Be at the heart of actionFly remote-controlled drones into enemy territory to gather vital information.

Apply Now

Security Compliance Analyst

Exeter
2 days ago
Create job alert

At Pennon Group, we’re proud to be leading the way in the water and renewables industries. Alongside our subsidiaries - South West Water, Bristol Water, Bournemouth Water, SES Water, Pennon Water Services and Pennon Power - we’re committed to delivering a sustainable future of our region. Because we know that by continually driving up our standards today, we’ll build a better tomorrow for our communities.

Are you passionate about Information Security Compliance we are seeking a proactive and knowledgeable Information Security Compliance Analyst. This role is pivotal in helping us maintain ISO27001, implement and maintain cyber policies, and deliver key phases of our Cyber Essentials Programme.

About the Role

Join us as an Information Security Compliance Analyst and play a key role in protecting our information assets, identifying and mitigating security risks, and ensuring compliance with regulatory requirements. Reporting to the Information Security Compliance Manager, you’ll support internal reviews, audits, and awareness initiatives, and help maintain compliance with standards like ISO 27001, NIS, PCI, and GDPR.

Why is compliance important?

Staying compliant with ISO 27001 is critical for protecting sensitive information, maintaining customer trust, and avoiding legal, regulatory, and reputational risks. Regular internal audits not only ensure ongoing certification but also drive continual improvement and resilience in our information security practices.

Key Responsibilities:

  • Plan, conduct, and document internal ISO 27001 audits across all areas of the Information Security Management System (ISMS), ensuring all controls and processes are regularly reviewed for effectiveness and compliance

  • Evaluate the effectiveness of information security policies, procedures, and controls, and identify areas for improvement or non-compliance.

  • Develop and maintain an annual audit schedule to ensure comprehensive coverage of ISO 27001 requirements and continual improvement of the ISMS.

  • Collaborate with stakeholders to gather evidence, address audit findings, and implement corrective actions to close compliance gaps.

  • Promote information security awareness and a positive security culture throughout the organisation.

  • Support security testing, including penetration tests and vulnerability scans.

  • Ensure third-party contracts meet security requirements.

  • Maintain compliance with relevant standards and legislation.

  • Support policy and procedure development.

    What We Are Looking For:

  • Full UK driving licence

  • Strong understanding of information security principles, cyber threats, and risk management

  • Familiarity and experience with ISO 27001 standard

  • Experience of performing audits and producing reports

  • Ability to influence and build relationships across all levels of the organisation

  • A collaborative, self-motivated approach with strong organisational skills.

  • Experience with ISO 27001, NIST, or Cyber Essentials

  • Eligible for UK Government Security Clearance (SC)

    Why You'll Love Working With Us:

  • We know that the support and commitment of our staff is key to our success so you will receive the opportunity for ongoing development and training for a long-term career with us. In return, we offer an excellent range of benefits including:

  • Generous holiday allowance plus bank holidays

  • A discretionary Bonus

  • Competitive Contributory Pension

  • Share-save Scheme

  • Various health benefits

  • Wellbeing support programmes

  • A range of Group Discounts

  • Cycle to Work Scheme

  • Financial support services

  • And plenty more!

    Closing from Pennon - All locations

    Be yourself, we like it that way. Together, we will build a culture of belonging, where inclusion is instinctive. Diversity is our strength and a reflection of our communities. We care, we value everyone, we celebrate uniqueness.

    Our core values which are essential to our success are:

    Be Rock Solid - Build trust and be trusted. Be the one we all look to and can depend on.

    Be You - We want you to bring your best everyday. Be yourself and make your mark in your individual way.

    Be the Future - Embrace change. Drive Progress. Own the challenge

Related Jobs

View all jobs

Cyber Security Compliance and Governance Analyst £50-60k Manchester

Application Analyst

Information Security Manager

IT Security Engineer

Information Security Analyst

Lead / Senior Information Security Analyst

Subscribe to Future Tech Insights for the latest jobs & insights, direct to your inbox.

By subscribing, you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Jobs

Cyber Security Recruitment Trends 2025 (UK): What Job Seekers Must Know About Today’s Hiring Process

Summary: UK cyber security hiring has shifted from title‑led CV screens to capability‑driven assessments that emphasise incident readiness, cloud & identity security, detection engineering, governance/risk/compliance (GRC), measurable MTTR/coverage gains & secure‑by‑default engineering. This guide explains what’s changed, what to expect in interviews, & how to prepare—especially for SOC analysts, detection engineers, blue/purple teamers, penetration testers, cloud security engineers, DFIR, AppSec, GRC & security architecture. Who this is for: SOC & detection engineers, security operations leads, DFIR analysts, penetration testers/red teamers, purple teamers, AppSec/DevSecOps engineers, security architects, cloud security engineers, identity/IAM engineers, vulnerability managers, GRC/compliance specialists, product security & security programme managers targeting roles in the UK.

Jobs

Why Cyber Security Careers in the UK Are Becoming More Multidisciplinary

Cyber security used to be viewed primarily as a technical discipline: firewalls, encryption, intrusion detection, penetration testing. In the UK today, it’s far broader. Organisations now face complex legal frameworks, ethical dilemmas, human-behaviour risks, communication challenges & usability hurdles. This shift means cyber security careers are becoming more multidisciplinary. From protecting NHS patient records to defending financial services, securing supply chains & safeguarding national infrastructure, cyber security now touches every sector. Employers increasingly want professionals who understand law, ethics, psychology, linguistics & design alongside traditional technical skills. In this article, we’ll explore why UK cyber security careers are expanding in this way, how these five disciplines shape the profession, and what job-seekers & employers need to know to thrive in this new landscape.

Jobs

Cyber Security Team Structures Explained: Who Does What in a Modern Cyber Security Department

Cyber security has become a top priority for UK organisations of all sizes. From small businesses to financial institutions, healthcare providers, and government bodies, the risk of cyber attack is now a constant concern. Threats are more sophisticated, regulations more demanding, and customers more aware of data privacy than ever before. But defending against cyber threats isn’t simply about having the right tools — it’s about having the right team. A modern cyber security department relies on clearly defined roles and responsibilities to ensure that defences are proactive, incidents are managed swiftly, and compliance is maintained. This article explains the structure of a modern cyber security team, the roles you’ll typically find within it, how they collaborate, and what skills, qualifications, and salaries are expected in the UK job market.

🍪 We use cookies to enhance your browsing experience on our website. By continuing to use this site, you consent to the use of cookies as described in our Cookie Policy. You can review our Cookie Policy for more information.