Job Description

Risk & Compliance Officer/Analyst -

Location: Knutsford, UK

Department: Security

Reports to: COO

Salary: 35-40k

Must reside with 30 minutes commute of Knutsford - Office based

Position Overview:

The Risk & Compliance Officer/Analyst is a key role responsible for overseeing the risk and compliance functions within our organisation. This role plays a critical part in ensuring and maintaining compliance with relevant regulations and standards. The Compliance collaborates with cross-functional teams to develop, implement, and maintain policies, procedures, and controls, while promoting a culture of compliance awareness and best practices.

Key Responsibilities:

Responsibilities:

1. Strategy, Planning and Reporting:

Develop and implement a comprehensive compliance strategy aligned with business objectives. Assess risks to our organisation. Maintain and define compliance policies, standards, and procedures to ensure the confidentiality, integrity, and availability of data. Track key compliance KPIs for executive reporting. Prepare monthly compliance status reports and risk posture updates for the COO and leadership team. Collaborate with stakeholders to establish compliance requirements and ensure their integration into system designs and processes.

2. Compliance Operations:

Oversee the implementation and management of compliance controls. Monitor, interpret, and ensure compliance with applicable laws, regulations, and industry standards (e.g., GDPR, HIPAA, PCI DSS). Conduct internal and facilitate external audits for ISO 27001 & SOC 2 Develop and maintain compliance frameworks, controls, and documentation. Conduct regular audits and assessments to evaluate the effectiveness of security controls. Oversee vendor compliance with data protection and security obligations, ensuring third-party compliance and security posture aligns with Custodia's standards. Coordinate responses to compliance-related incidents, breaches, or inquiries. Stay up to date with compliance requirements and address potential risks. Conduct compliance awareness training and education programs for employees.

3. Risk Management:

Identify and assess risks to the organisation's assets and systems. Develop risk mitigation strategies and work with stakeholders to prioritize and address security risks. Conduct regular risk assessments. Monitor and report on the status of risks to senior management.

4. Physical Security Oversight

Develop and maintain physical security policies and procedures to protect Custodia's offices and physical assets. Coordinate and oversee implementation of access control systems (e.g., key cards, biometric access) and visitor management procedures. Ensure surveillance systems (CCTV, alarm systems) are installed, monitored, and maintained appropriately. Conduct periodic physical security audits and risk assessments in coordination with facility management or external vendors. Manage response procedures for physical security incidents, including lost access credentials, unauthorized access, or emergency situations. Collaborate with third-party vendors and building management to ensure compliance with lease and security requirements. Ensure physical security controls align with compliance obligations (e.g., ISO 27001 A.11, SOC 2 Physical Security Controls). Provide physical security awareness training for employees and contractors where appropriate.

5. Collaboration and Stakeholder Management:

Collaborate with cross-functional teams, including Security, IT, legal, human resources, and operations, to ensure compliance requirements are met. Engage with external auditors, regulators, and industry groups to maintain awareness of best practices and emerging trends. Provide guidance and recommendations to management and employees on compliance-related matters. Foster a culture of compliance awareness and accountability throughout the organisation.

Qualifications & Experience (preferred)

Bachelor's degree in information security, Cybersecurity, Computer Science, or a related field. Master's degree or relevant postgraduate qualifications are a plus. 3+ years of progressive experience in risk management, or compliance roles, ideally within regulated or cloud-first environments. Strong working knowledge of information security management systems (ISMS), particularly ISO/IEC 27001 and SOC 2 Type 2. Hands-on experience preparing for and supporting SOC 2 Type 2 audits, including control implementation, evidence collection, and auditor coordination. Experience leading or supporting regulatory and third-party audits (e.g., ISO, SOC, GDPR, PCI DSS). Demonstrated expertise in implementing and managing controls across cloud and on-premises environments. Solid understanding of data protection regulations (e.g., GDPR, HIPAA) and how to operationalize compliance within modern SaaS businesses. Hands-on experience with risk assessment methodologies and the development of risk treatment plans. Proven track record in incident response planning, investigation, and mitigation. Familiarity with security frameworks such as NIST CSF, CIS Controls, or COBIT is desirable.

Certifications (Preferred or Strongly Advantageous)

Compliance & Risk

: Certified in Risk and Information Systems Control (CRISC) GDPR Practitioner or CIPP/E (for privacy compliance)

Information Security

: ISO/IEC 27001 Lead Implementer or Lead Auditor Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) Certified Information Systems Auditor (CISA)

Physical Security

: Physical Security Professional (PSP) - ASIS International Certified Protection Professional (CPP) - ASIS International Knowledge of ISO/IEC 27001 Annex A.11 (Physical and Environmental Security) Experience working with access control, CCTV, visitor management, and facility audits

Soft Skills and Leadership

Strong leadership, communication, and stakeholder engagement skills across technical and non-technical teams Ability to influence and educate teams on security awareness and compliance best practices Comfortable working in high-trust, regulated environments with executive-level visibility Highly organized, analytical, and proactive in identifying and mitigating risks
Job Type: Full-time

Pay: 35,000.00-40,000.00 per year

Benefits:

Casual dress Company pension Free parking Gym membership Health & wellbeing programme On-site gym On-site parking Private dental insurance Private medical insurance Sabbatical Sick pay
Ability to commute/relocate:

Knutsford WA168GS: reliably commute or plan to relocate before starting work (required)
Work Location: In person