Job: Information Security Compliance & Risk Contractor

Job Title: Information Security Compliance & Risk Contractor
Contract Type: Contract
Location: Cardiff
Salary: Competitive
Start Date: ASAP
REF: Information 08
Job Published: 13 days ago

Job Description

Information Security, ISO 27001, Compliance, Risk, Governance, Audit, Assessments

Duration: 6 months initially

Location: Cardiff

Due to increased focus and growth, there is currently an opportunity to join the Information Security Team. This is for an Information Security Compliance & Risk role to work alongside the Governance, Risk & Compliance team members supporting the Security Improvement Programme.

Main Duties

  • Plan and perform Compliance Assessment

  • Develop the Information Security Test Library

  • Gather evidence for test and assessments performed

  • Collate Compliance Assessment reporting

  • Monitor and track Risk & Action statuses including Remediation plans

  • Monitor and track Risk Acceptances through regular reviews

  • Provide Third Party Risk assessments, including Due Diligence, RFx’s and remote access reviews

  • Work closely with, and support the Governance, Risk & Compliance team members

  • Support collating of Key Risk Indicators data for both Management and Group Risk Committee

  • Support collating of Management Information on an agreed schedule.

  • Help the Information Security Training team with metrics and information to better align their training material

  • Help with and feed into the various Information Security Policies, Standards and Procedures

This is not a full definition of the role but covers the main aspects and drivers for success.

Experience and Qualifications Required


  • Well organized

  • Team player

  • Able to work autonomously

  • Excellent multi-tasking skills

  • Previous experience within a Risk and/or Audit based role

  • In depth knowledge of ISO 27001

  • Understanding of various other security frameworks

  • Good communication and listening skills

  • Good planning and scheduling skills

  • Be able to work in a fast paced and changing environment


  • A good understanding of Security concepts and principles and best practice

  • Experience of performing Risk Assessments, utilising all available data

  • Good understanding of IT systems and networks

  • Fundamental understanding of risk management principles

  • Previous experience of coordinating activities within an ever changing landscape

  • Information Security qualification, preferably Audit or Risk based

If you feel you have the skill-set and experience for any of these positions, please send me your most up to date CV and I shall be in touch.