York | Hybrid (2 days a week in the office)
£55,000
Let’s get something out of the way.
This isn’t a role about writing policies that nobody reads, or running audits for the sake of ticking boxes.
We’re looking for a Security Compliance Officer for one of our clients who understands that good compliance is really about good security - and that the best controls are the ones people actually follow.
You’ll be part of the Cyber Security Operations team, working closely with IT and the wider business to turn frameworks, regulations and policies into practical, everyday ways of working.
The Role (What This Job Is Really About)
Your job is to make sure their security obligations don’t live in spreadsheets and PDFs - they live in how they actually operate.
You’ll design and maintain security compliance processes, support risk management and audits, and act as the bridge between security, IT and business teams.
You’ll help people understand what’s required, why it matters, and how to do it properly.
What You’ll Be Doing:
Security governance & compliance
- Designing and maintaining security compliance processes across IT and the wider business.
- Aligning controls with recognised standards and frameworks (ISO 27001/27002, NIST, CIS, Cyber Essentials, GDPR, and others).
- Owning and maintaining security policies, standards, procedures and guidance.
- Monitoring compliance with internal policies and external regulatory requirements.
- Supporting information security risk assessments and risk treatment plans.
- Maintaining risk registers and tracking remediation activities.
- Helping define risk acceptance criteria and escalation paths.
- Planning and coordinating internal security audits and control reviews.
- Supporting external audits, certifications and customer assurance requests.
- Tracking audit findings and making sure they’re fixed - not forgotten.
- Producing evidence packs and clear compliance reporting for stakeholders.
You’ll need:
- Experience in a security compliance, GRC or information security governance role.
- A strong understanding of security standards and regulatory frameworks.
- Experience designing and implementing security policies and compliance processes.
- Familiarity with audits, evidence collection and assurance activities.
- The ability to translate regulations into controls that actually work.
- Strong documentation skills and the confidence to engage stakeholders.
- A high level of attention to detail and organisation.
- Experience working alongside Security Operations or IT Operations teams.
- Knowledge of cloud security compliance (Azure or similar platforms).
- Experience with third-party risk management.
- Familiarity with UK GDPR and data protection.
- Experience using GRC tools.
Interested? Let’s talk.
At Investigo, we make recruitment feel easy.
Let’s keep this simple. We’re all about your success, as your success is our business. We are part of The IN Group, a collection of six award-winning specialist brands that supply the globe with end-to-end talent solutions. With recruitment at the core of our business, we’ve been connecting people since 2003.
Data & Privacy
By applying, you consent to Investigo collecting and processing your data for the purpose of recruitment and placement, in accordance with applicable data protection laws. For more information, please refer to our Privacy Notice at weareinvestigo.com.
