12 jobs found

We're proud to be trusted by some of the largest companies in the world to handle their Salesforce DevOps. Underpinning that trust is a commitment to protect their data through our modern approach to security and compliance. As we grow into increasingly regulated sectors, ensuring our global compliance standards are met is more important than ever. This is a fantastic opportunity to kickstart or progress your career inGovernance, Risk, and Compliance (GRC)within the tech sector. Reporting to theLegal and Compliance Manager, you will get hands-on exposure to customer assurance, information security audits, data protection, and additional international frameworks. As an early hire in this function, you'll have a clear path to specialise as the team grows. What's the opportunity for a GRC Analyst at Gearset? Partner with our GRC Manager to maintain our ISO 27001 certification and support compliance with global data protection regulations such as GDPR, CCPA, and HIPAA. Own the day-to-day response to customer security and compliance requests, ensuring our clients feel confident in how we handle their data. Coordinate and facilitate on managing GRC platforms, keeping our documentation current and finding ways to automate repeatable tasks. Play a key role in ISO 27001 Continuous Improvement (CI) activities and help prepare the business for internal and external audits. Assist in drafting and managing essential compliance policies, including Modern Slavery, AML and Anti-Bribery, ensuring they evolve with the company. Identify blockages in reviews and recommend ways to standardise documentation to help the company scale efficiently. What you'll achieve Develop a deep understanding of Gearset's compliance and security posture to streamline customer onboarding and vendor reviews. Lead the automation of our compliance workflows, reducing manual overhead for the team. Play a key role in scaling our global compliance footprint by launching and embedding new international security standards as we grow. Gain the experience and support needed to pursue certifications in GRC, Information Security or Data Protection. About you You have a passion for accuracy, especially when managing complex documentation and policies. You are comfortable learning about cloud software and can translate security and compliance concepts into clear, written responses. You can communicate professionally with both internal teams and external customers and vendors. You thrive in a fast-paced environment and are always looking for a more efficient way to get things done. Have degree in a relevant field such as Computer Science, or Cyber Security or equivalent foundational experience in a professional office environment. Great to haves Knowledge ofISO 27001, GDPR, CCPA and HIPAA Experience using GRC or workflow tools An interest in DevOps or the Salesforce ecosystem Benefits (the stuff you'd expect!) Salary is up to £45k (depending on experience) This role is based in our Cambridge office but with the flexibility to work from home when you need to Opportunity to join our Long Term Incentive scheme Generous personal development budget for courses, conferences, or whatever is useful to your professional development in the role of up to £1500 per year Top end hardware provided Free lunch any day you are in the office BUPA health care Life Insurance & critical illness cover Discounted gym membership, as well as a range of health and wellness benefits

Sword is a leading provider of business technology solutions within the Energy, Public and Finance Sectors, driving transformational change within our clients. We use proven technology, specialist teams and domain expertise to build solid technical foundations across platforms, data, and business applications. We have a passion for using technology to solve business problems, working in partnership with our clients to help in achieving their goals. About the role The Risk, Compliance & Resilience Advisor shall help to manage compliance and assurance for supporting the Senior Manager - Risk & Compliance and Risk & Resilience Lead by ensuring that: Risk Assessment: Assist in identifying, assessing, and prioritising risks across the organisation. Conduct risk assessments to evaluate the likelihood and potential impact of risks on business operations and objectives Compliance Monitoring: Monitor regulatory developments and changes in laws, regulations, and industry standards. Assess the organisation's compliance with applicable regulations, standards, and internal policies Resilience Planning: Support the Global Risk & Resilience Lead in the Development and maintenance of IT resilience and business continuity plans to ensure the organisation's ability to respond to and recover from IT disruptions Incident Response and Management: Provide support in DR related incident response activities, including investigating IT security incidents, breaches, and disruptions Issue Identification: Identify and document risk deficiencies, compliance gaps, and areas for improvement. Collaborate with stakeholders to develop actionable recommendations and corrective action plans to address identified issues Documentation and Reporting: Maintain accurate documentation of risk assessments, compliance reviews, control testing activities, and remediation efforts. Prepare regular reports for management and stakeholders on the status of risk, compliance, and control activities Policy and Procedure Development: Assist in the development and maintenance of risk management, compliance, and control related policies, procedures, and guidelines. Ensure alignment with regulatory requirements and industry best practices in alignment with the Global IS Governance Lead Vendor Risk Management Support: Assist in assessing and managing risks associated with third party vendors and service providers. Evaluate vendor controls and adherence to contractual obligations Continuous Improvement: Identify opportunities for enhancing risk management, compliance, and control processes. Recommend and implement improvements to strengthen the organisation's risk and control environment Project Work: Contribute to project activities as required to ensure GRC requirements are understood and addressed Areas of Accountability, Responsibility and Competence Level Works with the Global Risk & Compliance Senior Manager to support IS in the delivery of governance, compliance, and risk activities, whilst supporting the Integration projects Supports the execution of the security, audit, and compliance activities Supports the Global Risk & Compliance Senior Manager by ensuring the successful delivery of initiatives and projects within the Risk and Compliance environment Supports the Risk & Compliance Senior Manager, and Risk & Resilience Lead in any required activities which support improvements in assurance, compliance, and audit activities Addresses findings from identified risks or audits Ensures the ISMS contains an accurate record of risks, events, and issues Supports the internal and external audit investigations Ensures that the audit tests, self certifications, and audit reviews are relevant, consistent, and conducted in accordance with professionally accepted auditing standards Works with minimal supervision, using clearly defined processes and procedures Facilitates the use of performance metrics to improve output May be required to provide out of hours support via an on call rota Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate compliance and risk related concepts to technical and non technical audiences Substantial relevant experience in control management for governance, compliance, IT audits, IS assurance and risk management programmes CISA, CISM or equivalent preferred BSc or equivalent qualification in IT based degree preferred 3+ years relevant IT work experience Proven ability to communicate with technical teams to elicit information and requirements Understanding of regulatory requirements, including cross industry regulations (e.g., GDPR, Data Protection Act) and industry specific regulations Skilled in implementing compliance and control frameworks Proficient in IT governance and quality standards Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including and Cybersecurity Framework Excellent stakeholder management skills High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgement and maturity Knowledge of OneTrust risk management toolset or similar preferred At Sword, our core values and culture are based on caring about our people, investing in training and career development, and building inclusive teams where we are all encouraged to contribute to achieve success. We offer comprehensive benefits designed to support your professional development and enhance your overall quality of life. In addition to a Competitive Salary, here's what you can expect as part of our benefits package: Personalised Career Development: We create a development plan customised to your goals and aspirations, with a range of learning and development opportunities within a culture that encourages growth. Flexible working: Flexible work arrangements to support your work life balance. We can't promise to always be able to meet every request, however, are keen to discuss your individual preferences to make it work where we can. A Fantastic Benefits Package: This includes generous annual leave allowance, enhanced family friendly benefits, pension scheme, access to private health, well being, and insurance schemes. At Sword we are dedicated to fostering a diverse and inclusive workplace and are proud to be an equal opportunities employer, ensuring that all applicants receive fair and equal consideration for employment, regardless of whether they meet every requirement. If you don't tick all the boxes but feel you have some of the relevant skills and experience we're looking for, please do consider applying and highlight your transferable skills and experience. We embrace diversity in all its forms, valuing individuals regardless of age, disability, gender identity or reassignment, marital or civil partner status, pregnancy or maternity status, race, colour, nationality, ethnic or national origin, religion or belief, sex, or sexual orientation. Your perspective and potential are important to us.

REQUISITOS The Role: We are seeking a highly skilled Senior Azure Cloud DevOps Engineer with deep experience (3-5 years) in automation, Azure native services, and modern DevOps practices. You will build and manage cloud native solutions and automated deployment pipelines using Azure DevOps, GitHub Actions, and YAML to enhance delivery speed, system reliability, and operational efficiency. You will design secure, scalable architectures across the Azure platform, while contributing to a high performance engineering culture within an Agile/Scrum environment. This position requires strong hands on expertise in automation scripting and the ability to proactively improve system monitoring and observability. Key Responsibilities: Build - Mastery - Innovate - Optimize Architect and Implement: Build robust Azure cloud solutions, leveraging services such as Azure App Services, Azure Functions, Azure Kubernetes Service (AKS), API management, SQL Database and various Azure native components. DevOps Mastery: Define, optimize, and maintain Azure DevOps and GitHub Actions CI/CD pipelines, using Infrastructure as Code with Terraform, Bicep, and PowerShell scripting to streamline deployments, configuration updates, maintenance, and provisioning tasks. Innovate: Conduct proof of concepts for emerging Azure technologies and Gen AI applications. Platform integration: Integrate and manage key platform services, including Storage, Networking, Identity, and Monitoring, ensuring seamless end to end operations. Well Architected: Implement secure, scalable designs following best practices for availability, performance optimization, and cloud security. Collaboration: Work within Agile/Scrum teams, partnering with developers, cloud engineers, and stakeholders to deliver high quality, cloud ready solutions. Analytical skills: Diagnose and resolve complex issues in cloud and DevOps environments, applying strong problem solving and analytical skills. Optimize: Ensure solutions are cost effective, high performing, and reliably secure. Take on a prominent role in the architecture and design of web solutions. Work with the wider development team to scope out and develop new web applications for existing services. Develop a flexible and well structured back end architecture. Participate in code reviews, testing, and quality assurance processes to ensure high quality code Help identify, escalat, resolve any technical issues and problems that might occur. Participate in code reviews, testing, and quality assurance to meet project goals and timelines. Provide technical guidance to junior developers and communicate effectively with clients and stakeholders. Set up and manage the computational infrastructure required to build, test and release applications. Develop and maintain tools to assist other developers in delivering their changes to production environments quickly and reliably. Establish and enforce development and coding best practices within the teams. Automate existing manual tasks to reduce delivery time and free up time for core development. Share knowledge and collaborate effectively with the rest of the Compute team based in other locations. Levallois-Perret . France Manager At Devoteam, we help organisations unlock the full potential of the cloud. As a Microsoft Cloud Consultant, you guide customers through their cloud journey and help them build secure, scalable and futureproof platforms. You guide them through the complexities of Microsoft Azure and ensure their platform is engineered for long term success. You'll join a team that thrives on innovation, collaboration and continuous learning-because shaping the future of cloud means staying ahead of it. Your role As a Cloud Consultant, you support customers in designing, managing and improving their cloud environments. You translate business needs into smart technical solutions and ensure the underlying platform is reliable, secure and ready for growth. You will: Support customers with the management, integration and maintenance of their cloud platform, ensuring stability, security and operational excellence. Work on core infrastructure and technology services within the landing zone, helping customers build a strong and compliant cloud foundation. Collaborate closely with DevOps teams, who focus on development practices and platform usage, while you ensure the platform itself is robust and well architected. Collaborate with the Data & AI teams to ensure transformation projects provide the necessary foundations for advanced AI Foundry and Fabric implementations. Conduct feasibility studies for new cloud services or platform improvements, always keeping an eye on innovation and long term value. Think proactively about security, maintainability, flexibility and efficiency in every solution you design. We are seeking our next talents to work on data-related projects (at Strategy, Business, and Operations levels). The ideal candidate will have a deep understanding of data analysis, management, and visualization, coupled with strong problem solving and communication skills. The Data Consultant will collaborate with clients and internal teams to assess data needs, develop strategies for effective data utilization, and implement solutions that drive business insights. Responsibilities: Analyze complex datasets to identify trends, patterns, and insights. Interpret data to provide actionable recommendations for business improvement. Work closely with clients to understand their business goals and data requirements. Collaborate on the development of data strategies aligned with client objectives. Design and implement data management processes to ensure data accuracy, completeness, and security. Develop and maintain data documentation and metadata. Create visually appealing and insightful reports and dashboards. Communicate data findings effectively to both technical and non-technical stakeholders. Identify and resolve data related issues and challenges. Propose innovative solutions to improve data processes and systems. Stay updated on industry trends and advancements in data technologies. Provide guidance on the selection and implementation of data tools and technologies. Levallois-Perret . France & Devops Engineer Vos Missions : Lisboa . Portugal Assurance Analyst Ability to elicit and document technical requirements; Preparation of use cases for validation of the solution under implementation; Manage and validate the requirements; Identify gaps and opportunities for process improvements; Analyze functional and technical specifications to ensure that the construction and definition of test cases is in agreement; Execution of different types of software tests in order to validate that the developed solutions respond to the requirements defined in the technical and functional specifications, ensuring compliance with the defined testing framework; Updating documentation and deliverables related to testing (test plans, test scripts and evidence reports). Machelen . Belgium & Compliance Engineer What are we looking for? As a Security GRC consultant, you are able to engage with our clients in all industry sectors to scope out their cyber requirements and to deliver on their Governance, Risk and Compliance projects based on your expert advice. You are able to help clients understand their risk exposure in their environment and design solutions to remediate their risks. What will your day look like? You will adopt and integrate Compliance & Risk Frameworks for specific projects at our clients. This can include data entry into ServiceNow GRC tool, creating status reports and maintain statistics. You will also support our clients in the development of their security program regarding compliance and data privacy, which includes performing or documenting Framework Assessments; advising on or creating appropriate Policies; and revising, creating, or assisting in the creation of Risk Management, Incident Response, and Business Recovery programs. Who will you work with? You will be part of the Cyber Trust team with more than 50 people in Belgium, exchanging insights and knowledge, "ensuring a secure IT environment protecting the business goals". You will work with our customer's business and technical employees to capture, discuss and verify cyber risks. You work on flexible daily basis, on site at client's office, at Devoteam in Zaventem or at home. You will report to your practice manager, who will be your point of contact for development and career guidance.

We're proud to be trusted by some of the largest companies in the world to handle their Salesforce DevOps. Underpinning that trust is a commitment to protect their data through our modern approach to security and compliance. As we grow into increasingly regulated sectors, ensuring our global compliance standards are met is more important than ever. This is a fantastic opportunity to kickstart or progress your career in Governance, Risk, and Compliance (GRC) within the tech sector. Reporting to the Legal and Compliance Manager, you will get hands on exposure to customer assurance, information security audits, data protection, and additional international frameworks. As an early hire in this function, you'll have a clear path to specialise as the team grows. What's the opportunity for a GRC Analyst at Gearset? Partner with our GRC Manager to maintain our ISO 27001 certification and support compliance with global data protection regulations such as GDPR, CCPA, and HIPAA. Own the day to day response to customer security and compliance requests, ensuring our clients feel confident in how we handle their data. Coordinate and facilitate on managing GRC platforms, keeping our documentation current and finding ways to automate repeatable tasks. Play a key role in ISO 27001 Continuous Improvement (CI) activities and help prepare the business for internal and external audits. Assist in drafting and managing essential compliance policies, including Modern Slavery, AML and Anti Bribery, ensuring they evolve with the company. Identify blockages in reviews and recommend ways to standardise documentation to help the company scale efficiently. What you'll achieve Develop a deep understanding of Gearset's compliance and security posture to streamline customer onboarding and vendor reviews. Lead the automation of our compliance workflows, reducing manual overhead for the team. Play a key role in scaling our global compliance footprint by launching and embedding new international security standards as we grow. Gain the experience and support needed to pursue certifications in GRC, Information Security or Data Protection. About you You have a passion for accuracy, especially when managing complex documentation and policies. You are comfortable learning about cloud software and can translate security and compliance concepts into clear, written responses. You can communicate professionally with both internal teams and external customers and vendors. You thrive in a fast paced environment and are always looking for a more efficient way to get things done. Have degree in a relevant field such as Computer Science, or Cyber Security or equivalent foundational experience in a professional office environment. Great to haves Knowledge of ISO 27001, GDPR, CCPA and HIPAA Experience using GRC or workflow tools An interest in DevOps or the Salesforce ecosystem Benefits (the stuff you'd expect!) Salary is up to £45k (depending on experience) This role is based in our Cambridge office but with the flexibility to work from home when you need to Opportunity to join our Long Term Incentive scheme Generous personal development budget for courses, conferences, or whatever is useful to your professional development in the role of up to £1500 per year Top end hardware provided Free lunch any day you are in the office BUPA health care Life Insurance & critical illness cover Discounted gym membership, as well as a range of health and wellness benefits

We're proud to be trusted by some of the largest companies in the world to handle their Salesforce DevOps. Underpinning that trust is a commitment to protect their data through our modern approach to security and compliance. As we grow into increasingly regulated sectors, ensuring our global compliance standards are met is more important than ever. This is a fantastic opportunity to kickstart or progress your career in Governance, Risk, and Compliance (GRC) within the tech sector. Reporting to the Legal and Compliance Manager, you will get hands on exposure to customer assurance, information security audits, data protection, and additional international frameworks. As an early hire in this function, you'll have a clear path to specialise as the team grows. What's the opportunity for a GRC Analyst at Gearset? Partner with our GRC Manager to maintain our ISO 27001 certification and support compliance with global data protection regulations such as GDPR, CCPA, and HIPAA. Own the day-to-day response to customer security and compliance requests, ensuring our clients feel confident in how we handle their data. Coordinate and facilitate on managing GRC platforms, keeping our documentation current and finding ways to automate repeatable tasks. Play a key role in ISO 27001 Continuous Improvement (CI) activities and help prepare the business for internal and external audits. Assist in drafting and managing essential compliance policies, including Modern Slavery, AML and Anti Bribery, ensuring they evolve with the company. Identify blockages in reviews and recommend ways to standardise documentation to help the company scale efficiently. What you'll achieve Develop a deep understanding of Gearset's compliance and security posture to streamline customer onboarding and vendor reviews. Lead the automation of our compliance workflows, reducing manual overhead for the team. Play a key role in scaling our global compliance footprint by launching and embedding new international security standards as we grow. Gain the experience and support needed to pursue certifications in GRC, Information Security or Data Protection. About you You have a passion for accuracy, especially when managing complex documentation and policies. You are comfortable learning about cloud software and can translate security and compliance concepts into clear, written responses. You can communicate professionally with both internal teams and external customers and vendors. You thrive in a fast-paced environment and are always looking for a more efficient way to get things done. Have a degree in a relevant field such as Computer Science, or Cyber Security or equivalent foundational experience in a professional office environment. Great to haves Knowledge of ISO 27001, GDPR, CCPA and HIPAA Experience using GRC or workflow tools An interest in DevOps or the Salesforce ecosystem Benefits (the stuff you'd expect!) Salary is up to £45k (depending on experience) This role is based in our Cambridge office but with the flexibility to work from home when you need to Opportunity to join our Long Term Incentive scheme Generous personal development budget for courses, conferences, or whatever is useful to your professional development in the role of up to £1500 per year Top end hardware provided Free lunch any day you are in the office BUPA health care Life Insurance & critical illness cover Discounted gym membership, as well as a range of health and wellness benefits

We're proud to be trusted by some of the largest companies in the world to handle their Salesforce DevOps. Underpinning that trust is a commitment to protect their data through our modern approach to security and compliance, and this is only getting more important as we grow our customer base in increasingly regulated sectors. This is a fantastic opportunity to progress your career in security and compliance within the tech sector. This role will provide you with exposure to several key areas including information security, data protection, general compliance, audits and relevant project work. There'll be lots of opportunity to progress within the role and specialise within a certain area of the business in the future. What's the opportunity at Gearset? Own our security and compliance documentation accurate and up to date, such as policies, procedures, and support documentation across our information security and compliance programs. Support our commercial teams in complex information security and compliance negotiations, while making sure we respond accurately and within given timescales. Take ownership of maintaining our current ISO 27001 compliance and certification through continuous improvement activities, as well as supporting preparation for internal and external audits. Own our internal Data Protection compliance program and make sure we comply with various regulations globally including UK GDPR, EU GDPR, and CCPA. Gain experience in the implementation and ownership of additional compliance based projects as we increase the international regulation and standards we comply with. Help us work efficiently by identifying common deal blockers and standardising documentation and processes. What you'll achieve You'll build on your prior experience from a GRC or an information security role, within a technology company, to support our ambitious company growth plans. You'll become a technical expert on the company and our products to streamline customer onboarding, and security and compliance reviews. You'll own reviewing and responding to our complex customer security and compliance requests. You'll have ownership of compliance and reporting to the international information security standard ISO 27001, to ensure Gearset retains our certification and continues to provide the highest level of protection to our customers' data. You'll own our internal Data Protection compliance program and make sure we comply with various regulations globally including UK GDPR, EU GDPR, CCPA. You'll manage out third party supplier risk program. You'll work as part of the compliance project team when implementing new regulations or standards such as NIST, fedRAMP etc. You'll have the opportunity to get certified to international standards on Information Security, Compliance, Risk, Data Protection or Cyber Security. About you Have been in an information security or GRC role, within a technology company and hold either a ISO 27001 Lead Implementer or Lead Auditor certificate. Have in-depth knowledge of ISO 27001 standards & proven experience in implementing ISO 27001 and maintaining the certification. Along with knowledge of general compliance requirements such as Modern Slavery, AML, Bribery etc. Have a track record of owning internal compliance with global data protection laws including GDPR and CCPA. Have an understanding of AWS Cloud infrastructure, and application security. Possess a technical predisposition, the desire to learn and ability to react to the needs of a rapidly growing company eg comfortable working in an ever changing environment. Are an excellent communicator, with attention to detail and a passion for always delivering a great customer experience. Great to haves A degree in Computer Science, Information Security, Cybersecurity, or a closely related discipline such as Data Protection, Information Governance or Risk. A recognised Information Security qualification such as CISSP, CompTIA Security+ etc. Past exposure to other regulations or frameworks such as NIST, HIPAA, fedRAMP, DORA. Knowledge of DevOps and DevSecOps. Benefits (the stuff you'd expect!) This role is based in our Cambridge office but with the flexibility to work from home when you need to. Opportunity to join our Long Term Incentive scheme. Generous personal development budget for courses, conferences, or whatever is useful to your professional development in the role of up to £1500 per year. Top end hardware provided. Free lunch any day you are in the office. BUPA health care. Life Insurance & critical illness cover. Discounted gym membership, as well as a range of health and wellness benefits.

Sword is a leading provider of business technology solutions within the Energy, Public and Finance Sectors, driving transformational change within our clients. We use proven technology, specialist teams and domain expertise to build solid technical foundations across platforms, data, and business applications. We have a passion for using technology to solve business problems, working in partnership with our clients to help in achieving their goals. About the role The Risk, Compliance & Resilience Advisor shall help to manage compliance and assurance for supporting the Senior Manager - Risk & Compliance and Risk & Resilience Lead by ensuring that: Risk Assessment: Assist in identifying, assessing, and prioritising risks across the organisation. Conduct risk assessments to evaluate the likelihood and potential impact of risks on business operations and objectives Compliance Monitoring: Monitor regulatory developments and changes in laws, regulations, and industry standards. Assess the organisation's compliance with applicable regulations, standards, and internal policies Resilience Planning: Support the Global Risk & Resilience Lead in the Development and maintenance of IT resilience and business continuity plans to ensure the organisation's ability to respond to and recover from IT disruptions Incident Response and Management: Provide support in DR related incident response activities, including investigating IT security incidents, breaches, and disruptions Issue Identification: Identify and document risk deficiencies, compliance gaps, and areas for improvement. Collaborate with stakeholders to develop actionable recommendations and corrective action plans to address identified issues Documentation and Reporting: Maintain accurate documentation of risk assessments, compliance reviews, control testing activities, and remediation efforts. Prepare regular reports for management and stakeholders on the status of risk, compliance, and control activities Policy and Procedure Development: Assist in the development and maintenance of risk management, compliance, and control related policies, procedures, and guidelines. Ensure alignment with regulatory requirements and industry best practices in alignment with the Global IS Governance Lead Vendor Risk Management Support: Assist in assessing and managing risks associated with third party vendors and service providers. Evaluate vendor controls and adherence to contractual obligations Continuous Improvement: Identify opportunities for enhancing risk management, compliance, and control processes. Recommend and implement improvements to strengthen the organisation's risk and control environment Project Work: Contribute to project activities as required to ensure GRC requirements are understood and addressed Areas of Accountability, Responsibility and Competence Level Works with the Global Risk & Compliance Senior Manager to support IS in the delivery of governance, compliance, and risk activities, whilst supporting the Integration projects Supports the execution of the security, audit, and compliance activities Supports the Global Risk & Compliance Senior Manager by ensuring the successful delivery of initiatives and projects within the Risk and Compliance environment Supports the Risk & Compliance Senior Manager, and Risk & Resilience Lead in any required activities which support improvements in assurance, compliance, and audit activities Addresses findings from identified risks or audits Ensures the ISMS contains an accurate record of risks, events, and issues Supports the internal and external audit investigations Ensures that the audit tests, self certifications, and audit reviews are relevant, consistent, and conducted in accordance with professionally accepted auditing standards Works with minimal supervision, using clearly defined processes and procedures Facilitates the use of performance metrics to improve output May be required to provide out of hours support via an on call rota Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate compliance and risk related concepts to technical and non technical audiences Substantial relevant experience in control management for governance, compliance, IT audits, IS assurance and risk management programmes CISA, CISM or equivalent preferred BSc or equivalent qualification in IT based degree preferred 3+ years relevant IT work experience Proven ability to communicate with technical teams to elicit information and requirements Understanding of regulatory requirements, including cross industry regulations (e.g., GDPR, Data Protection Act) and industry specific regulations Skilled in implementing compliance and control frameworks Proficient in IT governance and quality standards Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including and Cybersecurity Framework Excellent stakeholder management skills High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgement and maturity Knowledge of OneTrust risk management toolset or similar preferred At Sword, our core values and culture are based on caring about our people, investing in training and career development, and building inclusive teams where we are all encouraged to contribute to achieve success. We offer comprehensive benefits designed to support your professional development and enhance your overall quality of life. In addition to a Competitive Salary, here's what you can expect as part of our benefits package: Personalised Career Development: We create a development plan customised to your goals and aspirations, with a range of learning and development opportunities within a culture that encourages growth. Flexible working: Flexible work arrangements to support your work life balance. We can't promise to always be able to meet every request, however, are keen to discuss your individual preferences to make it work where we can. A Fantastic Benefits Package: This includes generous annual leave allowance, enhanced family friendly benefits, pension scheme, access to private health, well being, and insurance schemes. At Sword we are dedicated to fostering a diverse and inclusive workplace and are proud to be an equal opportunities employer, ensuring that all applicants receive fair and equal consideration for employment, regardless of whether they meet every requirement. If you don't tick all the boxes but feel you have some of the relevant skills and experience we're looking for, please do consider applying and highlight your transferable skills and experience. We embrace diversity in all its forms, valuing individuals regardless of age, disability, gender identity or reassignment, marital or civil partner status, pregnancy or maternity status, race, colour, nationality, ethnic or national origin, religion or belief, sex, or sexual orientation. Your perspective and potential are important to us.

Methods is a £100M+ IT Services Consultancy who has partnered with a range of central government departments and agencies to transform the way the public sector operates in the UK. Established over 30 years ago and UK-based, we apply our skills in transformation, delivery, and collaboration from across the Methods Group, to create end-to-end business and technical solutions that are people-centred, safe, and designed for the future. Our human touch sets us apart from other consultancies, system integrators and software houses - with people, technology, and data at the heart of who we are, we believe in creating value and sustainability through everything we do for our clients, staff, communities, and the planet. We support our clients in the success of their projects while working collaboratively to share skill sets and solve problems. At Methods we have fun while working hard; we are not afraid of making mistakes and learning from them. Predominantly focused on the public sector, Methods is now building a significant private sector client portfolio. Methods was acquired by the Alten Group in early 2022. Role Overview Methods is a leading digital transformation consultancy, partnering with public and private sector organisations to deliver innovative and secure solutions. With a strong focus on governance, risk, and compliance (GRC), we help businesses navigate complex security landscapes while ensuring regulatory and operational resilience. Principal Cyber Security Risk & Audit Consultant This role is ideal for a professional with a strong background in cyber security, risk management, and internal audit. The ideal candidate will have experience across both the public and private sectors, with exposure to or experience in management consultancy. Strong team building and leadership experience is highly desirable. Lead and execute cyber security audits, ensuring compliance with regulatory and industry standards. Develop and maintain risk management frameworks, aligning with best practices such as ISO 27001, NIST, and GDPR. Collaborate with stakeholders to identify and mitigate cyber risks across digital and operational infrastructures. Provide expert guidance on cyber risk governance, resilience, and assurance strategies. Assess third party risk management practices and conduct security audits on suppliers and partners. Work closely with CISOs, IT, and compliance teams to drive a proactive security culture. Report findings and recommendations to senior leadership, ensuring risk mitigation strategies are effectively implemented. Essential Skills & Qualifications Candidates must have one of the following qualifications or be willing to work towards them: ChCSP in the Audit and Assurance (specialism) - Chartered status with the UK Cyber Security Council (CSC) PriCSP in the Audit and Assurance (specialism) - Principal level with the CSC, with a commitment to attaining Chartered status CMIIA - Chartered Member of the Institute of Internal Auditors, with willingness to work towards ChCSP CISA - ISACA Certified Information Systems Auditor, with willingness to work towards ChCSP QiCA - Institute of Internal Auditors Qualification in Computer Auditing, with willingness to work towards ChCSP Additional professional certifications of interest include IRM Chartered Risk Manager certification ISACA certifications such as CISM, CRISC, CGEIT CISSP (Certified Information Systems Security Professional) Other essential skills Proven experience in cyber security risk management and audit, ideally within regulated industries Strong knowledge of security frameworks, including ISO 27001, NIST, CIS Controls, and GDPR compliance Ability to conduct security assessments, risk analyses, and internal audits Familiarity with security tooling and governance platforms (e.g., SIEM, GRC platforms) Excellent communication skills with the ability to influence senior stakeholders A proactive mindset with the ability to work independently and as part of a team This role will require you hold or achieve Security Clearance. As part of the onboarding process candidates will be asked to complete a Baseline Personnel Security Standard; details of the evidence required to apply may be found on the government website Gov.UK. If you are unable to meet this and any associated criteria, then your employment may be delayed, or rejected - Details of this will be discussed with you at interview Methods is passionate about its people; we want our colleagues to develop the things they are good at and enjoy. By joining us you can expect Autonomy to develop and grow your skills and experience Be part of exciting project work that is making a difference in society Strong, inspiring and thought-provoking leadership A supportive and collaborative environment Development - access to LinkedIn Learning, a management development programme, and training Wellness - 24/7 confidential employee assistance programme Flexible Working - including home working and part time Social - office parties, breakfast Tuesdays, monthly pizza Thursdays, Thirsty Thursdays, and commitment to charitable causes Time Off - 25 days of annual leave a year, plus bank holidays, with the option to buy 5 extra days each year Volunteering - 2 paid days per year to volunteer in our local communities or within a charity organisation Pension - Salary Exchange Scheme with 4% employer contribution and 5% employee contribution Discretionary Company Bonus - based on company and individual performance Life Assurance - of 4 times base salary Private Medical Insurance - which is non contributory (spouse and dependants included) Worldwide Travel Insurance - which is non contributory (spouse and dependants included) Enhanced Maternity and Paternity Pay Travel - season ticket loan, cycle to work scheme For a full list of benefits please visit our website ()