<img src="https://secure.intelligent-company-365.com/789779.png" style="display:none;"> IT Risk & Compliance Specialist- Job July 2025

Location:
Huddersfield/Hybrid

Job Type:
Full Time

Closing Date:
18/07/2025

IT Risk & Compliance Specialist

Reporting to: Head of IT Risk & Compliance

Main Purpose of the Role

The IT Risk & Compliance Specialist is a position responsible for supporting and maturing the IT Risk and Compliance function. This role plays an important part in maintaining and improving compliance with regulatory frameworks such as ISO 27001, PCI DSS, Cyber Essentials, DORA and other IT related ISO standards and programs. The role focuses on technical control validation, audit support, vendor risk management, and coordination of technical security questionnaires. The Specialist works closely with IT, Security, and Compliance teams to ensure that operational practices align with internal policies and external regulatory obligations. 

Compliance & Audit

  • Coordinate preparation for internal and external audits including ISO 27001, PCI DSS, and client- specific assessments.
  • Maintain audit readiness by ensuring all control evidence is accurate, current, and accessible.
  • Liaise with auditors and internal stakeholders during assessments, walk-throughs, and follow-up reviews.
  • Lead the development and maintenance of audit documentation including risk treatment plans, SoAs, and compliance calendars.

Technical Control Implementation and Monitoring

  • Validate and monitor implementation of technical controls under ISO 27001 Annex A, Cyber Essentials, and PCI DSS.
  • Collaborate with IT and Security to track compliance with patching, endpoint protection, access management, and encryption.
  • Support the continuous improvement of the Information Security Management System (ISMS).

Security Questionnaires & Due Diligence

  • Take ownership of responding to security and compliance sections of client and vendor questionnaires.
  • Maintain a library of standard answers and supporting documentation for reuse and efficiency.

IT Risk Management

  • Maintain the IT risk register and ensure regular updates with input from system and control owners.
  • Assist with risk assessments, impact analysis, and tracking of mitigation plans.

Vendor & Third-Party Oversight

  • Support onboarding and annual reviews of third-party vendors from a compliance perspective, when needed.
  • Track SLAs and contractual obligations relating to security certifications when needed. (e.g., ISO, PCI).
  • Internal Collaboration & Training
  • Work with IT and Security to ensure operational activities are compliant with internal controls.
  • Contribute to compliance awareness and training sessions as needed.

Adherence to the Group's procedures, working practices and department-specific processes.

This role is part of long-term plans to professionalise & improve Assurance and Compliance in line with IT best practices and professional standards.

Personal Development

  • Proactively seek to acquire and maintain up-to-date knowledge of the Group's products and services.
  • Seek to develop and improve skills and knowledge at every opportunity, accept feedback to improve personal performance and learn from successes and mistakes.

Behavioural Responsibilities

  • Communicate positively both verbally and in writing.
  • Share information and demonstrate respect to colleagues, customers and others within the working environment.
  • Demonstrate flexibility within the role, endeavouring to comply with any reasonable requests that will benefit the team’s ability to meet their objectives.
  • Be a team player, encouraging colleagues, providing support, and positively affecting team spirit.
  • Take personal responsibility for providing excellent customer service to internal and external customers.

Compliance with Company Policies & Procedures

  • Actively participate and contribute to the group's quality initiatives, including proactive input into continuous improvement.
  • Comply with the company's environmental and information security policies and procedures, plus any relevant policies and procedures that may be introduced from time to time (particularly those for which the company is seeking or has achieved independent accreditation).
  • Understand and practise the Health and Safety policy requirements and relevant safe systems of work.

Contribution to Personal, Departmental & Company Objectives

  • Strive to achieve the objectives that are set for you.
  • Contribute, as requested, to the departmental and company objectives to the best of your ability.

Time Management & Organisational Skills

  • Work methodically and organised, complying with the Clean Desk Policy.
  • Prioritise your workload and complete tasks and projects within agreed and reasonable timescales.
  • Report for work on time and in a presentable manner.
  • Manage your time and activities to avoid a negative impact on the time management of others.

​Problem Solving & Demonstrating Initiative

  • Demonstrate initiative to address problems and implement solutions to improve working practices where possible.
  • Positively question established working methods and actively put forward suggestions and ideas.

Attendance

  • Observe company policy regarding timekeeping and attendance.

Dimensions & Limits of Authority 

  • No authority to commit to expenditure but play an integral role in selecting suppliers and infrastructure products.

Location

The role is based at the production facility at Park Mill, Clayton West, Huddersfield. It may be necessary to occasionally work at other locations (primarily other Group sites). 

Competencies Required

Working knowledge of compliance frameworks such as ISO 27001, PCI DSS, Cyber Essentials, and DORA, and the ability to support their implementation in collaboration with senior staff.

Practical experience (or strong interest in gaining experience) with technical IT security and compliance tools, including:

  • GRC platforms for tracking risks and controls,
  • Security awareness platforms like KnowBe4,
  • SIEM or endpoint monitoring tools (e.g. Log360, Endpoint Central).

Basic understanding of IT infrastructure and security concepts, such as access control, encryption, network protocols, and patching processes.

Strong organizational and documentation skills, with attention to detail in preparing audit evidence, compliance responses, and technical procedures.

Effective written and verbal communication skills, particularly in responding to client queries and internal stakeholders.

Eagerness to learn and continuously develop knowledge in risk, compliance, and cybersecurity domains, supported by training and mentorship.