CrawlJobs Logo

Risk & Assurance Manager - IT & Infosec

softcat.com Logo

Softcat

Location Icon

Location:
United Kingdom , Manchester

Category Icon
Category:
IT - Administration

Job Type Icon

Contract Type:
Employment contract

Salary Icon

Salary:

Not provided
Save Job
Save Icon
Apply Position

Job Description:

This role focuses on managing and enhancing the IT and Information Security risk landscape. Reporting directly to the Head of Risk and Assurance, you will play a key role in embedding effective risk management practices across Softcat's technology and cybersecurity domains.

Job Responsibility:

  • Partnering with senior IT, Security, and business leaders to embed risk management practices into operational processes and strategic initiatives
  • Owning and maintaining IT Risk and Control Matrices (RCMs), ensuring they remain current, comprehensive, and aligned with industry standards and audit expectations
  • Reviewing effectiveness of first line functions in testing and validation of key IT controls (e.g., access management, change control, incident response, vulnerability management), ensuring effectiveness and consistency
  • Leading in the review and enhancement of IT and infosec risk and control frameworks (e.g., ISO 27001, ITIL, ISO22301, NIST), ensuring alignment with business objectives and regulatory requirements
  • Coordinating and representing IT risk in internal, external audits and certification processes (e.g., ISO 27001, Cyber Essentials, ISO22301, etc.), acting as the primary point of contact

Requirements:

  • Minimum 5 years of experience in second-line risk management or internal audit, with a strong focus on IT or Information Security
  • Experience in consultancy or professional services, with a proven ability to support complex transformation or change programmes is preferred
  • Demonstrated leadership in delivering IT risk or audit initiatives, including managing projects, mentoring team members, and driving outcomes
  • Strong knowledge of industry frameworks and standards, such as ISO 27001, NIST, CIS Controls, and regulatory requirements like GDPR
  • Proven ability to engage and influence stakeholders across IT, Information Security, and business functions, building trusted relationships at all levels

Nice to have:

Experience in consultancy or professional services, with a proven ability to support complex transformation or change programmes

What we offer:
  • Pension
  • Share incentive plan
  • Life Assurance
  • Healthcare
  • Holiday
  • Trips
  • Vouchers
  • Partner/family Benefits
  • Perklife
  • Maternity, Paternity and Adoption support

Additional Information:

Job Posted:
December 26, 2025

Employment Type:
Fulltime
Work Type:
Hybrid work
Icon
Softcat - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon
PREMIUM
More languages and countries
+ Unlock 31694 hidden job offers
Languages
English Čeština Deutsch Ελληνικά Español Français +15
Countries
United States United Kingdom India Canada Australia +
See plans
Plans from $2.99 / month

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Risk & Assurance Manager - IT & Infosec

Cyber Security Manager

As the Security Manager, you will be part of an InfoSec team that manage the del...
Location
Location
United Kingdom
Salary
Salary:
Not provided
necsws.com Logo
NEC Software Solutions
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Demonstrable Experience in an IT role, with a strong understanding of security concepts/fundamentals
  • Proven experience working in an IT security role
  • Strong knowledge of cybersecurity frameworks, standards, and regulations
  • A good understanding of an approach to risk management
  • Experience in writing comprehensive responses to security questionnaires or bids
  • A strong focus on business outcomes
  • Strong and demonstrated team working experience
  • High degree of personal motivation and ability to self-manage
  • Ability to communicate security and technical solutions to non-technical or security resources
  • Comfortable with collaboration, open communication and reaching across a range of functions and teams
Job Responsibility
Job Responsibility
  • Work within the InfoSec team to support the key activities
  • Provide consistent and qualified responses to tenders and assurance questionnaires from customers
  • Produce and maintain security assurance documentation required for accreditation
  • Ensure compliance with relevant security standards, service management procedures, regulations, and industry best practices
  • Schedule security testing and create remediation plans from the test reports- seeing remediation through to completion
  • Contribute to process documentation and policy review
  • Conduct security assessments and audits on people, process and technology within NEC
  • Assist in security incident management and vulnerability management
What we offer
What we offer
  • Private Medical Cover funded by NEC for Employees (with the option to add family members at an additional cost)
  • 25 days paid holiday with the option to buy/sell (FTE)
  • 4 x basic salary life assurance cover funded by NEC (with the option to increase cover at an additional cost)
  • A Group Pension Plan with fantastic employer contributions up to a maximum of 8.5%
  • A selection of flexible benefits to suit your individual needs
  • All colleagues get free access to LinkedIn Learning. Over 15000 courses covering a huge breadth of subjects
  • Fulltime
Read More
Arrow Right

Cyber Security Manager

As the Security Manager, you will be part of an InfoSec team that manage the del...
Location
Location
United Kingdom
Salary
Salary:
Not provided
necsws.com Logo
NEC Software Solutions
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Demonstrable Experience in an IT role, with a strong understanding of security concepts/fundamentals
  • Proven experience working in an IT security role
  • Strong knowledge of cybersecurity frameworks, standards, and regulations
  • A good understanding of an approach to risk management
  • Experience in writing comprehensive responses to security questionnaires or bids
  • A strong focus on business outcomes
  • Strong and demonstrated team working experience
  • High degree of personal motivation and ability to self-manage
  • Ability to communicate security and technical solutions to non-technical or security resources
  • Comfortable with collaboration, open communication and reaching across a range of functions and teams
Job Responsibility
Job Responsibility
  • Provide consistent and qualified responses to tenders and assurance questionnaires from customers
  • Produce and maintain security assurance documentation required for accreditation
  • Ensure compliance with relevant security standards, service management procedures, regulations, and industry best practices
  • Schedule security testing and create remediation plans from the test reports
  • Contribute to process documentation and policy review
  • Conduct security assessments and audits on people, process and technology within NEC
  • Assist in security incident management and vulnerability management
What we offer
What we offer
  • Private Medical Cover funded by NEC for Employees
  • 25 days paid holiday with the option to buy/sell
  • 4 x basic salary life assurance cover funded by NEC
  • A Group Pension Plan with fantastic employer contributions up to a maximum of 8.5%
  • A selection of flexible benefits to suit your individual needs
  • Fulltime
Read More
Arrow Right

Head of IT

The Head of IT is responsible for overseeing the organisation's core technology ...
Location
Location
United Kingdom
Salary
Salary:
Not provided
admiralgroup.co.uk Logo
Admiral Group Plc
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Strong understanding of infrastructure
  • Experience with monitoring, alerting and observability
  • Knowledge of cybersecurity principles and vulnerability management
  • Understanding of integrations, API's and application ecosystems
  • Experience managing third-party technology platforms
  • Experience in technology management or technical operations roles
  • Experience setting and delivering technology strategy
  • Experience with change management and vendor governance
  • Familiarity with tender processes and contract management
  • Strategic thinker with strong decision-making
Job Responsibility
Job Responsibility
  • Develop and maintain the organisation's technology strategy and multi-year roadmap
  • Translate strategic goals into actionable technical plans, ensuring alignment with business priorities
  • Partner with Strategy, IT, Operations and supplier teams to ensure delivery against agreed outcomes
  • Identifying emerging technologies, trends and opportunities that could enhance performance, automation and resilience for the future
  • Own the end-to-end lifecycle of the technology stack, including infrastructure, applications, integrations and monitoring tools
  • Maintain architectural documentation, standards and minimum service expectations
  • Oversee capacity and performance planning to ensure scalability and resilience
  • Act as the primary technical owner for File Dynamics, ensuring platform meets service levels, roadmap commitments and compliance standards
  • Maintain strong supplier governance including performance reviews, audit readiness and issue remediation
  • Manage integration touchpoints, platform configuration and change cycles
What we offer
What we offer
  • Financial & Mortgage Advice
  • 24-Hour Ecare
  • Cycle to Work Scheme
  • Annual Holiday Allowance
  • Flexible Working
  • Simply Health
  • Private Health Cover
  • Critical Illness Cover
  • Fulltime
Read More
Arrow Right

Local ISO

The Local ISO is functionally reporting to the Regional CISO of CTO2. The Inform...
Location
Location
Hungary , Budapest
Salary
Salary:
Not provided
https://www.allianz.com Logo
Allianz
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • English fluent
  • Very good knowledge in Information Security Governance (min 6 years of experience in this field)
  • Experienced in conducting risk assessments
  • Experienced in process design and improvement, change management
  • Experienced in Security frameworks
  • Applying analytical thinking, methodological and conceptual as well as consulting, communication and collaboration skills with autonomy
  • Ability to communicate and explain the context of need for control, regulations etc. and the benefits of taking action
  • An understanding of the three lines of defense model and relationship of the InfoSec with other control functions
  • Methodical and structured approach
Job Responsibility
Job Responsibility
  • Enforce information security (including controls) to ensure compliance with the Allianz SE Group and Technology Information Security Frameworks
  • Perform Risks assessments (internal processes, supplier management)
  • Advise Allianz Technology employees in all information security related matters
  • Manage and/or raise to Allianz Technology ISO central team, all issues pertaining to information security
  • Support of the annual compliance reporting process for their area of responsibility and ensuring timely delivery of results
  • Communicate applicable corporate rules relevant to information security in their area of responsibility
  • Coordinate information security-related activities of their area of responsibility and provide information as necessary to relevant control functions, in particular Risk, Data Privacy, Compliance and Internal Audit
  • Report risks and actions to Local Executive Body
  • Perform Asset Risk Assurance process
  • Report risks and actions to Local Executive Body, share risks with our customers
What we offer
What we offer
  • We offer a hybrid work model which recognizes the value of striking a balance between in-person collaboration and remote working incl. up to 25 days per year working from abroad
  • We believe in rewarding performance and our compensation and benefits package includes a company bonus scheme, pension, employee shares program and multiple employee discounts (details vary by location)
  • From career development and digital learning programs to international career mobility, we offer lifelong learning for our employees worldwide and an environment where innovation, delivery and empowerment are fostered
  • Flexible working, health and wellbeing offers (including healthcare and parental leave benefits) support to balance family and career and help our people return from career breaks with experience that nothing else can teach
  • Fulltime
Read More
Arrow Right

Lead Cyber Security Analyst

Lead Cyber Security Analyst | Asset Manager | £140k + Bonus. You will take end-t...
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
weareorbis.com Logo
Orbis Consultants
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience as a Cyber Lead in a small-to-mid sized organisation or Senior/Lead engineer from a cyber security vendor or MSP
  • Azure cloud experience is essential
  • Familiarity with Zero Trust networking concepts (Azure-based)
  • Broad knowledge of modern InfoSec tooling and practices
  • Exposure to AI and its impact on cyber security is a strong plus
Job Responsibility
Job Responsibility
  • Owning and evolving security policies, standards and procedures
  • Managing and challenging third party security vendors and MSPs
  • Leading audit and assurance activities
  • Oversight of DLP, penetration testing, vulnerability management, and incident response
  • Advising the business on emerging risks, including AI-driven security threats
What we offer
What we offer
  • Bonus
  • Fulltime
Read More
Arrow Right

Lead Cyber Security Analyst

Lead Cyber Security Analyst/InfoSec Officer | Asset Manager | £200k TC. I’m work...
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
weareorbis.com Logo
Orbis Consultants
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience as a Cyber Lead in a small-to-mid sized organisation or Senior/Lead engineer from a cyber security vendor or MSP
  • Azure cloud experience is essential
  • Familiarity with Zero Trust networking concepts (Azure-based)
  • Broad knowledge of modern InfoSec tooling and practices
  • Exposure to AI and its impact on cyber security is a strong plus
Job Responsibility
Job Responsibility
  • Owning and evolving security policies, standards and procedures
  • Managing and challenging third party security vendors and MSPs
  • Leading audit and assurance activities
  • Oversight of DLP, penetration testing, vulnerability management, and incident response
  • Advising the business on emerging risks, including AI-driven security threats
  • Fulltime
Read More
Arrow Right

Senior Cloud Security Engineer

The Cyber Security Engineer will support the Information Security team in safegu...
Location
Location
United States , Fremont
Salary
Salary:
137000.00 - 287000.00 USD / Year
lamresearch.com Logo
Lam Research
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Solid foundation in Information Security Engineering with deep hands-on experience in Azure security
  • Experience in one or more of the following tools: Defender for Cloud, Wiz, Orca
  • Bachelor’s degree or Advanced Degree in Computer Science, Information Technology, Cybersecurity, or related discipline
  • 7+ years of experience in an Information Security role
  • 5+ years of experience with Microsoft Azure
  • Strong vulnerability management fundamentals
  • At least one of the following processional certifications required: Security+, CISSP, CISA, CISM, CEH, OSCP, GMON
  • Ability to communicate effectively, both verbal and written to a variety of audiences (immediate team, management, other business units) to provide guidance and direction when resolving technical challenges
Job Responsibility
Job Responsibility
  • Own configuration, policy, and governance for Microsoft Defender for Cloud or other CSPM tools
  • Manage and operate cloud security posture management (CSPM) platforms (such as Wiz, Orca, or Defender for Cloud) including configuring policies, monitoring findings, analyzing risks, and working with stakeholders to remediate vulnerabilities
  • Provide technical expertise in interpreting findings, correlating them to risk and translating them into actionable remediation plans
  • Perform security reviews and architecture assessments of cloud solutions to identify gaps and recommend mitigation strategies
  • Develop KPIs and executive reporting metrics to measure cloud security program effectiveness and communicate outcomes to leadership
  • Work closely with Information Systems, Cloud Operations, and other Infosec teams to assure remediation and architecture changes to align with security recommendations
  • Contribute to the development and implementation of security principles, standards, baselines, and blueprints tailored for Azure
  • Fulltime
Read More
Arrow Right

Security Architecture Lead

WHOOP is seeking a Security Architecture Lead to help shape secure, scalable des...
Location
Location
United States , Boston
Salary
Salary:
185000.00 - 200000.00 USD / Year
whoop.com Logo
Whoop
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7–10+ years in security architecture, product security, or senior security engineering roles supporting modern distributed systems
  • Strong understanding of secure system design, identity and access patterns, API and application security, and cloud-native architecture (AWS preferred)
  • Experience reviewing and guiding threat models in real engineering environments
  • Interest or experience in securing AI/LLM integrations or developing standards for responsible AI usage
  • Ability to influence and collaborate effectively across engineering, product, IT, and security
  • Familiarity with SOC 2, ISO 27001, GDPR, PCI, HIPAA-aligned security requirements, and NIST 800-53 or similar high-assurance control frameworks
  • Ability to translate regulatory and high-assurance control expectations into practical engineering patterns
  • Exceptional written and verbal communication, including design feedback and technical documentation
  • High integrity, sound judgment, and a pragmatic, solution-oriented mindset
Job Responsibility
Job Responsibility
  • Provide architectural oversight across product, platform, and internal systems, ensuring scalable, secure patterns that support WHOOP’s long-term growth
  • Advise InfoSec and IT on secure, scalable approaches for SIEM/logging pipelines, identity integrations, privileged access, SaaS integrations, and foundational security tooling
  • Define the target-state architecture for vulnerability management across product, cloud, and internal systems, transitioning from spreadsheets to integrated, automated workflows
  • Serve as the technical evaluator for high-risk vendors and integrations, validating architecture, controls, and data flows as part of the TPRA process
  • Map WHOOP’s architecture to frameworks required for future regulated or government-oriented verticals (i.e., NIST 800-53, AI governance standards, healthcare/biometric requirements) and help shape the roadmap toward readiness
  • Contribute to the design of scalable, secure patterns for AI usage across WHOOP, including MCP governance, LLM API integrations, and AI-enabled product features
  • Partner with Product Security and Engineering to provide secure design input for identity flows, API/WAF strategy, backend services, data paths, and new product features
  • Review threat models and design documents with Product Security and Engineering, identifying assumptions, systemic risks, and missing mitigations
  • Integrate security into engineering workflows through practical, reusable patterns and clear expectations
  • Produce clear, actionable architectural guidance and documentation used across engineering, product, and security
What we offer
What we offer
  • competitive base salaries
  • meaningful equity
  • benefits
  • generous equity package
  • Fulltime
Read More
Arrow Right