CrawlJobs Logo

Risk & Assurance Manager - IT & Infosec

softcat.com Logo

Softcat

Location Icon

Location:
United Kingdom , Manchester

Category Icon
Category:
IT - Administration

Job Type Icon

Contract Type:
Employment contract

Salary Icon

Salary:

Not provided
Save Job
Save Icon
Apply Position

Job Description:

This role focuses on managing and enhancing the IT and Information Security risk landscape. Reporting directly to the Head of Risk and Assurance, you will play a key role in embedding effective risk management practices across Softcat's technology and cybersecurity domains.

Job Responsibility:

  • Partnering with senior IT, Security, and business leaders to embed risk management practices into operational processes and strategic initiatives
  • Owning and maintaining IT Risk and Control Matrices (RCMs), ensuring they remain current, comprehensive, and aligned with industry standards and audit expectations
  • Reviewing effectiveness of first line functions in testing and validation of key IT controls (e.g., access management, change control, incident response, vulnerability management), ensuring effectiveness and consistency
  • Leading in the review and enhancement of IT and infosec risk and control frameworks (e.g., ISO 27001, ITIL, ISO22301, NIST), ensuring alignment with business objectives and regulatory requirements
  • Coordinating and representing IT risk in internal, external audits and certification processes (e.g., ISO 27001, Cyber Essentials, ISO22301, etc.), acting as the primary point of contact

Requirements:

  • Minimum 5 years of experience in second-line risk management or internal audit, with a strong focus on IT or Information Security
  • Experience in consultancy or professional services, with a proven ability to support complex transformation or change programmes is preferred
  • Demonstrated leadership in delivering IT risk or audit initiatives, including managing projects, mentoring team members, and driving outcomes
  • Strong knowledge of industry frameworks and standards, such as ISO 27001, NIST, CIS Controls, and regulatory requirements like GDPR
  • Proven ability to engage and influence stakeholders across IT, Information Security, and business functions, building trusted relationships at all levels

Nice to have:

Experience in consultancy or professional services, with a proven ability to support complex transformation or change programmes

What we offer:
  • Pension
  • Share incentive plan
  • Life Assurance
  • Healthcare
  • Holiday
  • Trips
  • Vouchers
  • Partner/family Benefits
  • Perklife
  • Maternity, Paternity and Adoption support

Additional Information:

Job Posted:
December 26, 2025

Employment Type:
Fulltime
Work Type:
Hybrid work
Icon
Softcat - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Risk & Assurance Manager - IT & Infosec

New

Cyber Security Manager

As the Security Manager, you will be part of an InfoSec team that manage the del...
Location
Location
United Kingdom
Salary
Salary:
Not provided
necsws.com Logo
NEC Software Solutions
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Demonstrable Experience in an IT role, with a strong understanding of security concepts/fundamentals
  • Proven experience working in an IT security role
  • Strong knowledge of cybersecurity frameworks, standards, and regulations
  • A good understanding of an approach to risk management
  • Experience in writing comprehensive responses to security questionnaires or bids
  • A strong focus on business outcomes
  • Strong and demonstrated team working experience
  • High degree of personal motivation and ability to self-manage
  • Ability to communicate security and technical solutions to non-technical or security resources
  • Comfortable with collaboration, open communication and reaching across a range of functions and teams
Job Responsibility
Job Responsibility
  • Work within the InfoSec team to support the key activities
  • Provide consistent and qualified responses to tenders and assurance questionnaires from customers
  • Produce and maintain security assurance documentation required for accreditation
  • Ensure compliance with relevant security standards, service management procedures, regulations, and industry best practices
  • Schedule security testing and create remediation plans from the test reports- seeing remediation through to completion
  • Contribute to process documentation and policy review
  • Conduct security assessments and audits on people, process and technology within NEC
  • Assist in security incident management and vulnerability management
What we offer
What we offer
  • Private Medical Cover funded by NEC for Employees (with the option to add family members at an additional cost)
  • 25 days paid holiday with the option to buy/sell (FTE)
  • 4 x basic salary life assurance cover funded by NEC (with the option to increase cover at an additional cost)
  • A Group Pension Plan with fantastic employer contributions up to a maximum of 8.5%
  • A selection of flexible benefits to suit your individual needs
  • All colleagues get free access to LinkedIn Learning. Over 15000 courses covering a huge breadth of subjects
  • Fulltime
Read More
Arrow Right

Cyber Security Manager

As the Security Manager, you will be part of an InfoSec team that manage the del...
Location
Location
United Kingdom
Salary
Salary:
Not provided
necsws.com Logo
NEC Software Solutions
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Demonstrable Experience in an IT role, with a strong understanding of security concepts/fundamentals
  • Proven experience working in an IT security role
  • Strong knowledge of cybersecurity frameworks, standards, and regulations
  • A good understanding of an approach to risk management
  • Experience in writing comprehensive responses to security questionnaires or bids
  • A strong focus on business outcomes
  • Strong and demonstrated team working experience
  • High degree of personal motivation and ability to self-manage
  • Ability to communicate security and technical solutions to non-technical or security resources
  • Comfortable with collaboration, open communication and reaching across a range of functions and teams
Job Responsibility
Job Responsibility
  • Provide consistent and qualified responses to tenders and assurance questionnaires from customers
  • Produce and maintain security assurance documentation required for accreditation
  • Ensure compliance with relevant security standards, service management procedures, regulations, and industry best practices
  • Schedule security testing and create remediation plans from the test reports
  • Contribute to process documentation and policy review
  • Conduct security assessments and audits on people, process and technology within NEC
  • Assist in security incident management and vulnerability management
What we offer
What we offer
  • Private Medical Cover funded by NEC for Employees
  • 25 days paid holiday with the option to buy/sell
  • 4 x basic salary life assurance cover funded by NEC
  • A Group Pension Plan with fantastic employer contributions up to a maximum of 8.5%
  • A selection of flexible benefits to suit your individual needs
  • Fulltime
Read More
Arrow Right

Local ISO

The Local ISO is functionally reporting to the Regional CISO of CTO2. The Inform...
Location
Location
Hungary , Budapest
Salary
Salary:
Not provided
https://www.allianz.com Logo
Allianz
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • English fluent
  • Very good knowledge in Information Security Governance (min 6 years of experience in this field)
  • Experienced in conducting risk assessments
  • Experienced in process design and improvement, change management
  • Experienced in Security frameworks
  • Applying analytical thinking, methodological and conceptual as well as consulting, communication and collaboration skills with autonomy
  • Ability to communicate and explain the context of need for control, regulations etc. and the benefits of taking action
  • An understanding of the three lines of defense model and relationship of the InfoSec with other control functions
  • Methodical and structured approach
Job Responsibility
Job Responsibility
  • Enforce information security (including controls) to ensure compliance with the Allianz SE Group and Technology Information Security Frameworks
  • Perform Risks assessments (internal processes, supplier management)
  • Advise Allianz Technology employees in all information security related matters
  • Manage and/or raise to Allianz Technology ISO central team, all issues pertaining to information security
  • Support of the annual compliance reporting process for their area of responsibility and ensuring timely delivery of results
  • Communicate applicable corporate rules relevant to information security in their area of responsibility
  • Coordinate information security-related activities of their area of responsibility and provide information as necessary to relevant control functions, in particular Risk, Data Privacy, Compliance and Internal Audit
  • Report risks and actions to Local Executive Body
  • Perform Asset Risk Assurance process
  • Report risks and actions to Local Executive Body, share risks with our customers
What we offer
What we offer
  • We offer a hybrid work model which recognizes the value of striking a balance between in-person collaboration and remote working incl. up to 25 days per year working from abroad
  • We believe in rewarding performance and our compensation and benefits package includes a company bonus scheme, pension, employee shares program and multiple employee discounts (details vary by location)
  • From career development and digital learning programs to international career mobility, we offer lifelong learning for our employees worldwide and an environment where innovation, delivery and empowerment are fostered
  • Flexible working, health and wellbeing offers (including healthcare and parental leave benefits) support to balance family and career and help our people return from career breaks with experience that nothing else can teach
  • Fulltime
Read More
Arrow Right

Lead Cyber Security Analyst

Lead Cyber Security Analyst/InfoSec Officer | Asset Manager | £200k TC. I’m work...
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
weareorbis.com Logo
Orbis Consultants
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience as a Cyber Lead in a small-to-mid sized organisation or Senior/Lead engineer from a cyber security vendor or MSP
  • Azure cloud experience is essential
  • Familiarity with Zero Trust networking concepts (Azure-based)
  • Broad knowledge of modern InfoSec tooling and practices
  • Exposure to AI and its impact on cyber security is a strong plus
Job Responsibility
Job Responsibility
  • Owning and evolving security policies, standards and procedures
  • Managing and challenging third party security vendors and MSPs
  • Leading audit and assurance activities
  • Oversight of DLP, penetration testing, vulnerability management, and incident response
  • Advising the business on emerging risks, including AI-driven security threats
  • Fulltime
Read More
Arrow Right

Security Architecture Lead

WHOOP is seeking a Security Architecture Lead to help shape secure, scalable des...
Location
Location
United States , Boston
Salary
Salary:
185000.00 - 200000.00 USD / Year
whoop.com Logo
Whoop
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7–10+ years in security architecture, product security, or senior security engineering roles supporting modern distributed systems
  • Strong understanding of secure system design, identity and access patterns, API and application security, and cloud-native architecture (AWS preferred)
  • Experience reviewing and guiding threat models in real engineering environments
  • Interest or experience in securing AI/LLM integrations or developing standards for responsible AI usage
  • Ability to influence and collaborate effectively across engineering, product, IT, and security
  • Familiarity with SOC 2, ISO 27001, GDPR, PCI, HIPAA-aligned security requirements, and NIST 800-53 or similar high-assurance control frameworks
  • Ability to translate regulatory and high-assurance control expectations into practical engineering patterns
  • Exceptional written and verbal communication, including design feedback and technical documentation
  • High integrity, sound judgment, and a pragmatic, solution-oriented mindset
Job Responsibility
Job Responsibility
  • Provide architectural oversight across product, platform, and internal systems, ensuring scalable, secure patterns that support WHOOP’s long-term growth
  • Advise InfoSec and IT on secure, scalable approaches for SIEM/logging pipelines, identity integrations, privileged access, SaaS integrations, and foundational security tooling
  • Define the target-state architecture for vulnerability management across product, cloud, and internal systems, transitioning from spreadsheets to integrated, automated workflows
  • Serve as the technical evaluator for high-risk vendors and integrations, validating architecture, controls, and data flows as part of the TPRA process
  • Map WHOOP’s architecture to frameworks required for future regulated or government-oriented verticals (i.e., NIST 800-53, AI governance standards, healthcare/biometric requirements) and help shape the roadmap toward readiness
  • Contribute to the design of scalable, secure patterns for AI usage across WHOOP, including MCP governance, LLM API integrations, and AI-enabled product features
  • Partner with Product Security and Engineering to provide secure design input for identity flows, API/WAF strategy, backend services, data paths, and new product features
  • Review threat models and design documents with Product Security and Engineering, identifying assumptions, systemic risks, and missing mitigations
  • Integrate security into engineering workflows through practical, reusable patterns and clear expectations
  • Produce clear, actionable architectural guidance and documentation used across engineering, product, and security
What we offer
What we offer
  • competitive base salaries
  • meaningful equity
  • benefits
  • generous equity package
  • Fulltime
Read More
Arrow Right

Secops Lead

Serves as the Lead Cybersecurity Operations (SECOPS) contractor, providing senio...
Location
Location
United States , Washington, DC
Salary
Salary:
Not provided
aac.com Logo
AAC
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Demonstrated ability to guide technical discussions and provide expert advisory support to senior government officials, including the CISO, system owners, SOC staff, and executive leadership, while operating under government direction
  • Proven experience as a SOC Lead or Senior Team Lead, successfully coordinating with managed security service providers (MSSPs) and external cybersecurity partners (e.g., CISA, CYBERCOM) in support of incident response (IR), incident handling (IH), and vulnerability management (VM) activities), including mitigating actions to contain activity and facilitating forensics analysis when necessary
  • Documented experience conducting and guiding in-depth technical evaluations of INFOSEC, IT security, and cybersecurity tactics, techniques, and procedures (TTPs), including their impact on baseline system configurations
  • Demonstrated proficiency providing cybersecurity posture assessments, hygiene reporting, and technical input in support of Governance, Risk, and Compliance (GRC) activities and continuous monitoring programs
  • Experience providing incident response support to network subscribers, including recommending mitigating actions, supporting containment efforts, and facilitating forensic analysis under government oversight
  • Demonstrated expertise in log-based and endpoint-based threat detection, threat hunting, and analysis across multiple threat sources
  • Strong technical knowledge of web services security, Microsoft cloud environments (Azure, M365), and modern enterprise security architectures
  • Advanced experience evaluating the security of complex web portals, APIs, and databases (e.g., Java, Ruby, SQL, Oracle) using commercial and open-source security assessment tools such as SQLmap and mongoaudit
  • Near-expert proficiency in: Web application security testing frameworks (e.g., NMAP, W3af)
  • Continuous monitoring and remediation tools (e.g., Azure Security Center, Defender for Cloud, Qualys, Wireshark)
Job Responsibility
Job Responsibility
  • Serves as the Lead Cybersecurity Operations (SECOPS) contractor, providing senior-level technical leadership and operational support to the Agency’s IT Security Program
  • Supports and coordinates SECOPS activities under government direction and maintains technical inputs to the Agency’s IT Security Program
  • Provides senior technical advisory support to the Chief Information Security Officer (CISO) on developments in cybersecurity, information security (INFOSEC), and IT security, including emerging threat vectors, advanced persistent threats (APTs), attack surface analysis, and identified weaknesses
  • Supports Agency-level technical implementation of approved cybersecurity policies, standards, and directives by developing technical documentation, implementation guidance, and draft procedures for government review and approval
  • Leads day-to-day contractor cybersecurity operations activities within the SECOPS function, supporting government-led oversight of systems and services that impact the Agency’s mission and critical infrastructure
  • Implements and administers cybersecurity incident handling (IH) and incident response (IR) capabilities, including SIEM dashboards, detection inputs, incident response playbooks, and operational metrics, to improve efficiency and effectiveness of security operations
  • Facilitates and coordinates SECOPS activities in support of the Agency’s Information Security (INFOSEC) Program, assisting Agency system security personnel and Information System Security Officers (ISSOs)
  • Serves as the senior technical advisor for threat, vulnerability, and configuration management activities, providing threat intelligence analysis, mitigation recommendations, and defensive strategy insights to Agency stakeholders
  • Fulltime
Read More
Arrow Right
New

Technical Lead – Digital Software (Full Stack)

Glide is an innovative embedded software & hardware solutions provider with a se...
Location
Location
India , Ahmedabad
Salary
Salary:
Not provided
Glide Technology Pvt Ltd
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Minimum 8 years experience in full-stack
  • Minimum 2 years as a technical lead
  • Minimum 2 years of IoT applications
  • In-depth cloud expertise in building solutions based on AWS and/or Azure services or custom cloud
  • Full-stack proficiency: C#, .Net, Java, Javascript, C++, Python, Angular.js/React.js, Node.js, databases (NoSQL and SQL)
  • Project management and systems administration skills
  • Familiarity with Rest API, Micro Frontends, Web Sockets, MQTT architecture
  • Testing proficiency includes JUnit, TDD (Cucumber), PyTest, and Mockito frameworks
  • DevOps experience: Bamboo, Bitbucket, Jira, Sonar for continuous delivery pipelines
  • Experienced in leading projects with a team of 4+ engineers
Job Responsibility
Job Responsibility
  • Meet client needs with end-to-end digital solutions, concept to execution
  • Lead innovative delivery of cloud and mobile solutions in IoT landscapes
  • Lead, guide team for successful projects through effective leadership and direction
  • Establish, enforce design/debugging best practices for top-tier software quality
  • Excel in communication, collaboration, mentoring for a positive, productive team
Read More
Arrow Right
New

Pharmacy Intern

You’ve invested a lot of time and energy in your education. Now you want the cha...
Location
Location
United States , Edinboro
Salary
Salary:
18.00 - 19.75 USD / Hour
https://www.cvshealth.com/ Logo
CVS Health
Expiration Date
March 01, 2026
Flip Icon
Requirements
Requirements
  • Accepted into, or actively enrolled in, an ACPE accredited college or school of pharmacy
  • Must possess, or be in the process of obtaining, valid intern and/or technician licensure as required
  • Regular and predictable attendance, including nights and weekends
  • Ability to complete required training within designated timeframe
  • Ability to concentrate on a task over a period of time
  • Ability to pivot quickly from one task to another to meet patient and business needs
  • Ability to confirm prescription information and label accuracy, ensuring patient safety
  • Actively look for ways to help people, and do so in a friendly manner
  • Notice and understand patients’ reactions, and respond appropriately
  • Use and understand verbal and written communication to interact with patients and colleagues
Job Responsibility
Job Responsibility
  • Living our purpose by following all company SOPs at each workstation to help our Pharmacists and Technicians manage and improve patient health
  • Following pharmacy workflow procedures at each pharmacy workstation (i.e., production, pick-up, drive-thru, and drop-off) for safe and accurate prescription fulfillment
  • Contributing to positive patient experiences showing empathy and genuine care: creating heartfelt and personalized moments while serving patients at pick-up, drive-thru, and over the phone
  • keeping patients healthy by offering immunizations and other services at the register and over the phone
  • and demonstrating compassionate care by solving or escalating patient problems
  • Offering to counsel, fielding medical questions, and soliciting information on a patient’s medical history to provide optimal care, when appropriate under the direct supervision of a licensed pharmacist
  • Taking telephonic prescriptions from the prescriber, and calling the prescriber to clarify prescriptions or facilitate medication changes, where allowed by state regulation
  • Maintaining the highest level of self-awareness and providing in-the-moment coaching, training, and mentoring to pharmacy team members while sharing best practices
  • Completing basic inventory activities, as permitted by law, and as directed by the pharmacy leadership team, such as accurately putting away medication deliveries and completing cycle counts, returns-to-stocks, waiting bin inventories, etc.
  • Contributing to a high-performing team, embracing a growth mindset, and being receptive to feedback
Read More
Arrow Right
Jobs by Category
Art and Entertainment Jobs Banking Jobs Call Center Jobs Construction Jobs Consulting Jobs Customer Service Jobs Education Jobs Energy Jobs Finance Jobs Gastronomy Jobs Health and Beauty Jobs Hospitality and Tourism Jobs Human Resources Jobs Insurance Jobs IT - Administration Jobs IT - Software Development Jobs Legal Jobs Logistics Jobs Manufacturing Jobs Marketing, Digital Marketing, SEO, SEM Jobs Media Jobs Nursing Jobs Office Administration Jobs Pharmacy Jobs Physical Work Jobs Public Relations Jobs Public Sector Jobs Purchasing Jobs Quality Control Jobs Real Estate Jobs Research and Development Jobs Sales Jobs
Job Positions Jobs by Country
United States Jobs United Kingdom Jobs India Jobs Canada Jobs Australia Jobs Germany Jobs Ireland Jobs Poland Jobs
Company
Blog About Us Contact
Follow Us
Facebook
X (Twitter)
LinkedIn
Instagram
CrawlJobs Group
ITFlashcards AllDevBlogs
© 2026 CrawlJobs Ltd. All Rights Reserved
Terms & Conditions Privacy Policy