Overview
Join to apply for the Security Gov, Risk & Compliance Analyst role at Yorkshire Water.
Location: Buttershaw / Hybrid Working (1-2 days in the office a week – Bradford)
Work type: 12-month fixed term contract. 37 hours per week, Monday – Friday.
What we do
We provide essential water and wastewater services to every corner of the Yorkshire region, protecting the environment and the health and wellbeing of our communities. The IT function is a key part of how we plan to meet the changing expectations of customers and regulators.
Role and responsibilities
Join our Technology & Security team as a Security Governance, Risk & Compliance (GRC) Analyst. You’ll help shape and maintain Yorkshire Water’s security policies and standards, ensuring alignment with industry best practices.
In this role, you’ll support risk assessments, audits, and compliance reviews, while advising teams across the business on security for systems, networks, and suppliers. You’ll play a key part in protecting our organisation through strong governance and proactive risk management.
Where you fit in
As our Security Governance, Risk & Compliance Analyst you will:
* Support junior and apprentice analysts within the GRC team
* Promote the value of risk, regulation, and compliance at senior levels
* Drive adoption of security best practices and culture across the organisation
* Stay current with GRC trends, standards, and best practices
* Assist in managing the Security GRC Framework
* Collaborate with stakeholders, auditors, and vendors
* Support compliance activities (CAF, SEMD, PCI DSS, ISO27001)
* Monitor and report on security compliance and incidents
* Conduct controls testing and coordinate audit findings
* Advise on compliance matters and manage policy exemptions
* Liaise with Data Protection team on GDPR breaches
* Conduct risk assessments and maintain risk registers
* Provide risk advice and support proportionate decision-making
* Integrate risk management into business processes
* Develop and maintain security policies, standards, and procedures
* Test and assure policy compliance
* Support investigations and coordinate stakeholder engagement
* Ensure legal and data privacy compliance during incidents
* Engage with government agencies and industry bodies
* Participate in forums (e.g. DWI, NCSC, Local Resilience Forums)
* Contribute to GRC metrics, KPI s, KRIs, and reporting
* Align work with business priorities and challenge inefficiencies
* Take ownership of customer issues and act on feedback
* Make informed decisions through collaboration and analysis
* Focus on key priorities and drive continuous improvement
* Build strong working relationships and support team goals
* Show resilience, adaptability, and a proactive mindset
* Communicate clearly and influence positively
* Seek and act on feedback to improve performance
Skills and qualifications
* Track record of delivering successful IS initiatives
* Knowledge of Cyber Kill Chain, MITRE ATT&CK/DEFEND, and other security frameworks
* Solid understanding of cyber security, including Cyber Essentials and social engineering
* Awareness of current IS technologies, threats, and vulnerabilities
* Familiarity with ISO 27001, PCI DSS, and ITIL frameworks
* Hands-on experience with risk management tools and processes
* Skilled at translating business needs into security solutions
* Experience developing and maintaining IS policies and standards
* Eligible for UK Government Security Clearance
* Proven ability to lead people, processes, and technology effectively
* Strong influencing and negotiation skills; able to motivate others
* Experience driving cultural and behavioural change
Desirable qualifications
* Recognised IS qualification (e.g. CISSP, CISM) or relevant degree/experience in Information Security
* Experience in operational or strategic leadership within commercial or regulated environments
* Skilled in managing information security incidents and investigations
* Good understanding of GDPR and data protection principles
* Experience working with legal, audit, and compliance teams
* Hands-on experience conducting IS compliance reviews and audits
* Strong negotiation and third-party management skills
Benefits
* Competitive salary (£36,538 – 45,673 depending on experience)
* Annual incentive related bonus (£1000 maximum)
* Attractive pension scheme (up to 12% company contribution)
* Development opportunities in line with the progression plan
* 25 days annual leave plus bank holidays – plus a wellness day
* Life assurance cover of 4 times pensionable salary
* Health, dental, and other flexible benefits
* Retail savings scheme
* Online GP service, cycle to work, gym discounts and more
Application details
Closing Date - 15 September 2025
We are committed to removing barriers and ensuring our recruitment process is accessible to everyone. We offer adjustments to make your application experience as comfortable as possible. If you have accessibility needs, please include this information in your application.
No agencies please.
#J-18808-Ljbffr