Job Specifications
Title: Cyber Risk & Compliance Officer
Up to £50,000 + bonus & excellent benefits
Hybrid – 3 days a week in Coventry (Water & Utilities – Critical National Infrastructure)
The opportunity
I’m partnering with a leading UK water and utilities provider to hire a Cyber Risk & Compliance Officer to help protect critical national infrastructure used by millions of customers every day.
You’ll join a well-established Information Security function and take a key role in shaping the risk and compliance strategy, leading internal assurance activity and supporting a small team as the senior subject-matter expert.
If you’re looking for a role with real-world impact, visibility with senior leaders and a clear progression path, this is a great move.
What you’ll be doing
Working closely with the Information Security Risk & Compliance Manager, you will:
Develop and manage the information security risk and compliance framework, aligned to legal, regulatory and corporate policy requirements
Build and maintain risk and compliance metrics & MI, reporting into senior governance forums and the (D)CISO
Lead and support security risk assessments across key services and processes, including third-party providers
Plan and run internal information security audits and technical control assessments against frameworks such as NIST and CIS
Ensure ongoing compliance for NIS-R and PCI DSS, including assurance planning and liaison with QSAs and regulators
Review and maintain a suite of security policies and standards, embedding best practice across the organisation
Design and deliver engaging security awareness and education across the business
Act as the senior in a small team of Analysts/Associates, providing coaching, guidance and feedback day to day
Engage regularly with senior internal and external stakeholders on information security risk and compliance matters
What you’ll bring
We’re keen to speak to people who can demonstrate:
3+ years’ experience in cyber / information security, ideally in a GRC / risk / compliance / assurance role
Strong background in managing control frameworks within a regulated environment (e.g. utilities, energy, FS, telco, public sector)
Practical experience of planning, implementing and managing security standards and policies
Experience working with GDPR and NIS / NISR, and data protection standards such as PCI DSS
Experience carrying out technical internal and external security audits / assessments, aligned to frameworks such as NIST and CIS Controls
Good understanding of information security risk management, risk assessment and risk treatment
Confident communicator, able to influence senior stakeholders and present complex information clearly
Some leadership or mentoring experience – formally managing people or being the “go-to” senior specialist in a team
A self-development mindset – you stay current on cyber trends and best practice and enjoy continuous learning
Industry certifications (CISM, CRISC, CISSP, BCS, PCI ISA etc.) and eligibility for SC clearance are highly desirable but not essential.
Salary, location & working pattern
Salary: Up to £50,000 basic, plus annual bonus
Location: Coventry – modern head office
Hybrid: 3 days a week in the Coventry office, 2 from home
Contract: Permanent, full-time
Benefits
Alongside a competitive salary this role comes with a strong benefits package, including:
28 days’ holiday + bank holidays, with the ability to buy/sell up to 5 days per year
Annual bonus scheme (up to c. £2,250, based on company performance)
Leading pension scheme – double-matched contributions up to c. 15% when you pay in 7.5%
Sharesave scheme – opportunity to buy company shares at a discounted rate
Dedicated training and development via a structured internal “Academy”
Discounts and schemes including electric vehicle scheme, retail offers and nursery discount
Family-friendly policies and two paid volunteering days per year
If you’d like to play a visible role in protecting critical national infrastructure, while growing your career in a supportive and people-focused environment, I’d love to hear from you.
Click Apply or reach out to Matthew.Lannen@infosecpeople.co.uk to arrange a confidential chat.
About the Company
InfoSec People is a specialist IT and Information Security recruitment business. We are committed to providing best-practice recruitment solutions, upholding the highest levels of service and delivery for our clients and candidates alike.
InfoSec People provide Permanent, Contract and Executive Search recruitment solutions in the Information Security sector, working closely with our clients to find the right career move or the best talent in the industry to drive business forward.
Our capability to supply includes:
- Techn...
Know more