Security Governance, Assurance & Risk Support
- Support security governance, compliance, and risk management activities.
- Assist with security assessments, control reviews, and remediation tracking.
- Support audits (ISO 27001, SOC 2, PCI DSS) and security control testing.
Security Metrics & Compliance Monitoring
- Monitor security metrics, dashboards, and control performance indicators under the guidance of senior team members
- Identify and record non‑compliance and control deviations against defined security standards, policies, and SLAs
Non‑Compliance Tracking & Remediation Support
- Track security findings, control gaps, and non-compliance issues.
- Partner with application and platform teams to drive remediation actions.
- Monitor remediation progress and maintain risk records and dashboards.
- Escalate overdue actions and high-risk issues in line with governance requirements.
Report & Stakeholder Support
- The role offers exposure to a broad range of security governance, assurance, risk, and compliance activities while contributing to continuous improvement initiatives designed to strengthen security processes, reporting capabilities, and control effectiveness across the organization.
- You will report directly to a Senior Manager and work within a collaborative team environment that values accountability, continuous learning, and professional development.
- You will follow a hybrid working model, requiring 2 days in the office and 3 days working remotely each week.
Desirable Skills & Qualifications
- This requirement necessitates 2+ years of experience in an information security, IT risk, compliance, or audit role (or relevant experience) on your part.
- You need to have understanding of security and risk frameworks such as ISO 27001, SOC 2, or NIST
- Familiarity with security metrics, control monitoring, and compliance reporting
- Analyse information and document findings
- Awareness of cloud, SaaS, or enterprise platforms
- Exposure to security audits, assurance, or compliance activities
- Hands-on experience of security monitoring tools such as Panaseer, Checkmarx, *************
- Security or risk‑related certifications e.g. ISO 27001 Lead Implementor/Auditor, CCSK, CySA+, Security+, CISA, CRISC, CISSP (or working towards)