Security Governance & Compliance Analyst - NIST, ISO

Cambridge

4 days ago

Create job alert

Security Governance & Compliance Analyst - NIST, ISO, CMMC
£competitive
Cambridge / Hybrid
Company Overview
One of the UK's most forward‑thinking technology companies, recognised for its innovative approach and regularly making headlines across the public domain.

About the Role
We are seeking a Security Governance & Compliance Analyst to strengthen the organisation's security governance capabilities and ensure ongoing audit readiness. This role involves building structured, scalable compliance processes, supporting external certifications, and enhancing the organisation's overall security maturity.

Working closely with teams across Security, Engineering, Legal, and Procurement, you'll help interpret complex standards, streamline assurance activities, and embed secure‑by‑design practices across the business.

Core Areas of Responsibility

Assurance Activities & Evidence Stewardship

Perform routine assurance checks across key security domains including IAM, secure configuration baselines, data protection controls, vulnerability management, and logging/monitoring.
Maintain well‑structured, audit‑ready evidence repositories for internal reviews and external assessments.
Track findings, control exceptions, and remediation activities through to completion.
Escalate material risks or recurring control gaps to senior security stakeholders.

Governance of Compliance Standards & Frameworks

Support compliance activities across frameworks such as ISO/IEC 27001:2022, SOC 2 Type II, and CMMC‑aligned requirements.
Help coordinate internal and external audits, including evidence preparation, walkthroughs, sampling, and remediation validation.
Contribute to a continuous monitoring model rather than point‑in‑time audit preparation.
Support the creation, review, and maintenance of policies, standards, and procedures.

Supplier & Partner Assurance

Operate a risk‑based supplier assurance framework to evaluate vendor compliance across cloud security, data handling, resilience, and access governance.
Review supplier questionnaires and documentation; identify risks and recommend mitigation.
Provide compliance sign‑off during procurement and onboarding cycles.
Work with Legal and Procurement to ensure contractual and regulatory obligations are addressed.

Process Engineering, Scalability & Continuous Improvement

Design and refine scalable governance and compliance workflows that support business growth.
Identify opportunities for automation using GRC platforms and workflow tooling.
Maintain and update the enterprise risk register.
Support internal training and awareness programmes.

What You'll Bring
Experience in security compliance, IT audit, cyber governance, or GRC-related roles.
Knowledge of frameworks such as ISO/IEC 27001:2022, SOC 2, NIST standards.
Strong understanding of cloud-security principles including IAM, encryption, monitoring, logging, configuration hardening, and shared responsibility models.
Ability to translate regulatory and control requirements into clear business processes.
Excellent communication skills.
Strong organisational and documentation skills.

Relevant Qualifications
ISO 27001 Internal Auditor, Lead Implementer, or Lead Auditor.
NIST CSF Practitioner or NIST SP 800‑171/CMMC‑related certifications.
CompTIA Security+ or CySA+.
(ISC)² CC, SSCP, or CISSP.
CISM or CRISC.
CISA.
AWS Security Specialty, Azure Security Engineer, or Google Cloud Security Engineer.

Nice to Have
Experience in cloud-native, SaaS, or high-growth tech environments.
Familiarity with NIST SP 800‑171, NIST CSF, or CMMC frameworks.
Understanding of risk methodologies (ISO 31000, FAIR, NIST RMF).
Experience with GRC platforms such as Drata, Vanta, Secureframe, Hyperproof, or Tugboat Logic.
Experience with AWS security tools including GuardDuty, CloudTrail, KMS, Config, Security Hub.

About Adecco
Adecco is acting as an Employment Agency. We are proud to be an equal opportunities employer. We are on the client's supplier list for this position.

Keywords
Zero Trust, RBAC, MFA, IAM governance, CSPM, SIEM, SOAR, AWS Config, CloudTrail, GuardDuty, cloud security posture, encryption at rest, encryption in transit, vulnerability scanning, patch management, data classification, DevSecOps, secure SDLC, evidence automation, continuous compliance, threat modelling, risk scoring, audit readiness, SOC 2 Trust Services Criteria, ISO 27001 Annex A controls

Related Jobs

View all jobs

Cloud Governance Analyst

Principal Data Analyst

Data Analyst - Sc cleared

Technical Solution Lead - Data, Info Security - Outside IR35

SAP ABAP FIORI DevOps Engineer

Product Delivery Managers & Digital Engineering Specialists

Subscribe to Future Tech Insights for the latest jobs & insights, direct to your inbox.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Feb 18, 2026

Jobs Careers

Cloud Engineer Jobs in the UK: Salary, Skills, Career Paths & How to Get Hired

Cloud engineer jobs are among the fastest-growing technology roles in the UK. As organisations move infrastructure, applications and data into the cloud, demand for skilled cloud professionals continues to surge across finance, healthcare, retail, defence, government and high-growth startups. If you’re exploring a career in cloud engineering — or looking for your next role — this guide covers everything you need to know: What a cloud engineer does Types of cloud engineer jobs Required skills and certifications UK salary expectations Career progression pathways How to land a cloud engineer job in the UK Whether you’re a graduate, IT professional transitioning into cloud, or an experienced engineer looking to specialise, this article will help you position yourself competitively.

Feb 9, 2026

Careers

How Many Cloud Computing Tools Do You Need to Know to Get a Cloud Job?

If you are aiming for a role in cloud computing, it can feel like the skills list never ends. One job advert asks for AWS, Terraform and Kubernetes. Another mentions Azure DevOps, PowerShell and ARM templates. A third throws in Docker, Python, Linux, CI/CD, monitoring tools and security frameworks. It is no surprise that many cloud job seekers feel overwhelmed before they even apply. Here is the reality most cloud hiring managers agree on: they are not hiring you because you know every cloud tool. They are hiring you because you understand cloud concepts, can design reliable systems, manage costs, keep things secure and support real workloads. Tools matter, but only when they support outcomes. So how many cloud computing tools do you actually need to know to get a job? For most roles, the answer is far fewer than you think. This article explains what employers really expect, which tools are essential, which are role-specific, and how to focus your learning so you look capable and employable rather than scattered.

Feb 2, 2026

Jobs

What Hiring Managers Look for First in Cloud Computing Job Applications (UK Guide)

anding a job in cloud computing can be highly competitive — especially in the UK market where demand far outpaces supply in many segments. Whether you’re aiming for roles in Cloud Engineering, DevOps, Site Reliability, Cloud Architecture, Security, Data/Analytics, or Platform Operations, hiring managers screen applications quickly and with specific priorities in mind. Hiring managers don’t read every detail at first; they scan for critical signals in the first 10–20 seconds. These early signals determine whether your CV gets read more closely, whether your LinkedIn profile gets clicked, and whether you’re invited to interview. This guide breaks down, in practical terms, exactly what hiring managers look for first in cloud computing applications — and what you should emphasise in your CV, cover letter and portfolio to stand out on www.cloudcomputingjobs.co.uk .