Back to search
IT Risk & Compliance Manager
- Location: Newport / hybrid working
- Job Type: Full-time
- Salary: £60,208
We are seeking an IT Risk & Compliance Manager, reporting to the Head of Strategy & Architecture, this pivotal role ensures the security and compliance of information systems and applications. The successful candidate will develop, implement, and maintain IT policies and procedures, perform risk assessments, and enhance IT governance processes.
Day-to-day of the role:
- Identify and evaluate IT risks and impacts across various areas including data protection, project management, and network infrastructure.
- Own and manage the IT risk register, ensuring treatment plans are in place.
- Align with existing risk management frameworks, monitor key risk indicators, and ensure corrective action plans are in place to mitigate identified risks.
- Drive adherence to industry security standards and compliance with local, national, and global regulations.
- Conduct regular training and workshops for staff on information, operational, and technology risks.
- Act as the primary contact for the IT Annual Audit Plan, coordinating with IT Heads and Business Leaders to ensure efficient audit completion.
- Scope all IT Audits and assurance exercises, coordinate fieldwork, and track performance of departments in addressing audit findings.
Required Skills & Qualifications:
- Significant experience in technology risk management and security governance.
- Familiarity with industry security standards such as ISO27001/2, CIS Critical Controls, and NIST Cybersecurity Framework.
- Strong knowledge of privacy and data protection laws (GDPR, PCI-DSS).
- Proven ability to develop and implement IT policies, processes, and procedures.
- Excellent organizational, problem-solving, and interpersonal skills.
- Strong communication skills, capable of effectively driving IT risk mitigation initiatives.
- Degree in IT, Computer Science, Engineering, Information Security, or equivalent.
- Professional security management certification (e.g., CRISC, CISA, CISM, CISSP) is preferred.
