Security Governance & Compliance Analyst - NIST, ISO

Cambridge
4 weeks ago
Create job alert

Security Governance & Compliance Analyst - NIST, ISO, CMMC
£competitive
Cambridge / Hybrid
Company Overview
One of the UK's most forward‑thinking technology companies, recognised for its innovative approach and regularly making headlines across the public domain.

About the Role
We are seeking a Security Governance & Compliance Analyst to strengthen the organisation's security governance capabilities and ensure ongoing audit readiness. This role involves building structured, scalable compliance processes, supporting external certifications, and enhancing the organisation's overall security maturity.

Working closely with teams across Security, Engineering, Legal, and Procurement, you'll help interpret complex standards, streamline assurance activities, and embed secure‑by‑design practices across the business.

Core Areas of Responsibility

  1. Assurance Activities & Evidence Stewardship
  • Perform routine assurance checks across key security domains including IAM, secure configuration baselines, data protection controls, vulnerability management, and logging/monitoring.
  • Maintain well‑structured, audit‑ready evidence repositories for internal reviews and external assessments.
  • Track findings, control exceptions, and remediation activities through to completion.
  • Escalate material risks or recurring control gaps to senior security stakeholders.

  1. Governance of Compliance Standards & Frameworks
  • Support compliance activities across frameworks such as ISO/IEC 27001:2022, SOC 2 Type II, and CMMC‑aligned requirements.
  • Help coordinate internal and external audits, including evidence preparation, walkthroughs, sampling, and remediation validation.
  • Contribute to a continuous monitoring model rather than point‑in‑time audit preparation.
  • Support the creation, review, and maintenance of policies, standards, and procedures.

  1. Supplier & Partner Assurance
  • Operate a risk‑based supplier assurance framework to evaluate vendor compliance across cloud security, data handling, resilience, and access governance.
  • Review supplier questionnaires and documentation; identify risks and recommend mitigation.
  • Provide compliance sign‑off during procurement and onboarding cycles.
  • Work with Legal and Procurement to ensure contractual and regulatory obligations are addressed.

  1. Process Engineering, Scalability & Continuous Improvement
  • Design and refine scalable governance and compliance workflows that support business growth.
  • Identify opportunities for automation using GRC platforms and workflow tooling.
  • Maintain and update the enterprise risk register.
  • Support internal training and awareness programmes.

    What You'll Bring
  • Experience in security compliance, IT audit, cyber governance, or GRC-related roles.
  • Knowledge of frameworks such as ISO/IEC 27001:2022, SOC 2, NIST standards.
  • Strong understanding of cloud-security principles including IAM, encryption, monitoring, logging, configuration hardening, and shared responsibility models.
  • Ability to translate regulatory and control requirements into clear business processes.
  • Excellent communication skills.
  • Strong organisational and documentation skills.

    Relevant Qualifications
  • ISO 27001 Internal Auditor, Lead Implementer, or Lead Auditor.
  • NIST CSF Practitioner or NIST SP 800‑171/CMMC‑related certifications.
  • CompTIA Security+ or CySA+.
  • (ISC)² CC, SSCP, or CISSP.
  • CISM or CRISC.
  • CISA.
  • AWS Security Specialty, Azure Security Engineer, or Google Cloud Security Engineer.

    Nice to Have
  • Experience in cloud-native, SaaS, or high-growth tech environments.
  • Familiarity with NIST SP 800‑171, NIST CSF, or CMMC frameworks.
  • Understanding of risk methodologies (ISO 31000, FAIR, NIST RMF).
  • Experience with GRC platforms such as Drata, Vanta, Secureframe, Hyperproof, or Tugboat Logic.
  • Experience with AWS security tools including GuardDuty, CloudTrail, KMS, Config, Security Hub.

    About Adecco
    Adecco is acting as an Employment Agency. We are proud to be an equal opportunities employer. We are on the client's supplier list for this position.

    Keywords
    Zero Trust, RBAC, MFA, IAM governance, CSPM, SIEM, SOAR, AWS Config, CloudTrail, GuardDuty, cloud security posture, encryption at rest, encryption in transit, vulnerability scanning, patch management, data classification, DevSecOps, secure SDLC, evidence automation, continuous compliance, threat modelling, risk scoring, audit readiness, SOC 2 Trust Services Criteria, ISO 27001 Annex A controls

Related Jobs

View all jobs

Cyber Security Analyst

Senior Cyber & Technology Risk Analyst

Infrastructure Support Analyst

Data Analyst - Sc cleared

Senior Data Engineer - £62,000 - Hybrid

Senior IT Project Manager

Subscribe to Future Tech Insights for the latest jobs & insights, direct to your inbox.

By subscribing, you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Jobs

New Cloud Computing Employers to Watch in 2026: UK and Global Companies Powering the Digital Economy

Cloud computing is no longer just a backbone technology—it is now the engine of digital transformation, underpinning everything from AI and fintech to healthcare and government services. For professionals browsing CloudComputingJobs.co.uk, the biggest opportunities lie with new and fast-scaling employers that are investing heavily in infrastructure, platforms, and next-generation cloud services. In this article, we explore the new cloud computing employers to watch in 2026, focusing on UK-based startups, scale-ups, and global companies expanding their footprint across Britain. These organisations have recently secured funding, launched major projects, or won strategic contracts—clear signals of hiring growth.

Jobs Careers

Cloud Engineer Jobs in the UK: Salary, Skills, Career Paths & How to Get Hired

Cloud engineer jobs are among the fastest-growing technology roles in the UK. As organisations move infrastructure, applications and data into the cloud, demand for skilled cloud professionals continues to surge across finance, healthcare, retail, defence, government and high-growth startups. If you’re exploring a career in cloud engineering — or looking for your next role — this guide covers everything you need to know: What a cloud engineer does Types of cloud engineer jobs Required skills and certifications UK salary expectations Career progression pathways How to land a cloud engineer job in the UK Whether you’re a graduate, IT professional transitioning into cloud, or an experienced engineer looking to specialise, this article will help you position yourself competitively.

Careers

How Many Cloud Computing Tools Do You Need to Know to Get a Cloud Job?

If you are aiming for a role in cloud computing, it can feel like the skills list never ends. One job advert asks for AWS, Terraform and Kubernetes. Another mentions Azure DevOps, PowerShell and ARM templates. A third throws in Docker, Python, Linux, CI/CD, monitoring tools and security frameworks. It is no surprise that many cloud job seekers feel overwhelmed before they even apply. Here is the reality most cloud hiring managers agree on: they are not hiring you because you know every cloud tool. They are hiring you because you understand cloud concepts, can design reliable systems, manage costs, keep things secure and support real workloads. Tools matter, but only when they support outcomes. So how many cloud computing tools do you actually need to know to get a job? For most roles, the answer is far fewer than you think. This article explains what employers really expect, which tools are essential, which are role-specific, and how to focus your learning so you look capable and employable rather than scattered.

🍪 We use cookies to enhance your browsing experience on our website. By continuing to use this site, you consent to the use of cookies as described in our Cookie Policy. You can review our Cookie Policy for more information.