Title: Cyber Risk & Compliance Officer
Up to £50,000 + bonus & excellent benefits
Hybrid – 3 days a week in Coventry (Water & Utilities – Critical National Infrastructure)
The opportunity
I’m partnering with a leading UK water and utilities provider to hire a Cyber Risk & Compliance Officer to help protect critical national infrastructure used by millions of customers every day.
You’ll join a well-established Information Security function and take a key role in shaping the risk and compliance strategy, leading internal assurance activity and supporting a small team as the senior subject-matter expert.
If you’re looking for a role with real-world impact, visibility with senior leaders and a clear progression path, this is a great move.
What you’ll be doing
Working closely with the Information Security Risk & Compliance Manager, you will:
* Develop and manage the information security risk and compliance framework, aligned to legal, regulatory and corporate policy requirements
* Build and maintain risk and compliance metrics & MI, reporting into senior governance forums and the (D)CISO
* Lead and support security risk assessments across key services and processes, including third-party providers
* Plan and run internal information security audits and technical control assessments against frameworks such as NIST and CIS
* Ensure ongoing compliance for NIS-R and PCI DSS, including assurance planning and liaison with QSAs and regulators
* Review and maintain a suite of security policies and standards, embedding best practice across the organisation
* Design and deliver engaging security awareness and education across the business
* Act as the senior in a small team of Analysts/Associates, providing coaching, guidance and feedback day to day
* Engage regularly with senior internal and external stakeholders on information security risk and compliance matters
What you’ll bring
We’re keen to speak to people who can demonstrate:
* 3+ years’ experience in cyber / information security, ideally in a GRC / risk / compliance / assurance role
* Strong background in managing control frameworks within a regulated environment (e.g. utilities, energy, FS, telco, public sector)
* Practical experience of planning, implementing and managing security standards and policies
* Experience working with GDPR and NIS / NISR, and data protection standards such as PCI DSS
* Experience carrying out technical internal and external security audits / assessments, aligned to frameworks such as NIST and CIS Controls
* Good understanding of information security risk management, risk assessment and risk treatment
* Confident communicator, able to influence senior stakeholders and present complex information clearly
* Some leadership or mentoring experience – formally managing people or being the “go-to” senior specialist in a team
* A self-development mindset – you stay current on cyber trends and best practice and enjoy continuous learning
Industry certifications (CISM, CRISC, CISSP, BCS, PCI ISA etc.) and eligibility for SC clearance are highly desirable but not essential.
Salary, location & working pattern
* Salary: Up to £50,000 basic, plus annual bonus
* Location: Coventry – modern head office
* Hybrid: 3 days a week in the Coventry office, 2 from home
* Contract: Permanent, full-time
Benefits
Alongside a competitive salary this role comes with a strong benefits package, including:
* 28 days’ holiday + bank holidays, with the ability to buy/sell up to 5 days per year
* Annual bonus scheme (up to c. £2,250, based on company performance)
* Leading pension scheme – double-matched contributions up to c. 15% when you pay in 7.5%
* Sharesave scheme – opportunity to buy company shares at a discounted rate
* Dedicated training and development via a structured internal “Academy”
* Discounts and schemes including electric vehicle scheme, retail offers and nursery discount
* Family-friendly policies and two paid volunteering days per year
If you’d like to play a visible role in protecting critical national infrastructure, while growing your career in a supportive and people-focused environment, I’d love to hear from you.
Click Apply or reach out to Matthew.Lannen@infosecpeople.co.uk to arrange a confidential chat.