Risk Compliance Officer

Risk Compliance Officer Get AI-powered advice on this job and more exclusive features. This range is provided by Gattaca. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more. Base pay range Direct message the job poster from Gattaca Up to £50,000 + bonus & excellent benefits Location Hybrid – 3 days a week in Coventry (Water & Utilities – Critical National Infrastructure) The opportunity I’m partnering with a leading UK water and utilities provider to hire a Cyber Risk & Compliance Officer to help protect critical national infrastructure used by millions of customers every day. You’ll join a well-established Information Security function and take a key role in shaping the risk and compliance strategy, leading internal assurance activity and supporting a small team as the senior subject‑matter expert. If you’re looking for a role with real‑world impact, visibility with senior leaders and a clear progression path, this is a great move. What you’ll be doing Working closely with the Information Security Risk & Compliance Manager, you will: Develop and manage the information security risk and compliance framework, aligned to legal, regulatory and corporate policy requirements Build and maintain risk and compliance metrics & MI, reporting into senior governance forums and the (D)CISO Lead and support security risk assessments across key services and processes, including third‑party providers Plan and run internal information security audits and technical control assessments against frameworks such as NIST and CIS Ensure ongoing compliance for NIS‑R and PCI DSS, including assurance planning and liaison with QSAs and regulators Review and maintain a suite of security policies and standards, embedding best practice across the organisation\Design and deliver engaging security awareness and education across the business Act as the senior a small team of Analysts/Associates, providing coaching, guidance and feedback day to day Engage regularly with senior internal and external stakeholders on information security risk and compliance matters What you’ll bring We’re keen to speak to people who can demonstrate: 3+ years’ experience in cyber / information security, ideally in a GRC / risk / compliance / assurance role Strong background in managing control frameworks within a regulated environment (e.g. utilities, energy, FS, telco, public sector) Practical experience of planning, implementing and managing security standards and policies Experience working with GDPR and NIS / NISR, and data protection standards such as PCI DSS Experience carrying out technical internal and external security audits / assessments, aligned to frameworks such as NIST and CIS Controls Good understanding of information security risk management, risk assessment and risk treatment Confident communicator, able to influence senior stakeholders and present complex information clearly Some leadership or mentoring experience – formally managing people or being the “go‑to” senior specialist in a team A self‑development mindset – you stay current on cyber trends and best practice and enjoy continuous learning Industry certifications (CISM, CRISC, CISSP, BCS, PCI ISA etc.) and eligibility for clearance are highly desirable but not essential. Salary, location & working pattern Salary: Up to £50,000 basic, plus annual bonus Location: Coventry – modern head office Hybrid: 3 days a week in the Coventry office, 2 from home Contract: Permanent, full‑time Benefits >28 days’ holiday + bank holidays, with the ability to buy/sell up to 5 days per year Annual bonus scheme (up to c. £2,250, based on company performance) Leading pension scheme – double‑matched contributions up to c. 15% when you pay in 7.5% Sharesave scheme – opportunity to buy company shares at a discounted rate Dedicated training and development via a structured internal “Academy” Discounts and schemes including electric vehicle scheme, retail offers and nursery discount Family‑friendly policies and two paid volunteering days per year If you’d like to play a visible role in protecting critical national infrastructure, while growing your career in a supportive and people‑focused environment, I’d love to hear from you. Click Apply or reach out to Matthew.Lannen@infosecpeople.co.uk to arrange a confidential chat.Seniority level Mid‑Senior level Employment type Full‑time Job function Information Technology Industries Utilities and Utilities Administration #J-18808-Ljbffr