Governance Risk and Compliance Specialist

• Conduct due diligence and assessments to ensure vendors meet security standards
• Ensure compliance with UK regulations (GDPR, NIS Regulations, Data Protection Act 2018)
• Support development of IT security policies and procedures
• Monitor and report risk exposures
• Maintain risk registers and track risk treatment plans
• Identify, assess, and mitigate IT security risks
• Evaluate security risks of third-party vendors
• Assist in addressing audit findings and implementing corrective actions
• Assist in investigating and reporting IT security incidents
• Track incident resolutions to ensure documentation and follow-up
• Assist in drafting, reviewing, and maintaining IT security policies
• Conduct audits and assessments for internal policy and international standards compliance (e.g., ISO 27001)
• Assist in reviewing and updating governance frameworks per regulations and business needs
• Work with auditors to provide compliance documentation
• Help create materials for cybersecurity training to clarify employee responsibilities
• Align policies with business objectives and regulatory requirements
• Coordinate with teams to integrate governance practices into daily operations
• Assist in preparing compliance reports
• Help develop and refine incident response plans
• Support periodic risk assessments for potential information security threats
• Support IT security awareness and training programs for staff

Add your resume and anything else to showcase why you would be a great addition to our team. We regret that this position is only available for UK&I citizens/Residents with indefinite leave to remain in the UK&I, with current full time work rights for the United Kingdom, currently residing in the UK.No recruitment agencies, please! We won't accept any introductions.

Vix Technology, a global leader in automatic fare collection, transit information, and transit analytics solutions, is seeking a highly skilled and experienced Cloud Engineer. With a presence in over 200 city and regional transport authorities worldwide, Vix has been at the forefront of transforming fare collection for more than 35 years. At Vix, we are committed to solving problems and delivering innovative solutions that are revolutionising the world of public transit.

Familiarity with NESA Information Assurance Standards, PCI NESA regulations, and audit/compliance knowledge is essential.

• Experience with audits or compliance enforcement
• Demonstrates high levels of confidentiality and integrity
• Prioritises exceptional customer service
• Capable of working independently while also being an effective team member
• Penetration testing experience (Kali Linux)
• Technical Aptitude: Familiarity with IT security concepts, frameworks like ISO 27001, and general cybersecurity best practices
• Experience with site-to-site VPNs, network design, VLANs, routing, NAT
• Attention to Detail: Ability to identify potential issues and track compliance activities
• Displays a strong commitment to seeing tasks through to completion
• Exposure to Security Standards (PCI, ISO)
• Knowledge of Risk Management: Basic knowledge of risk identification, assessment, and mitigation techniques
• Understanding of Regulatory Frameworks: Familiarity with GDPR, NIS Regulations, and other UK-based IT security regulations
• Possesses a methodical approach to work, ensuring accuracy and timeliness
• Bachelor's degree in Computer Science or IT
• AWS experience and/or certification
• Exhibits excellent written and verbal communication skills

• Eyecare Vouchers
• Employee Assistance Programme
• Income Protection Scheme
• Group Life Assurance
• Private Healthcare
• Cycle to Work Scheme
• Electric Car Benefit Scheme