Governance Risk and Compliance Specialist

• Assist in addressing audit findings and implementing corrective actions
• Conduct audits and assessments for internal policy and international standards compliance (e.g., ISO 27001)
• Align policies with business objectives and regulatory requirements
• Help develop and refine incident response plans
• Identify, assess, and mitigate IT security risks
• Work with auditors to provide compliance documentation
• Assist in preparing compliance reports
• Track incident resolutions to ensure documentation and follow-up
• Assist in reviewing and updating governance frameworks per regulations and business needs
• Help create materials for cybersecurity training to clarify employee responsibilities
• Assist in investigating and reporting IT security incidents
• Support development of IT security policies and procedures
• Ensure compliance with UK regulations (GDPR, NIS Regulations, Data Protection Act 2018)
• Support periodic risk assessments for potential information security threats
• Coordinate with teams to integrate governance practices into daily operations
• Assist in drafting, reviewing, and maintaining IT security policies
• Monitor and report risk exposures
• Evaluate security risks of third-party vendors
• Maintain risk registers and track risk treatment plans
• Support IT security awareness and training programs for staff
• Conduct due diligence and assessments to ensure vendors meet security standards

Vix Technology, a global leader in automatic fare collection, transit information, and transit analytics solutions, is seeking a highly skilled and experienced Cloud Engineer. With a presence in over 200 city and regional transport authorities worldwide, Vix has been at the forefront of transforming fare collection for more than 35 years. At Vix, we are committed to solving problems and delivering innovative solutions that are revolutionising the world of public transit.

Add your resume and anything else to showcase why you would be a great addition to our team. We regret that this position is only available for UK&I citizens/Residents with indefinite leave to remain in the UK&I, with current full time work rights for the United Kingdom, currently residing in the UK.No recruitment agencies, please! We won't accept any introductions.

Familiarity with NESA Information Assurance Standards, PCI NESA regulations, and audit/compliance knowledge is essential.

• Prioritises exceptional customer service
• Exhibits excellent written and verbal communication skills
• Penetration testing experience (Kali Linux)
• Technical Aptitude: Familiarity with IT security concepts, frameworks like ISO 27001, and general cybersecurity best practices
• Capable of working independently while also being an effective team member
• Displays a strong commitment to seeing tasks through to completion
• Bachelor's degree in Computer Science or IT
• Knowledge of Risk Management: Basic knowledge of risk identification, assessment, and mitigation techniques
• Possesses a methodical approach to work, ensuring accuracy and timeliness
• Experience with audits or compliance enforcement
• Understanding of Regulatory Frameworks: Familiarity with GDPR, NIS Regulations, and other UK-based IT security regulations
• Demonstrates high levels of confidentiality and integrity
• Attention to Detail: Ability to identify potential issues and track compliance activities
• Exposure to Security Standards (PCI, ISO)
• AWS experience and/or certification
• Experience with site-to-site VPNs, network design, VLANs, routing, NAT

• Group Life Assurance
• Income Protection Scheme
• Private Healthcare
• Eyecare Vouchers
• Cycle to Work Scheme
• Employee Assistance Programme
• Electric Car Benefit Scheme