Job Description

Job Advert

ADARE SEC (A Mail Metrics Company) - who are we?

Every successful relationship rests on the shoulders of great communication.

We have a rich heritage of partnering with financial and business services as well as the public sector to help improve communication between organisations and their customers. We build solutions that matches client requirements, in the ever-evolving world of customer communications.


From print to web to mobile messaging, we'll build a two-way customer communication strategy that puts customers' communication preferences at its core, all the while working within the strictest regulatory framework. By delivering the right message at the right time and through the right channel we help foster higher value customer relationships.

What you will be doing?

The IT Risk & Compliance Specialist is a position responsible for supporting and maturing the IT Risk and Compliance function. This role plays an important part in maintaining and improving compliance with regulatory frameworks such as ISO 27001, PCI DSS, Cyber Essentials, DORA and other IT related ISO standards and programs. The role focuses on technical control validation, audit support, vendor risk management, and coordination of technical security questionnaires. The Specialist works closely with IT, Security, and Compliance teams to ensure that operational practices align with internal policies and external regulatory obligations.

Compliance & Audit

Coordinate preparation for internal and external audits including ISO 27001, PCI DSS, and client-specific assessments. Maintain audit readiness by ensuring all control evidence is accurate, current, and accessible. Liaise with auditors and internal stakeholders during assessments, walkthroughs, and follow-up reviews. Lead the development and maintenance of audit documentation including risk treatment plans, SoAs, and compliance calendars.

Technical Control Implementation and Monitoring

Validate and monitor implementation of technical controls under ISO 27001 Annex A, Cyber Essentials, and PCI DSS. Collaborate with IT and Security to track compliance with patching, endpoint protection, access management, and encryption. Support the continuous improvement of the Information Security Management System (ISMS).

Security Questionnaires & Due Diligence

Take ownership of responding to security and compliance sections of client and vendor questionnaires. Maintain a library of standard answers and supporting documentation for reuse and efficiency.

IT Risk Management

Maintain the IT risk register and ensure regular updates with input from system and control owners. Assist with risk assessments, impact analysis, and tracking of mitigation plans.

Vendor & Third-Party Oversight

Support onboarding and annual reviews of third-party vendors from a compliance perspective, when needed. Track SLAs and contractual obligations relating to security certifications when needed. (e.g., ISO, PCI).

Internal Collaboration & Training

Work with IT and Security to ensure operational activities are compliant with internal controls. Contribute to compliance awareness and training sessions as needed.

Personal Development

Proactively seek to acquire and maintain up-to-date knowledge of the group's products and services. Seek to develop and improve skills and knowledge at every opportunity, accept feedback to improve personal performance and learn from successes and mistakes.

What do we need?

Working knowledge of compliance frameworks

such as ISO 27001, PCI DSS, Cyber Essentials, and DORA, and the ability to support their implementation in collaboration with senior staff.

Practical experience

(or strong interest in gaining experience) with technical IT security and compliance tools, including: GRC platforms for tracking risks and controls, Security awareness platforms like KnowBe4, SIEM or endpoint monitoring tools (e.g. Log360, Endpoint Central).

Basic understanding of IT infrastructure and security concepts

, such as access control, encryption, network protocols, and patching processes.

Strong organizational and documentation skills

, with attention to detail in preparing audit evidence, compliance responses, and technical procedures.

Effective written and verbal communication skills

, particularly in responding to client queries and internal stakeholders.

Eagerness to learn and continuously develop

knowledge in risk, compliance, and cybersecurity domains, supported by training and mentorship.

What's in it for you?

Competitive salaries 26 days holiday per year plus Bank Holidays Enhanced maternity and paternity schemes Sick pay schemes Eye care scheme - free eye tests and discounts on glasses for DSE users Electric car scheme Cycle to work scheme Employee-Referral Scheme Free parking on site * Free fruit