Governance, Risk & Compliance Officer
Location: Glasgow (Hybrid)
Contract: 6-month fixed term contract with the potential for longer term opportunities
Salary: up to £40,000 per annum (pro rata)
About the Role
We're looking for a motivated and curious Governance, Risk & Compliance Officer to join our small, high-impact Group GRC team. If you enjoy variety, problem solving, and working across information security, data protection, governance, and risk, this role offers the ideal blend.
This is not a narrow technical role. You'll contribute to everything from ISO 27001 audits to privacy support, risk registers to business continuity testing. Working closely with colleagues across Avidity Group and its subsidiary businesses, you'll help teams make informed decisions and operate safely — without slowing the business down.
If you enjoy learning, collaborating, and making a meaningful difference, you'll feel at home here.
What You'll Be Doing:
Information Security (Primary Focus)
Plan and deliver ISO 27001 internal audits and follow up corrective actions.
Support ISO 27001 surveillance and recertification activities.
Maintain and enhance the Information Security Management System (ISMS).
Conduct due diligence and risk assessments for suppliers, projects, applications, and systems.
Maintain security risk registers and reporting dashboards.
Contribute to policy updates and development (e.g., AI, remote working, BYOD).
Support Business Continuity and Disaster Recovery (BC/DR) processes and testing.
Help design and deliver security and privacy training.
Support security incident investigations and root cause analysis.
Act as a point of contact for security queries.
Manage service desk tickets relating to security governance and compliance.
Data Protection (Secondary – Development Opportunity)
Support low-to-medium severity data breach investigations.
Assist with Subject Access Requests and other rights-based enquiries.
Maintain privacy documentation (DPIAs, ROPAs, logs, evidence).
Support privacy communications and awareness initiatives.
Corporate Governance, Risk & Compliance
Support internal audits across Group functions and operating companies.
Maintain Group risk registers and contribute to risk analysis and control improvements.
Assist with policies, procedures, and governance frameworks.
Support BC/DR testing.
Help deliver GRC initiatives across multiple businesses in a pragmatic, supportive way.
What We're Looking For:
Essential Skills & Experience
Strong working knowledge of ISO 27001 and core security controls.
Experience planning and delivering internal audits.
Experience supporting security incidents and/or breach investigations.
Excellent written and verbal communication skills — able to simplify complex topics.
Strong analytical skills and attention to detail.
Confident using Excel (pivot tables, lookups, dashboards) and PowerPoint (executive-ready slides).
Ability to manage competing priorities and meet deadlines.
Desirable
Experience across wider GRC activities.
Experience supporting UK GDPR compliance.
Interest in Health & Safety governance or operational risk.
Experience delivering training to mixed audiences.
Familiarity with Visio, MS Project, MS Forms, SharePoint, Copilot, or wider M365 governance.
ISO 27001 auditor or related qualifications (e.g., Security+, CISM, CRISC, CIPP/E).
The Mindset That Makes You Successful Here:
We're looking for someone who is:
Curious and eager to grow across the GRC landscape.
Proactive and self-directed.
Trustworthy with sound judgement and discretion.
Solutions-focused — asking "How can we do this safely?" rather than "You can't do that."
Adaptable and willing to take ownership.
Comfortable building positive relationships across teams and levels.
Working Pattern & Environment
Hybrid working with 1–2 days per week in our Glasgow office, depending on business needs.
Some periods (e.g., audits or incidents) may require additional on-site presence.
Living within a reasonable commuting distance is desirable.
Evening or weekend work is rare and only required in exceptional circumstances.
You'll work in a small, agile GRC function where your contribution has visible impact.
Why Join Us?
Develop across information security, data protection, governance, and risk.
Gain hands-on experience with ISO 27001, internal audit, BC/DR, privacy, and GRC frameworks.
Play a key role in shaping GRC maturity across the Group.
Be supported by the Group Risk Manager / DPO with coaching and development opportunities.
Work on meaningful projects that improve how the business operates.
Benefits:
25 days holiday + flexible public holidays (increases with service)
Company pension scheme (3% employer contribution)
Life assurance (3x annual salary)
Discounted private healthcare & Health Cash Plan
Annual Leave Purchase Scheme (up to 5 days)
Employee Assistance Programme (24/7 wellbeing support)
Family-friendly policies (enhanced maternity & paternity leave)
Employee benefits & discounts portal
If this role sounds like the right next step for you, we'd love to hear from you.