Cyber Security Governance, Risk & Compliance Analyst (12‑Month Contract) (Outside IR35)
Hybrid – London (1-2 trips per week max)
We are seeking an experienced Cyber Security Governance, Risk & Compliance Analyst to join a major Operator of Essential Services (OES) on an initial 12‑month contract. This role plays a key part in strengthening cyber resilience, supporting regulatory compliance activities, and ensuring alignment with the UK’s evolving cyber security standards.
About the Role
You will support a portfolio of cyber resilience and regulatory initiatives, focusing on:
* Coordinating and delivering the Annual NIS Self‑Assessment and Improvement Report
* Ensuring compliance with NIS Regulations, Ofgem expectations, and the Enhanced Cyber Assessment Framework (ECAF)
* Enhancing and maturing the organisation’s Incident Response Framework
* Designing and delivering scenario‑based incident response exercises for senior leadership
* Conducting comprehensive reviews of the Cyber Risk Register
* Supporting assurance activities across NIS, Ofgem, EU and UK regulatory requirements, and the Cyber Security Resilience Bill
* Contributing to planning, coordination, and reporting across the Cyber Security Roadmap
* Providing project and programme management support, including supplier management, RAID tracking and delivery governance
* Supporting ongoing maintenance of the ISMS, including policies, procedures, governance, and assurance tasks
About You
We are looking for someone who has:
* Strong experience delivering or supporting cyber security programmes, ideally in a regulated sector
* Knowledge of NIS Regulations, CAF, and Ofgem cyber security expectations
* Experience delivering incident response exercises and associated documentation
* A solid understanding of cyber risk management and threat assessment
* Strong communication and stakeholder engagement skills
* The ability to manage multiple workstreams concurrently
* Experience with UK/EU ISMS frameworks (ISO 27001 or similar) is highly beneficial
* A background in sectors such as utilities, energy, transport, or other regulated environments is advantageous
Working Pattern
* Hybrid role based in London (1/2 trips per week)
* Occasional travel expected (Belgium and Norfolk)
Why This Contract
This is an opportunity to have a direct impact on strengthening cyber security resilience within an essential services environment. You will play a central role in regulatory compliance, organisational readiness, and the uplift of key governance and risk processes.
If you have strong GRC experience in regulated environments and are looking for a contract where you can make a tangible impact, we would welcome your application.