CrawlJobs Logo

Information Risk Assurer

United Kingdom, Kidlington · Job Posted February 13, 2026
Apply Position
Job Link Share

Job Description

We are supporting a public sector organisation in Oxfordshire to appoint an experienced Information Risk Assurer to strengthen information assurance, accreditation and secure-by-design practices across ICT services. This is a delivery-focused role, working closely with architects, project teams and suppliers to ensure systems, services and data meet national, legal and local security requirements.

Job Responsibility

  • Develop and update Information Assurance processes, policies and local standards
  • Review system and solution designs to ensure secure-by-design principles are applied
  • Identify information security risks and provide proportionate mitigation recommendations
  • Produce clear security guidance for users and delivery teams
  • Advise on security requirements for new and existing IT systems, including cloud services
  • Review third-party security questionnaires and assess supplier suitability during onboarding
  • Support accreditation activity through security documentation, risk assessments and assurance artefacts

Requirements

  • Proven experience in Information Assurance or Information Security within a complex environment
  • Strong understanding of information risk management and secure system design
  • Experience assessing technical designs and third-party security controls
  • Knowledge of relevant government or policing security standards and frameworks
  • Ability to communicate security requirements to technical and non-technical stakeholders
  • Must hold or be eligible for NPPV3 and SC clearance

Nice to have

Public sector or policing experience is highly desirable

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Information Risk Assurer

8 matching positions

New

Senior Lead Cloud & Ai Risk Information Security Analyst

Wells Fargo is a Senior Lead Cloud & AI Risk Information Security Analyst. This ...
Location
Location
United States , Chandler; Charlotte; Irving
Salary
Salary:
159000.00 - 254000.00 USD / Year
https://www.wellsfargo.com/ Logo
Wells Fargo
Expiration Date
July 02, 2026
Flip Icon
Requirements
Requirements
  • 7+ years of Information Technology in support of business services experience, or equivalent demonstrated through one or a combination of the following work experience, training, military experience, education
  • 5+ years of cloud cybersecurity, cyber risk management and controls experience
  • 5+ years of experience with related industry standards for cloud (i.e. NIST, CSA-CCM, FFIEC, CRI Institute, CIS Profile)
Job Responsibility
Job Responsibility
  • Evaluate cloud and AI cybersecurity risk and adherence to the control framework across all service (public, private, hybrid, multi-cloud) and deployment models (SaaS, PaaS. IaaS) to ensure cloud and AI workloads are secure prior to deployment
  • Identify, analyze and escalate risk across cybersecurity related functions and controls
  • Monitor, measure and report control adherence and the risk profile
  • Implement and manage post-deployment quality assurance of cybersecurity related processes, technologies and controls
  • Develop and monitor cloud security metrics, key risk indicators, key performance indicators to provide an aggregate risk view that informs decision-making
  • Evaluate control environments across the enterprise, platform and application layer, through root cause analysis and solution advice to ensure sustainable mitigation
  • Oversee and provide cloud expertise for audit, testing and regulatory examinations
  • Create and present cloud specific risk details in relevant risk committees and governance routines
  • Support the continuous enhancement and adoption of the Cloud Security Control Framework
  • Develop requirements for automation capabilities in support of Cloud & AI Security Risk & Control and support launch activities through testing, training and awareness
What we offer
What we offer
  • Health benefits
  • 401(k) Plan
  • Paid time off
  • Disability benefits
  • Life insurance, critical illness insurance, and accident insurance
  • Parental leave
  • Critical caregiving leave
  • Discounts and savings
  • Commuter benefits
  • Tuition reimbursement
  • Fulltime
Read More
Arrow Right

Information Security Risk Analyst

We are seeking a proactive, curious and hands-on Information Security Risk Analy...
Location
Location
Netherlands , Amsterdam
Salary
Salary:
Not provided
optiver.com Logo
Optiver
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • At least 2 years of professional experience in information security, technology risk, GRC, or a related field, ideally in an in-house environment
  • Experience in project management
  • Solid understanding of fundamental information security concepts
  • Comfortable managing multiple priorities concurrently while maintaining high-quality output under time pressure
  • Strong communication skills (written and verbal), with the ability to convey clear, concise updates to both technical and business stakeholders
  • Able to work effectively across global teams and time zones, while also operating independently and knowing when to align
  • Comfortable using modern tools, including data analysis/reporting platforms, and leveraging AI to improve efficiency and quality
  • Pragmatic and structured in problem-solving, with a focus on practical, outcome-driven solutions
  • Proactive, accountable, and curious, with a strong sense of ownership and a desire to continuously learn and deepen expertise
Job Responsibility
Job Responsibility
  • Assist with policy maintenance, tracking implementation progress, and ensuring business adoption across global locations
  • Contribute to regulatory and audit responses by gathering evidence, interpreting requirements, and producing clear, accurate inputs
  • Support the management of the global security training and awareness program
  • Coordinate and support regular security control assessments, risk reviews, and assurance activities to verify that controls are operating as intended
  • Help maintain and strengthen Optiver’s control framework by identifying gaps, driving follow-up actions, and collaborating with technical and business teams
  • Support data analysis and automation efforts to streamline reporting, improve accuracy, and enable more efficient GRC processes
What we offer
What we offer
  • A performance-based bonus structure unmatched anywhere in the industry
  • The opportunity to work alongside best-in-class professionals from over 50 different countries
  • 25 paid vacation days in your first year, increasing to 30 from your second year onwards
  • Training opportunities, discounts on health insurance, and fully paid first-class commuting expenses
  • Extensive office perks, including breakfast, lunch and dinner, world-class barista coffee, in-house physio and chair massages, organized sports and leisure activities, and Friday afternoon drinks
  • Training and continuous learning opportunities, including access to conferences and tech events
  • Competitive relocation packages and visa sponsorship where necessary for expats
  • Fulltime
Read More
Arrow Right

Cyber and Information Security Risk Manager, Senior Vice President

This role is critical for safeguarding the bank's financial stability and sustai...
Location
Location
United Kingdom , Belfast
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of progressive experience in Cyber & Information Security Risk Management, IT Risk, Security Compliance, or IT Audit, with significant experience in a financial services environment
  • Demonstrated expertise in identifying, assessing, measuring, monitoring, and reporting on complex cyber and information security risks
  • Proven track record of designing and leading initiatives to enhance security controls and processes
  • Extensive experience collaborating with and managing expectations of diverse stakeholders, including business unit leaders, technical teams, and 2nd and 3rd line functions (e.g., Information Security Compliance, Operational Risk, Internal Audit, Regulators)
  • Strong understanding of evolving cyber threat landscapes, regulatory requirements (e.g., NIST, ISO 27001, GLBA), and industry best practices
  • Proficient in maintaining risk and control frameworks, including Manager’s Control Assessment (MCA), specifically for Cyber & Information Security risks
  • Exceptional communication and presentation skills, with the ability to articulate complex cyber risk concepts and their business impact to senior management and governance committees
  • Ability to act as a primary liaison for all audit and regulatory engagements pertaining to Cyber & Information Security
  • Strong leadership capabilities with experience in leading and mentoring risk management professionals
  • Bachelor's degree required
Job Responsibility
Job Responsibility
  • Proactively identify and assess evolving Cyber & Information Security risks across the business and technology landscape
  • Design and lead strategic initiatives to enhance cyber and information security controls and processes, ensuring alignment with risk appetite
  • Collaborate effectively with business unit leaders and diverse stakeholders to embed robust cyber risk management practices into business operations
  • Partner with 2nd line functions (e.g., Information Security Compliance, Operational Risk Management) to interpret and apply cyber risk requirements and policies accurately
  • Engage with 3rd line functions (e.g., Internal Audit, Compliance Assurance) to facilitate independent assessments, address findings, and drive resolution of cyber and information security issues
  • Maintain comprehensive oversight of cyber risk posture through continuous monitoring of metrics, activity, and corrective action plan execution
  • Prepare and present clear, concise updates on emerging cyber risks, control effectiveness, and strategic enhancements to senior management and governance committees
  • Ensure rigorous adherence to information security policies and regulatory requirements, including maintaining a robust Manager’s Control Assessment (MCA) for Cyber & Information Security
  • Serve as a primary liaison for all internal and external audit engagements related to Cyber & Information Security
  • Lead and mentor a team focused on cyber risk assessment, regulatory compliance, and efficient reporting and resolution of security-related matters
What we offer
What we offer
  • Generous holiday allowance starting at 27 days plus bank holidays
  • increasing with tenure
  • A discretional annual performance related bonus
  • Private medical insurance packages to suit your personal circumstances
  • Employee Assistance Program
  • Pension Plan
  • Paid Parental Leave
  • Special discounts for employees, family, and friends
  • Access to an array of learning and development resources
  • Fulltime
Read More
Arrow Right

Information Security Risk Manager

As Information Security Risk Manager (f/m/d) you will own and drive Awin’s globa...
Location
Location
Salary
Salary:
Not provided
awin.com Logo
Awin Global
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Proven track record of owning and delivering risk management initiatives end-to-end
  • Experience driving risk remediation across teams without direct authority
  • Strong experience presenting and defending risk positions to senior leadership and boards
  • Hands-on experience within an ISO 27001-certified ISMS environment
  • Strong knowledge of frameworks such as ISO 27001
  • Experience designing, implementing, or improving control frameworks
  • Experience with GRC platforms (e.g. Hyperproof)
  • Confident communicator (with very good English skills) - able to build relationships and challenge/influence senior stakeholders
Job Responsibility
Job Responsibility
  • Lead enterprise-wide risk identification and assessment across strategic initiatives, technology, and third parties. Ensure risks are prioritised and clearly articulated in business terms (financial, regulatory, reputational) to enable effective decision-making. Drive risk remediation to closure, holding risk owners accountable for delivery and escalating where progress stalls. Ensure risk management is embedded in cross-functional initiatives and considered as part of key business decisions
  • Own and maintain the Information Security Risk Register, ensuring it reflects true risk exposure, progress, and outcomes, not just status updates. Facilitate risk reviews that are focused on decisions, accountability, and measurable progress
  • Define, embed, and maintain the organisation’s risk appetite, ensuring it is actively used in both business and technology decision-making. Establish and track KPIs that measure real improvements in risk posture, not just activity
  • Provide clear, opinionated, and actionable risk insights to senior management and the board. Act as the bridge between technical and business teams, ensuring risks are clearly understood and acted upon
  • Confidently challenge and influence stakeholders to ensure risks are neither understated nor inappropriately accepted
  • Own and continuously improve Awin’s global information security risk management framework, aligned to ISO 27001 and regulatory requirements. Monitor control effectiveness, proactively identify weaknesses, and drive improvements
  • Embed risk management into business processes so that risks are considered early and proactively, rather than retrospectively
  • As the most senior member of the team, mentor and develop GRC team members, building capability in risk management and assurance. Lead horizon scanning across emerging threats, regulatory changes, and industry developments, translating these into practical risk implications and actions for the business
What we offer
What we offer
  • Flexi-Week and Work-Life Balance: We prioritise your mental health and well-being, offering you a flexible four-day Flexi-Week at full pay and with no reduction to your annual holiday allowance. We also offer a variety of different paid special leaves as well as volunteer days
  • Remote Working Allowance: You will receive a monthly allowance to cover part of your running costs. In addition, we will support you in setting up your remote workspace appropriately
  • Pension: Awin offers access to an additional pension insurance to all employees in Germany
  • Flexi-Office: We offer an international culture and flexibility through our Flexi-Office and hybrid/remote work possibilities to work across Awin regions
  • Development: We’ve built our extensive training suite Awin Academy to cover a wide range of skills that nurture you professionally and personally, with trainings conveniently packaged together to support your overall development
  • Appreciation: Thank and reward colleagues by sending them a voucher through our peer-to-peer program
Read More
Arrow Right

Senior Information Assurance & Risk Specialist

We’re looking for a highly skilled Senior Information Assurance & Risk Specialis...
Location
Location
United Kingdom , Oxford or Hampshire
Salary
Salary:
Not provided
datacareers.co.uk Logo
DataCareers
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Strong technical security background (cloud, MS stack, architecture, modern tech risks)
  • Applied IA experience: NIST, security controls, risk assessment
  • Ability to coach others and communicate clearly with non-technical stakeholders
  • Experience in a regulated environment (policing, HMG, MoD or similar)
  • Collaborative, proactive approach with high integrity
  • Act as a visible advocate for high standards of information assurance
  • Relevant professional qualifications (e.g. CISSP, CISMP, Information Security certifications) are also preferred
  • A full UK driving licence is essential due to travel and operational flexibility requirements
  • Five years of continuous UK residency to enable the necessary background checks to be completed
Job Responsibility
Job Responsibility
  • Lead SyAP assessments
  • Produce high-quality assurance evidence
  • Help align policies and standards with national expectations
  • Uplift colleagues through mentoring
  • Translate complex concepts into plain language
  • Support a maturing IA function
  • Assess security controls
  • Guide secure-by-design decisions
  • Support the organisation in managing risk across both established and emerging technologies
  • Bring clarity, rigour and practical insight to ensure decisions are safe, proportionate and evidence-based
What we offer
What we offer
  • 30 days annual leave plus bank holidays
  • Hybrid and flexible working arrangements
  • Career development pathways and continuous professional learning
  • A wide range of wellbeing support services and staff networks
  • Lifestyle and discount schemes
  • Local Government Pension Scheme
  • Fulltime
Read More
Arrow Right

Information and Technology Governance & Risk Lead

Reporting to Head of I&T GRC, Governance and Risk Lead will be responsible for d...
Location
Location
United Kingdom , Milton Keynes
Salary
Salary:
Not provided
dssmith.com Logo
DS Smith
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Working knowledge of technology and security standards, controls and consequences across both IT and manufacturing environments in manufacturing or similar industries
  • Experience working with information security standards and frameworks such as and regulations such as ISO27001, NIST CSF, PCI DSS, NISD and NIS2
  • Proven analytical, problem-solving, planning, project delivery and supplier work packages management skills
  • Demonstrable experience of engaging across all levels of a company in relation to information and cyber security risks
  • Working towards or achieved professional certifications (ISO27001 lead, ISC2, CISM or CRISC) advantageous
Job Responsibility
Job Responsibility
  • Drive information and cyber security awareness
  • Deliver security awareness training including phishing and facilitation of cyber scenario desktop simulations across central and manufacturing site teams
  • Review, manage and where required prepare responses to internal and external customer enquiries in relation to information and cyber security arrangements
  • Support IT, procurement, legal, data protection and digital security and business stakeholder in relation to supplier information and cyber security due diligence and requirements
  • Lead risk-based party security assurance, management, and continuous improvement activities
  • Facilitate and coordinate IT risk management risk register, tools, process, reporting and review
  • Manage a subset of aspects of ISO 27001 related documentation and control activities
  • Manage and continuously improve I&T and Security risks processes in accordance with company risk appetite and tolerance
  • Engage risk review and assurance activities across existing suppliers
  • Provide IT and business advice on aspects of security standards and regulations
What we offer
What we offer
  • Competitive salary
  • Company bonus
  • Pension scheme
  • Life assurance
  • Income protection
  • 25 days holiday plus bank holidays
  • Electric Car / Bike to Work schemes
  • Fulltime
Read More
Arrow Right

Information and Technology Governance & Risk Lead

Reporting to Head of I&T GRC, Governance and Risk Lead will be responsible for d...
Location
Location
United Kingdom , Milton Keynes
Salary
Salary:
Not provided
dssmith.com Logo
DS Smith
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Working knowledge of technology and security standards, controls and consequences across both IT and manufacturing environments in manufacturing or similar industries
  • Experience working with information security standards and frameworks such as and regulations such as ISO27001, NIST CSF, PCI DSS, NISD and NIS2
  • Proven analytical, problem-solving, planning, project delivery and supplier work packages management skills
  • Demonstrable experience of engaging across all levels of a company in relation to information and cyber security risks
  • Working towards or achieved professional certifications (ISO27001 lead, ISC2, CISM or CRISC) advantageous
Job Responsibility
Job Responsibility
  • Driving information and cyber security awareness
  • Delivering security awareness training including phishing and facilitation of cyber scenario desktop simulations across central and manufacturing site teams
  • Reviewing, managing and where required preparing responses to internal and external customer enquiries in relation to information and cyber security arrangements
  • Supporting IT, procurement, legal, data protection and digital security and business stakeholder in relation to supplier information and cyber security due diligence and requirements
  • Leading risk-based party security assurance, management, and continuous improvement activities
  • Facilitating and coordinating IT risk management risk register, tools, process, reporting and review
  • Managing a subset of aspects of ISO 27001 related documentation and control activities
  • Managing and continuously improving I&T and Security risks processes in accordance with company risk appetite and tolerance
  • Engaging risk review and assurance activities across existing suppliers
  • Providing IT and business advice on aspects of security standards and regulations
What we offer
What we offer
  • Competitive salary
  • Company bonus
  • Pension scheme
  • Life assurance
  • Income protection
  • 25 days holiday plus bank holidays
  • Electric Car / Bike to Work schemes
  • Fulltime
Read More
Arrow Right
New

Senior IT Security Compliance Analyst

The Compliance Analyst is a member of the Nintex Security Team and partners with...
Location
Location
Malaysia , Kuala Lumpur
Salary
Salary:
Not provided
nintex.com Logo
Nintex
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Information Security, Information Technology, Risk Management, Business, or a related field, or equivalent practical experience.
  • A proven track of at least 5 years working experience with common compliance and assurance frameworks such as SOC 2, ISO/IEC 27001, GDPR, HIPAA, FedRAMP, or similar international regulatory standards.
  • Relevant certifications are preferred but not required, including: CISA, CRISC, CISSP, CCSK, ISO 27001 Lead Implementer/Auditor, or related compliance or risk certifications.
  • Familiarity with common IT infrastructure, SaaS based cloud services, identity and access management concepts, and security tooling sufficient to assess control design and operational effectiveness (hands‑on administration is not required).
Job Responsibility
Job Responsibility
  • Coordinate the full compliance lifecycle, including gap analysis, remediation planning, audit execution, and continuous compliance monitoring.
  • Prepare the organization for new and evolving compliance frameworks by coordinating assessments, audits, self-assessments, and evidence collection and review activities.
  • Develop, maintain, and review compliance related documentation to support training, awareness, and sustained operational effectiveness.
  • Support the Revenue team by answering Security-related questions from customers and prospects.
  • Assist with curating content for ongoing Security training requirements, ensuring completion targets are met.
  • Collaborate with globally distributed stakeholders across Engineering, IT, Product, HR, Legal, and other business functions to support consistent implementation of compliance requirements.
  • Serve as a primary liaison for audit coordination, including facilitating interviews, walkthroughs, and evidence requests.
  • Provide guidance and training to internal teams on compliance initiatives and audit readiness.
  • Support adherence to Nintex governance, risk, and compliance standards by assisting with the creation, review and updates of information security policies and procedures.
  • Ensure compliance activities align with internal guidelines and approved risk management practices.
What we offer
What we offer
  • Global Gratitude and Recharge Days
  • Flexible, paid time off policy
  • Employee wellness programs and counseling resources
  • Meaningful peer recognition and awards
  • Paid parental leave
  • Invention/patenting assistance
  • Community impact, paid volunteer time, and opportunities
  • Intercultural learning and celebration
  • Multiple tools through which to learn and grow, and an incredible global community
  • Fulltime
Read More
Arrow Right