Security Governance Risk & Compliance Analyst – Yorkshire Water
Location: Buttershaw / Hybrid Working (1-2 days in the office a week in Bradford)
Work type: 12-month fixed term contract. 37 hours per week, Monday to Friday.
We have an exciting opportunity for a Security Governance Risk & Compliance Analyst to join the IT team at Yorkshire Water and be a part of helping Yorkshire Water to provide the best service to our customers.
Overview
Join our Technology & Security team as a Security Governance, Risk & Compliance (GRC) Analyst. You’ll help shape and maintain Yorkshire Water's security policies and standards, ensuring alignment with industry best practices. In this role, you’ll support risk assessments, audits, and compliance reviews, while advising teams across the business on security for systems, networks, and suppliers. You’ll play a key part in protecting our organisation through strong governance and proactive risk management.
Responsibilities
* Support junior and apprentice analysts within the GRC team
* Promote the value of risk, regulation, and compliance at senior levels
* Drive adoption of security best practices and culture across the organisation
* Stay current with GRC trends, standards, and best practices
* Assist in managing the Security GRC Framework
* Collaborate with stakeholders, auditors, and vendors
* Support compliance activities (CAF, SEMD, PCI DSS, ISO27001)
* Monitor and report on security compliance and incidents
* Conduct controls testing and coordinate audit findings
* Advise on compliance matters and manage policy exemptions
* Liaise with Data Protection team on GDPR breaches
* Conduct risk assessments and maintain risk registers
* Provide risk advice and support proportionate decision-making
* Integrate risk management into business processes
* Develop and maintain security policies, standards, and procedures
* Test and assure policy compliance
* Support investigations and coordinate stakeholder engagement
* Ensure legal and data privacy compliance during incidents
* Engage with government agencies and industry bodies
* Participate in forums (e.g. DWI, NCSC, Local Resilience Forums)
* Contribute to GRC metrics, KPIs, KRIs, and reporting
* Align work with business priorities and challenge inefficiencies
* Take ownership of customer issues and act on feedback
* Make informed decisions through collaboration and analysis
* Focus on key priorities and drive continuous improvement
* Build strong working relationships and support team goals
* Show resilience, adaptability, and a proactive mindset
* Communicate clearly and influence positively
What Skills & Qualifications You Will Need
* Track record of delivering successful IS initiatives
* Knowledge of Cyber Kill Chain, MITRE ATT&CK/DEFEND, and other security frameworks
* Solid understanding of cyber security, including Cyber Essentials and social engineering
* Awareness of current IS technologies, threats, and vulnerabilities
* Familiarity with ISO 27001, PCI DSS, and ITIL frameworks
* Hands-on experience with risk management tools and processes
* Skilled at translating business needs into security solutions
* Experience developing and maintaining IS policies and standards
* Eligible for UK Government Security Clearance
* Proven ability to lead people, processes, and technology effectively
* Strong influencing and negotiation skills; able to motivate others
* Experience driving cultural and behavioural change
You Will Also Benefit From Having
* Recognised IS qualification (e.g. CISSP, CISM) or relevant degree/experience in Information Security
* Experience in operational or strategic leadership within commercial or regulated environments
* Skilled in managing information security incidents and investigations
* Good understanding of GDPR and data protection principles
* Experience working with legal, audit, and compliance teams
* Hands-on experience conducting IS compliance reviews and audits
* Strong negotiation and third-party management skills
Benefits
* Competitive salary, depending on experience (£36,538 - 45,673)
* Annual incentive related bonus (£1000 maximum)
* Attractive pension scheme (up to 12% company contribution)
* Development opportunities in line with the Security GRC progression plan
* 25 days annual leave plus bank holidays plus an extra wellness day
* Life assurance cover of 4 times pensionable salary
* Health and other benefits (health cash plan, critical illness, dental, life assurance, partner cover)
* Retail savings scheme, Online GP service, cycle to work, gym discounts, and more
Additional Information
We are committed to accessibility in our recruitment process and offer adjustments as needed. Closing Date: 15th September 2025.
Do we sound like your cup of tea? If you have experience in Security Governance and want to help us deliver great service for our customers whilst looking after the environment, apply today to find out what a career with Yorkshire Water can offer you.
Pre-employment checks may include a Basic Disclosure Check. Depending on the role, security vetting (Counter Terrorist Check or Security Check) may be required. All roles are subject to a medical questionnaire and additional medicals when required.
Kelda Group reserve the right to close this position before the published closing date. No agencies, please.
#J-18808-Ljbffr