Information Security Governance, Risk and Compliance Analyst

Join Trustpilot as an Information Security Governance, Risk, and Compliance Analyst, where you'll play a pivotal role in enhancing our security posture. In this dynamic position, you will be responsible for identifying, assessing, and managing security risks while ensuring compliance with relevant regulations and best practices. You'll collaborate with cross-functional teams to promote a culture of security awareness and implement effective governance frameworks.

Join Catapult Sports as a Security & Compliance Analyst and play a crucial role in safeguarding our organization's data and compliance with industry regulations. You will work closely with various teams to identify security vulnerabilities, implement effective controls, and ensure compliance with relevant standards.

Role Overview Evelyn Partners is looking for an Information Security Compliance Analyst in London. This position helps ensure the company’s security policies and procedures meet government regulations and industry standards. The analyst works closely with teams across the business to strengthen security practices. What You Will Do Monitor and assess compliance with security policies and procedures Support risk assessments and internal audits Participate in compliance reviews to identify gaps and recommend improvements Work with other departments to build awareness and improve security controls

Trainline connects millions of travelers with rail and coach tickets, offering a range of options through its app, website, and B2B channels. With a focus on making travel simpler and more sustainable, Trainline partners with over 270 transport companies in 40 countries. The company processes more than 135 million visits monthly and handles £6.3 billion in ticket sales each year. Headquartered in London and present in major European cities, Trainline's team includes more than 1,000 people from 50+ nationalities. The Security team works to strengthen risk management as technology and AI risks change. Collaboration with teams across the business helps keep systems and data secure. Role overview The Senior Information Security Risk Analyst, based in London and reporting to the GRC Manager, will play a key role in advancing Trainline’s security risk management program. This position focuses on addressing both established and emerging risks, particularly those related to AI and cloud technologies. What you will do Manage information security risks, including traditional cyber threats and AI-specific risks such as data quality and model bias. Align risk management activities with Trainline’s business risk appetite. Work with Engineering, Data Science, Legal, and Internal Audit teams to maintain a broad perspective on information, cyber, and AI risks. Promote strong risk governance in a cloud-first, AI-driven environment. Conduct risk assessments for both existing and new AI use cases. Collaboration This role requires frequent interaction with both technical and business teams. The aim is to make sure risk management practices are practical and integrated into daily operations.

Role overview The Information Security Governance, Risk, and Compliance (GRC) Manager at AJ Bell will manage and strengthen the company’s information security policies. Based in either Manchester or London, this hybrid role centers on ensuring ongoing compliance with industry regulations and standards. Main responsibilities Develop and maintain the information security GRC framework. Assess risks across the business and implement mitigation strategies. Monitor and support adherence to industry standards and regulatory requirements. Lead internal audits and conduct compliance reviews. Report findings and progress to senior management. Work with teams throughout the organization to encourage security awareness and advance risk management initiatives. Work location This position is available in Manchester or London, with a hybrid working arrangement.

Join Sword Group, a premier provider of business technology solutions tailored for the Energy, Public, and Finance sectors. We are at the forefront of driving transformational change for our clients through the deployment of cutting-edge technology, skilled teams, and deep domain expertise. Our mission is to harness technology to address business challenges, ensuring our clients meet their objectives.About the Role:The Governance Risk & Compliance Manager position is a key operational role that requires a proactive individual to autonomously manage regulatory compliance, implement robust risk management strategies, and foster a culture of compliance through ongoing improvements.Key Responsibilities:Establish and sustain Governance, Risk & Compliance (GRC) frameworks that align with ISO 27001, NIST, GDPR, and NIS2 standards.Conduct comprehensive risk assessments across various business units, vendors, and projects.Stay abreast of regulatory changes to ensure compliance with legal and contractual obligations.Support business continuity and disaster recovery planning and testing initiatives.Oversee internal audits, compliance reporting, and remediation activities.Coordinate GDPR compliance and data protection processes throughout the organization.Enhance security culture by promoting awareness and providing training.Collaborate with stakeholders to identify and rectify control deficiencies.

We are seeking a dedicated and detail-oriented Security and Compliance Manager to join our team at Sierra in London. In this pivotal role, you will be responsible for overseeing and enhancing our security protocols and compliance initiatives to ensure the protection of our assets and adherence to regulatory standards. You will collaborate with various departments to implement best practices and foster a culture of security awareness throughout the organization.

Join Shawbrook Bank as an IT Risk and Controls Analyst, where you'll play a pivotal role in strengthening our information security framework. We are seeking a detail-oriented professional with a solid understanding of IT risk management and control processes. You will be responsible for identifying vulnerabilities, assessing risks, and ensuring compliance with regulatory standards. If you’re passionate about safeguarding digital assets and enhancing our security posture, we want to hear from you!

Join Smartdesc as an Information Security ConsultantLocation: Field-based, primarily in the London areaEmployment Type: Full-timeSalary: £70,000 - £80,000As an Information Security Consultant at Smartdesc, you will collaborate with the Information Security and technical delivery teams to implement robust security solutions for our clients.Your role will involve providing strategic guidance on Information Security, aiding clients in enhancing their security posture, and overseeing a variety of security projects. This includes assisting clients in implementing security controls, conducting assessments based on industry best practices, and delivering assessment reports to Senior Leadership Teams to bolster their security measures.The position encompasses a diverse array of responsibilities, from strategic governance and risk management to advising non-profit organizations on maximizing the value of Microsoft Business Premium, E3, and E5 security solutions. You should be comfortable presenting security information to varied audiences, from part-time volunteers to executive boards.This customer-facing role demands a meticulous eye for detail and a proven track record in delivering exemplary Information Security practices.Key ResponsibilitiesAssess and identify steps organizations must take to enhance their security posture, creating roadmaps for continuous improvement while maximizing existing Microsoft licensing.Align security practices with frameworks and standards such as Cyber Essentials, NCSC CAF, and ISO 27001.Own or oversee key Information Security processes and procedures.Manage the Smartdesc MDR management service.Implement and oversee Information Security Risk Management programs.Identify and manage remediation actions to mitigate risks.Develop and maintain Information Security Policies.Create and deliver general and role-specific Information Security Training and Awareness programs.Raise, investigate, and manage IT Security incidents, ensuring appropriate follow-up actions.Provide IT security support to various business functions, including digital teams, IT infrastructure, and IT Service Desk.Develop and oversee Information Security Internal Audit programs.Supervise ongoing security testing, reviews, and audits.

Join our dynamic team at bmlltech as a Senior Information Security Analyst specializing in ISMS Management. You will play a crucial role in safeguarding the integrity and confidentiality of our information assets. Your expertise will help us to establish, implement, and maintain an effective Information Security Management System (ISMS) that aligns with international standards.As part of your responsibilities, you will conduct risk assessments, develop security policies, and collaborate with cross-functional teams to ensure compliance with data protection regulations. You will also lead security awareness initiatives and provide guidance on best practices to enhance our security posture.

About the Position Join our dynamic Cybersecurity team at Jane Street as a Cybersecurity Governance and Risk Specialist, where you will play a pivotal role in enhancing and promoting our cybersecurity governance, risk management, and compliance (GRC) initiatives. In this impactful position, you will collaborate with cross-functional teams to implement significant improvements in cybersecurity governance and risk management, fostering a culture of collaboration, accountability, and continuous development. You will actively contribute to the formulation of our comprehensive cybersecurity strategy, ensuring its alignment with industry best practices and regulatory standards. Your key responsibilities will include: Developing, maintaining, and disseminating cybersecurity policies while assisting colleagues in understanding and applying these policies in their daily activities. Monitoring compliance with internal policies, documenting exceptions, and working with teams to explore alternative risk-reduction strategies when necessary. Tracking regulatory requirements, identifying changes that could affect the organization, and collaborating with relevant teams to ensure compliance. Conducting control assessments to identify gaps or weaknesses and collaborating with teams to implement improvements to mitigate risk exposure. Supporting the development and automation of metrics to facilitate informed decision-making. Performing third-party vendor assessments and collaborating with stakeholders to address risks, thereby contributing to the success of our vendor risk management program. Engaging in general activities of the Cybersecurity team to maintain strong connections within the group. About You You have relevant experience in a similar role and possess a solid understanding of industry standards and regulatory frameworks. You are familiar with auditing processes and have participated in both internal and external audits. Your collaborative and positive attitude underscores your belief that cybersecurity success hinges on teamwork and collective progress. You thrive in team environments, embracing mistakes as learning opportunities. You are an effective communicator, adept at delivering consistent messages while tailoring your communication to meet audience needs. You are a motivated self-starter capable of managing competing priorities effectively. You have a strong desire to enhance your technical knowledge in technology, cybersecurity, and associated risks. You are detail-oriented and highly organized. Fluency in English is required.

Location: London, England, United Kingdom About Moneyfarm Moneyfarm is a pan-European digital wealth manager, established in Milan in 2011 and now headquartered in London. Over 167,000 active investors have entrusted us with more than £5.5 billion. Our goal is to make personal investing simpler and more accessible through technology. Today, more than 220 professionals work across our offices in Italy and the UK, supported by partners including Poste Italiane, Cabot Square Capital, United Ventures, and Allianz. Our Values Relationships as our Greatest Asset: Trust, honesty, and transparency guide our work and how we build connections. Trust Fuels Success: Team members are empowered to make a difference and drive change. Shared Aspirations: We encourage ambition and focus on achieving the best results for clients and ourselves. Diversity and varied perspectives help us innovate and make better decisions. Flexible work arrangements support our team's success. Role Overview The Controls & Compliance Testing Analyst will strengthen Moneyfarm's Risk & Compliance function in both Italy and the UK. The analyst will enhance the risk framework, carry out compliance monitoring, test key controls, manage incidents, and look for ways to automate testing and reporting. This role suits someone analytical and curious, with an interest in improving processes within a digital wealth management setting. Fluency in both Italian and English is required.

Join our dynamic team at Maven Securities Holding Ltd as a Compliance Analyst. In this pivotal role, you will ensure that our operations adhere to regulatory standards and internal policies. You will be responsible for conducting compliance audits, preparing reports, and collaborating with various departments to mitigate risks and enhance compliance protocols.

Primary Objective of the RoleThe Compliance & Risk Manager plays a vital role in supporting the Director responsible for Legal Risk & Compliance, enhancing CIFF’s commitment to a culture of compliance and effective risk management. This position ensures that all operations adhere to relevant legal, ethical, and regulatory standards while managing risk across the organization.This role emphasizes:1. Implementing CIFF’s compliance framework globally, focusing on areas such as anti-fraud, corruption, data protection, conflicts of interest, and modern slavery, with backing from local legal advisors.2. Assisting in the development and management of CIFF’s organizational risk management framework, ensuring that potential risks are identified, evaluated, and mitigated effectively.3. Evaluating compliance risks and addressing issues within CIFF’s programs, while also supporting the Director overseeing Safeguarding with compliance-related aspects.Key ResponsibilitiesCompliance Oversight and SupportLead the implementation and ongoing enhancement of CIFF’s compliance framework, policies, and procedures.Provide daily guidance to programme, operations, and country teams to uphold CIFF’s standards and regulatory obligations.Collaborate with the CIFF Legal Team and external lawyers to identify and navigate compliance matters in various jurisdictions.Partner with Directors managing Legal Risk & Compliance and Safeguarding to articulate CIFF’s compliance approach across its global operations.Support the management of compliance-related incidents within CIFF programs and advise on compliance obligations associated with these incidents.Ensure regular compliance and risk reports are prepared for the Executive Team and Board.Champion compliance awareness within CIFF through effective communication, guidance, and training.Identify and implement technology solutions to monitor and manage regulatory updates across key jurisdictions.Risk Management and GovernanceCollaboratively maintain CIFF’s organizational risk framework with the Director, Legal Risk & Compliance.Monitor and update risk mitigation strategies, escalating significant risks to the Director and Executive Team as necessary.Support the integration of compliance and risk management practices across all levels of the organization.

Kroo Bank is redefining banking by creating a customer-centric experience that prioritizes responsible financial management and leverages technology to simplify, democratize, and enhance transparency in everyday banking. As a fully regulated UK bank, we are supported by dedicated investors and are on a mission to grow our customer base while pursuing ambitious goals. Our commitment to excellence is evident in our fast-paced operations, thoughtful decision-making, and adherence to the highest standards of service, product development, risk management, and employee care.Job Overview:We are seeking a dynamic Head of Information Security (HoIS) to lead our IT security strategy and safeguard the organization against security threats targeting our digital assets. In this role, you will direct the security strategy, oversee operations, and drive product development to protect our enterprise information. Your responsibilities will include fostering security awareness, managing security operations, and ensuring robust policies and procedures are in place.Key Responsibilities:Oversee the daily operations and execution of the information security strategy.Design and maintain a proactive security roadmap encompassing cloud, mobile, AI, and software platforms.Work collaboratively with technology leaders to implement innovative security technologies and next-generation solutions.Guarantee secure configurations and ensure continuous compliance across IaaS, PaaS, and SaaS environments.Conduct ongoing assessments of existing security practices and systems, identifying and addressing areas for enhancement.Perform security audits and risk assessments, providing recommendations to mitigate threats and vulnerabilities.Manage the Information Security Management System (ISMS) and uphold ISO 27001 certification.Ensure adherence to relevant compliance and governance standards.Collaborate with operational teams to develop, implement, and test business continuity plans for security breaches and disaster recovery scenarios.Safeguard the organization's intellectual property consistently.Monitor security vulnerabilities and potential hacking threats across network and host systems.Lead security operations, including Managed SOC, threat intelligence, detection, and response capabilities.Establish KPIs and KRIs to measure security maturity and provide consistent security reporting to Executive and Board stakeholders.Manage and nurture the information security team.Promote and educate the organization on the latest security strategies and technologies.Oversee the IT security budget and communicate effectively with stakeholders.

AJ Bell seeks an Information Security Architect to safeguard digital assets and advance security practices. This hybrid role is available in either Manchester or London. Key responsibilities Design and implement security frameworks that protect company systems and sensitive data. Identify vulnerabilities across digital platforms, providing recommendations to address risks. Ensure security measures align with industry standards and compliance requirements. Collaborate with teams throughout the business to shape security strategies that support organizational objectives. Location This position offers a hybrid work model, with the option to be based in Manchester or London.

Pension Insurance Corporation (PIC) secures retirement incomes by practicing careful risk management and maintaining strong asset-liability strategies. The company serves both current and future policyholders, with a culture shaped by resilience, adaptability, and loyalty. Role overview The Risk and Compliance Coordinator works within the Chief Risk Officer’s Office, reporting to the Executive Assistant to the CRO. This position is central to the Risk and Compliance function, handling queries from both inside and outside the organization. The Coordinator plays a key part in compliance and financial crime projects, ongoing compliance monitoring, and the daily management of essential compliance systems such as PolicyHub and the Personal Account Dealing Register. Work in this role directly supports PIC’s risk management and regulatory compliance objectives. Main responsibilities Administrative support Coordinate diary management for the Risk Senior Leadership Team, including scheduling meetings, arranging venues, and working with internal teams for guest access. Prepare meeting agendas, take minutes, and monitor follow-up actions for meetings within the Risk function or CRO office. Handle confidential information with discretion and professionalism. Arrange travel, process expense claims, and manage purchase orders as the Departmental PO champion. Stakeholder communication and coordination Act as the main contact for stakeholders engaging with the Risk and Compliance function. Draft and distribute team communications, announcements, and updates. Facilitate meetings, workshops, and leadership sessions across different functions. Organize team events, offsites, and training sessions, managing logistics from planning through execution. Identify and support process improvements to enhance team efficiency. Work closely with the Executive Assistant to the CRO, providing cover when needed. Compliance and policy support Assist the Compliance team with ongoing monitoring and assessments, particularly regarding Financial Crime controls. Oversee compliance systems, including PolicyHub and the Personal Account Dealing Register. Administer the Policy Framework and help maintain the internal policy management system.

frpadvisory is hiring a Manager or Senior Manager to lead its Governance team in London. This position oversees governance frameworks and ensures the organization meets regulatory requirements. The role also supports strategic initiatives that strengthen integrity and operational effectiveness. Role overview The Manager/Senior Manager will guide the development and maintenance of governance processes. Working closely with teams across the business, this leader will provide advice on best practices and help drive improvements in how governance is managed. Key responsibilities Oversee and refine governance frameworks Monitor compliance with relevant regulations Lead strategic projects to enhance governance standards Collaborate with other departments to support organizational goals Advise on governance best practices and process improvements Requirements Experience in governance or a related field Strong leadership and communication skills Ability to work with cross-functional teams Proactive approach to continuous improvement

Control Risks is seeking an experienced Senior Regional Security Manager to spearhead security initiatives for a prominent multinational consumer goods organization across the Europe, Middle East, and Africa (EMEA) region. This pivotal role will align security strategies with corporate objectives and operational priorities, ensuring effective communication with regional business leaders and compliance with global security programs tailored to local needs.The successful candidate will be based in the client’s London office, with access to Control Risks offices as necessary.Key Responsibilities:Conduct thorough risk and threat assessments to create comprehensive Site Security Plans, enhancing our security posture to safeguard personnel, facilities, and business interests in collaboration with business leaders and external partners.Design and execute robust security strategies that effectively mitigate risks while aligning with business goals and industry best practices.Perform regular security audits to ensure program integrity and adherence to security standards.Lead security investigations involving internal and external resources, support compliance inquiries, and oversee the Threat Management Team's efforts in addressing workplace violence threats and incidents.Manage the implementation of security standards, optimizing resource allocation and promoting cost-effective solutions.Guide the activities of Security Champions and Security Suppliers to ensure comprehensive security coverage across all regional facilities, enforce compliance with the Security Guard Force Standard, and collaborate with Mill Managers and Business Segment Leaders to develop improvement strategies.Oversee Executive Protection functions, including the physical security of the CEO’s office and residences, security awareness training, and security arrangements for Board of Director/Special meetings.Work alongside the Program Owner, Leadership Team, and key stakeholders to drive enhancements in the Physical Security Program, including systems, security guard force, and Global Security Operations Center.Stay abreast of cutting-edge trends and technologies in security management relevant to the industry and region.Build and maintain strong relationships with senior law enforcement, intelligence, and private sector counterparts.Provide briefings to senior executives on security incidents and participate in business segment committees and working groups.

AJ Bell seeks a Senior Information Security Engineer to strengthen the protection of company information systems and support compliance initiatives. The position is offered as a hybrid role, with the option to work from either the Manchester or London office and some flexibility for remote work. Key responsibilities Identify and assess security vulnerabilities within company systems Implement and maintain security controls to protect data and infrastructure Collaborate with teams across the business to promote effective security practices Assist in maintaining compliance with relevant regulations and internal policies Location This role is based in Manchester or London with a hybrid work arrangement, allowing for both office presence and remote work.