Mid-Level Information Security, Risk and Compliance Specialist

Mid-Level Information Security, Risk and Compliance Specialist

Location: UK or Ireland – Primarily remote, with occasional travel to regional offices in the UK, Ireland, or Germany for key meetings and team events

Compensation: Competitive salary, based on experience

Employment Type: Full-time, Permanent

Reporting Line: Reports directly to the Chief Information Security Officer (CISO)

About the Company

Join a leading provider of enterprise governance software solutions, trusted by global organisations to enhance operational control, regulatory alignment, and digital resilience. With a collaborative team culture and offices across Germany, the UK, and Ireland, we empower businesses to proactively manage security, privacy, and risk in a rapidly evolving threat landscape.

Position Overview

We are seeking a dedicated Information Security, Risk and Compliance Specialist with mid-level experience to support our growing security program. You’ll play a vital role in managing internal risk, supporting audit initiatives, and ensuring adherence to global security frameworks and data privacy laws. Working under the guidance of the CISO, you’ll be instrumental in promoting a culture of proactive security and continuous improvement.

Key Responsibilities

Security & Compliance Frameworks

• Serve as a security subject matter resource, advising stakeholders across business units.
• Monitor and uphold certification requirements for standards such as ISO 27001 and SOC 2.
• Evaluate and strengthen internal controls to address emerging risks and maintain assurance.
• Collaborate with engineering, product, and operations teams to integrate secure design principles into project lifecycles.
• Carry out security risk evaluations, gap analyses, and compliance reviews to maintain a strong risk posture.

Data Privacy & Regulatory Alignment

• Contribute to the development and refinement of policies supporting compliance with UK GDPR, the Data Protection Act, and international privacy laws.
• Track legal and regulatory developments to align company practices with current requirements.
• Perform Privacy Impact Assessments and internal reviews of data handling practices.
• Guide business units in embedding privacy controls and documenting data processing activities.
• Advise on data governance strategies that align with corporate security and compliance standards.

Process Efficiency & Audit Support

• Collaborate with departments to streamline and automate risk and compliance processes without sacrificing control.
• Support vendor risk assessments and onboarding by ensuring alignment with internal and regulatory security requirements.
• Participate in both internal and external audits, ensuring documentation and responses meet auditor expectations.
• Work with stakeholders to close audit actions, improving future audit readiness.
• Respond to client security and privacy questionnaires with detailed and accurate information.

Education & Awareness

• Design and deliver cybersecurity and data protection awareness programs for staff at all levels.
• Share insights on security trends and technologies to inform policy evolution and strategic planning.
• Promote ongoing education initiatives to elevate company-wide understanding of risk and compliance responsibilities.

Ideal Candidate Profile

• Minimum 5 years’ experience in Information Security, Cyber Risk, or Privacy Compliance roles.
• Practical understanding of IT infrastructure, operations, and cloud technologies.
• Direct experience applying or auditing against global frameworks and standards including ISO 27001, SOC 2, GDPR, HIPAA, and data governance models.
• Strong background in securing cloud-based applications and SaaS platforms.
• Familiarity with threat management, DLP tools, and preventative security measures.
• Experience using third-party risk assessment or GRC platforms.
• Strong interpersonal and communication skills, able to translate technical concepts to non-technical stakeholders.
• Comfort working in globally distributed teams and managing priorities across multiple time zones.
• Previous work in a regulated industry is beneficial but not essential.

If you’re ready to be part of a high-impact team where security and compliance are core to business success, we’d love to hear from you.