Security Governance & Compliance Analyst - NIST, ISO

Adecco
Cambridge, Cambridgeshire, United Kingdom
Last month
Applications closed

Related Jobs

View all jobs

Senior Cyber & Technology Risk Analyst

Rullion Managed Services London, United Kingdom

Cyber Security Consultant

Marston Search Wolverhampton, United Kingdom

DevSecOps Security Engineer - AWS, Security

Adecco Cambridge, United Kingdom

Cybersecurity Governance (GRC) Manager

ISR Recruitment Qatar
£90,000 – £100,000 pa

Security Architect

SSR General & Management Kendleshire, Gloucestershire, BS36 1AT, United Kingdom
£85,000 pa

Cyber Security Manager

Reed Technology Manchester, United Kingdom
Posted
26 Feb 2026 (Last month)
Share
Save job
Create job alert

Security Governance & Compliance Analyst - NIST, ISO, CMMC
£competitive
Cambridge / Hybrid
Company Overview
One of the UK's most forward‑thinking technology companies, recognised for its innovative approach and regularly making headlines across the public domain.

About the Role
We are seeking a Security Governance & Compliance Analyst to strengthen the organisation's security governance capabilities and ensure ongoing audit readiness. This role involves building structured, scalable compliance processes, supporting external certifications, and enhancing the organisation's overall security maturity.

Working closely with teams across Security, Engineering, Legal, and Procurement, you'll help interpret complex standards, streamline assurance activities, and embed secure‑by‑design practices across the business.

Core Areas of Responsibility

  1. Assurance Activities & Evidence Stewardship
  • Perform routine assurance checks across key security domains including IAM, secure configuration baselines, data protection controls, vulnerability management, and logging/monitoring.
  • Maintain well‑structured, audit‑ready evidence repositories for internal reviews and external assessments.
  • Track findings, control exceptions, and remediation activities through to completion.
  • Escalate material risks or recurring control gaps to senior security stakeholders.

  1. Governance of Compliance Standards & Frameworks
  • Support compliance activities across frameworks such as ISO/IEC 27001:2022, SOC 2 Type II, and CMMC‑aligned requirements.
  • Help coordinate internal and external audits, including evidence preparation, walkthroughs, sampling, and remediation validation.
  • Contribute to a continuous monitoring model rather than point‑in‑time audit preparation.
  • Support the creation, review, and maintenance of policies, standards, and procedures.

  1. Supplier & Partner Assurance
  • Operate a risk‑based supplier assurance framework to evaluate vendor compliance across cloud security, data handling, resilience, and access governance.
  • Review supplier questionnaires and documentation; identify risks and recommend mitigation.
  • Provide compliance sign‑off during procurement and onboarding cycles.
  • Work with Legal and Procurement to ensure contractual and regulatory obligations are addressed.

  1. Process Engineering, Scalability & Continuous Improvement
  • Design and refine scalable governance and compliance workflows that support business growth.
  • Identify opportunities for automation using GRC platforms and workflow tooling.
  • Maintain and update the enterprise risk register.
  • Support internal training and awareness programmes.

    What You'll Bring
  • Experience in security compliance, IT audit, cyber governance, or GRC-related roles.
  • Knowledge of frameworks such as ISO/IEC 27001:2022, SOC 2, NIST standards.
  • Strong understanding of cloud-security principles including IAM, encryption, monitoring, logging, configuration hardening, and shared responsibility models.
  • Ability to translate regulatory and control requirements into clear business processes.
  • Excellent communication skills.
  • Strong organisational and documentation skills.

    Relevant Qualifications
  • ISO 27001 Internal Auditor, Lead Implementer, or Lead Auditor.
  • NIST CSF Practitioner or NIST SP 800‑171/CMMC‑related certifications.
  • CompTIA Security+ or CySA+.
  • (ISC)² CC, SSCP, or CISSP.
  • CISM or CRISC.
  • CISA.
  • AWS Security Specialty, Azure Security Engineer, or Google Cloud Security Engineer.

    Nice to Have
  • Experience in cloud-native, SaaS, or high-growth tech environments.
  • Familiarity with NIST SP 800‑171, NIST CSF, or CMMC frameworks.
  • Understanding of risk methodologies (ISO 31000, FAIR, NIST RMF).
  • Experience with GRC platforms such as Drata, Vanta, Secureframe, Hyperproof, or Tugboat Logic.
  • Experience with AWS security tools including GuardDuty, CloudTrail, KMS, Config, Security Hub.

    About Adecco
    Adecco is acting as an Employment Agency. We are proud to be an equal opportunities employer. We are on the client's supplier list for this position.

    Keywords
    Zero Trust, RBAC, MFA, IAM governance, CSPM, SIEM, SOAR, AWS Config, CloudTrail, GuardDuty, cloud security posture, encryption at rest, encryption in transit, vulnerability scanning, patch management, data classification, DevSecOps, secure SDLC, evidence automation, continuous compliance, threat modelling, risk scoring, audit readiness, SOC 2 Trust Services Criteria, ISO 27001 Annex A controls

Subscribe to Future Tech Insights for the latest jobs & insights, direct to your inbox.

By subscribing, you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Products

Where to Advertise Cyber Security Jobs in the UK (2026 Guide)

Advertising cyber security jobs in the UK requires a different approach to most technical hiring. The candidate pool is small, heavily vetted and in high demand across government, financial services, critical national infrastructure and the private sector simultaneously. Many of the strongest candidates hold active security clearances, are not actively job-searching through general platforms, and move primarily through specialist networks and trusted referrals. General job boards reach a broad audience but lack the specificity that security professionals expect. Specialist platforms, government-affiliated channels and cleared candidate networks each serve a different part of the market. This guide, published by CybersecurityJobs.tech, covers where to advertise cyber security roles in the UK in 2026, how the main platforms compare, what employers should expect to pay, and what the data says about hiring across different role types.

Jobs

Penetration Tester Jobs in the UK: What Employers Actually Want in 2026

The demand for skilled professionals in cyber security has never been higher, and penetration testers sit at the very heart of this rapidly evolving industry. As organisations across the UK continue to digitise their operations, protect sensitive data, and defend against increasingly sophisticated threats, the need for ethical hackers has grown dramatically. If you are considering a career in this field—or looking to advance within it—it is essential to understand what employers are really looking for in 2026. This guide breaks down the current expectations, required skills, certifications, and practical experience that can help you stand out in a competitive job market.

Jobs

SOC Analyst Jobs UK 2026: Salaries, Skills & How to Get Hired

Cyber security is one of the UK's fastest-growing career paths — and SOC analyst is where most people begin. It's in high demand, genuinely accessible, and you don't need a degree or years of experience to get started. But knowing what UK employers actually want in 2026 — what they pay, which certs matter, and how to stand out — is a different matter. This guide covers all of it.

🍪 We use cookies to enhance your browsing experience on our website. By continuing to use this site, you consent to the use of cookies as described in our Cookie Policy. You can review our Cookie Policy for more information.