF, CIS Controls). Manage and maintain Security Policies and procerdures Third-Party Risk & Outsourcing Management: Design and implement third-party risk management programs to assess vendors, cloud providers, and outsourced services. Ensure compliance with DORA’s outsourcing requirements , including due diligence … planning. Audit & Assurance: Participate in internal/external audits (ISO 27001, SOC 2) and regulatory examinations, focusing on third-party and outsourcing compliance. Remediate gaps in processes or documentation. Risk Management: Maintain the enterprise risk register , prioritizing risks tied to third-party dependencies, outsourcing, and ICT disruptions. Quantify risks using methodologies. Technical Compliance & Security: Advise on vulnerability More ❯

councils response to critical cyber incidents, coordinating resolution efforts and informing senior stakeholders. Collaborate with security architects and technical teams to shape and implement cyber security policies, ensuring theyre risk-appropriate and business-friendly. Manage cyber security risks by embedding them into the corporate risk register and advising on appropriate mitigation strategies. Oversee the planning and execution … thinking with a focus on continuous improvement, service excellence, and innovation. Experience managing teams (of varying experience, including apprentices), budgets and suppliers, and working in a high-profile, high-risk environment. Why Join ECC? At ECC, youll be part of a collaborative and ambitious organisation that values creativity, innovation, and excellence. Youll have the opportunity to make a real More ❯

patching, firewall configuration reviews and SIEM alerting. Hold our partners/suppliers to account for spend, performance and behaviour, including diversity within their teams. Maintain and input to the risk register in the technology service, documenting details of any or all risks and their progress to remediation or mitigation. Manage staff performance appropriately by providing constructive feedback and More ❯

stakeholders and colleagues to prioritise delivery Liaise with internal specialist teams and clients to agree scope of work, timeframes, and costs Create and communicate project plans Develop supporting documentation & risk registers Work with lead developers to ensure task estimates are available and monitor progress against estimates Run stand-up meetings with the production team Ensure work is completed to More ❯

stakeholders and colleagues to prioritise delivery Liaise with internal specialist teams and clients to agree scope of work, timeframes, and costs Create and communicate project plans Develop supporting documentation & risk registers Work with lead developers to ensure task estimates are available and monitor progress against estimates Run stand-up meetings with the production team Ensure work is completed to More ❯

Security Risk & Compliance Specialist Department: 61-543 - Technology Operations - Technology Governance Employment Type: Fixed Term Contract Location: UK - Leeds Reporting To: Finlay Stannard Description Are you ready to take the challenge to educate all employees in a young and ambitious organisation about their role in making information security a core part of their modus operandi and conduct to appropriate … behaviour change? DAZN is looking to hire an experienced Head of Risk & Compliance to join their Technology Governance team as a Fixed Term 14-month maternity cover role. Leading a team role overseeing the global strategic implementation of DAZN information security management system (ISMS), the chosen candidate will be responsible for delivering annual workstream activities that form the ISMS … conformity with ISO27001. Managing and delivering annual workstreams for the successful completion of audits against ISO27001 and PCI DSS. Providing subject matter expertise within the area of information security risk, business continuity, and supplier risk management, including managing third party risk management activities. Maintain standards and procedures in relation to information security management. Work closely with DAZNs More ❯

Cleared role, Candidates must hold a current DV level security clearance Overview As Cyber Security Assurance Consultant/IA Consultant is part of the Security Assurance Team (SAT), providing risk management and assurance of programme artefacts. The roles principally includes security manager on programmes of work collaborating across enterprises to produce end-to-end security solutions. Additional roles will … and Features aligned with the relevant Legacy or NIST assurance processes through Security Assurance stories agreed with nominated team Scrum Master . Create security assurance case for releases, including risk assessments and mitigations for identified defects and vulnerabilities . Liaise with Testers, Security Architects and Engineers to ensure smooth assurance process and timely delivery of contribution to assurance cases. … CoCo, RAR, SSP, POAM, OSMP (including SyOps). . Where delivery priorities permit, support the provision of Authority services when Authority is unable to provide such services . Propose Risk Register entries to the Security Lead or Security Assurance Lead as required to agree areas of residual risk with the Authority . Escalate relevant security issues via More ❯

Project Manager with a strong consultancy background to lead and deliver complex Identity and Access Management (IAM) projects across enterprise-level environments. This role will involve managing change and risk frameworks, coordinating with internal and external stakeholders, and ensuring alignment with best practices (ITIL) and compliance with regulatory requirements (e.g., GDPR, SOX). Key Responsibilities: Lead the change management … IAM implementations across enterprise systems, ensuring minimal disruption and maximum adoption. Assess and mitigate risks associated with access management changes, ensuring secure, compliant, and effective solutions. Create and maintain risk registers, define controls, and track mitigation effectiveness through regular reporting. Develop and manage change management frameworks aligned with ITIL best practices to support technology and business transformation. Collaborate with … stakeholders to evaluate change impacts and secure alignment across business units. Monitor and ensure ongoing compliance with security policies, standards, and regulatory frameworks such as GDPR and SOX. Deliver risk assessments and change impact analyses to senior management and governance boards. Lead incident response and problem management activities related to IAM systems and service disruptions. Conduct and escalate commercial More ❯

process. Security: Maintain an understanding of the regulatory and compliance issues driving Sequel's ISMS; With leaders across the business, assist with the maintenance and management of Sequel's Risk Registers; Gain an understanding of the key information risks to the business (systems, networks, data, human error, cyber-attacks); Engage in information security audits, in support of the ongoing … analysis and troubleshooting; Working with external cloud and security providers; Cyber Security experience including resolving issues raised from external PEN testing; Analytical skills in monitoring, evaluating and reporting on risk scenarios; Strong report-writing skills both for policy management and for Team/Board reporting purposes; Communication skills: confidence and clarity in giving direction on information risk issues More ❯

Identify opportunities for process improvements and efficiencies within pension administration projects. Implement best practices and innovative solutions to enhance service delivery. Documentation: Maintain comprehensive project documentation, including project plans, risk registers, and issue logs. Ensure all documentation is accurate, up-to-date, and easily accessible. Training and Support: Provide support to team members and clients on project-related activities More ❯