Director of Security and Compliance safeguarding digital assets and data with a focus on cybersecurity and compliance. Leading risk management, stakeholder engagement, and team leadership initiatives.
About the role
- GRC Analyst enhancing governance, risk, and compliance practices within Sword, focusing on cybersecurity standards and configuration management.
Responsibilities
- Develop and document a Configuration Management Plan aligned to recognised standards such as NIST.
- Define and document roles and responsibilities across the 2nd Line of Defence, ensuring clarity and accountability.
- Support the rollout of configuration management processes, including communication, stakeholder engagement, and adoption.
- Document secure configuration policy principles, translating technical requirements into clear, accessible guidance.
- Review, refine, and communicate security policies to ensure alignment with organisational and regulatory expectations.
- Gather and interpret configuration compliance reports from monitoring tools to support governance activities.
- Enhance change management processes, including contributing to Change Advisory Board (CAB) inputs.
- Work closely with business change and communications teams to embed new processes effectively.
- Simplify complex security concepts into practical guidance for non-technical stakeholders.
- Maintain clear, structured documentation that supports ongoing governance and audit requirements.
Requirements
- Experience working with cyber security standards such as ISO 27001 or NIST frameworks (e.g. NIST 800-53).
- Understanding of secure configuration principles and cyber security policy development.
- Experience writing policies, procedures, or governance documentation within a security context.
- Strong documentation skills, with the ability to produce clear, structured, and usable outputs.
- Ability to understand and map process flows, including defining roles and responsibilities (e.g. RACI models).
- Strong communication skills, with the ability to translate technical concepts into business-friendly language.
- Experience collaborating with cross-functional teams, including security, change, and communications.
- Experience developing or implementing a Configuration Management Plan.
- Exposure to governance within large-scale transformation or regulated environments.
- Familiarity with compliance reporting and monitoring tools.
- Experience supporting change management processes or governance forums such as CAB.
Benefits
- Personalised Career Development: We create a development plan customised to your goals and aspirations, with a range of learning and development opportunities within a culture that encourages growth.
- Flexible working: Flexible work arrangements to support your work-life balance. We can’t promise to always be able to meet every request, however, are keen to discuss your individual preferences to make it work where we can.
- A Fantastic Benefits Package: This includes generous annual leave allowance, enhanced family friendly benefits, pension scheme, access to private health, well-being, and insurance schemes.
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
No Education Requirement
Tech skills
Location requirements
Information Security Risk & Compliance Analyst supporting the maintenance of ISO 27001 standards. Contributing to risk assessments and compliance across AAB’s Business Protection Team.
Information Security Risk & Compliance Analyst at AAB managing compliance with ISO 27001, supporting enterprise risk assessments and enhancing information security systems.
Information Security Risk & Compliance Analyst at AAB focusing on ISO 27001 compliance and information security management. Collaborating across teams to ensure robust risk and compliance frameworks.
Security Principal at Optiv designing AI security solutions for clients, leveraging advanced security services and technologies. Driving pipeline generation and maintaining strong client relationships as a trusted advisor.
Cloud Security Architect supporting federal customer projects focused on architecture and security solutions. Conducting risk assessments and defining security requirements within a cloud environment.
Information Security Specialist responsible for enhancing cybersecurity posture through incident management and compliance. Collaborating with cross - functional teams to monitor threats and implement security measures.
Senior Lead Info Security Architect leading and collaborating on cybersecurity solutions at TIAA. Responsible for secure design and implementation of cloud security strategies and practices.
Part Time Security Officer providing protection for Collector's personnel and assets at trade shows across North America while reporting to Security Shows & Transportation Manager.
Enterprise Security Architect at PBCN GmbH designing and implementing security architectures. Collaborating with teams to ensure application security and conducting risk assessments.