Senior Governance Risk & Compliance Specialist

Make The Connection.

At Vix, we are committed to solving problems and delivering innovative solutions that are revolutionizing the world of public transit.

We are a global organisation at Vix - embracing the strength that individual diversity brings to the collective. Bring your individual orientation, cultural heritage and distinctive thinking and experience – we want to hear from you!

The Role

You'll need significant experience across the key responsibilities listed below to be successful.

The role is located on-site in Manchester and requires on-site attendance Monday to Friday.

We regret that this position is only available for UK citizens/Residents with indefinite leave to remain in the UK, with current full time work rights for the United Kingdom, currently residing in the UK. This position will be located in the United Kingdom.

Key Responsibilities:

1. Risk Management:

• Assist in identifying, assessing, and mitigating risks related to IT security.
• Maintain risk registers and track the implementation of risk treatment plans.
• Support periodic risk assessments to identify potential threats to information security.
• Monitor and report on risk exposures.
• Compliance Monitoring:
• Ensure adherence to UK-specific regulations like the GDPR (General Data Protection Regulation), NIS Regulations, and Data Protection Act 2018.
• Conduct regular audits and assessments to ensure compliance with internal policies, regulatory requirements, and international standards such as ISO 27001.
• Assist in the preparation and submission of compliance reports.
• Governance Support:
• Support the development and implementation of IT security policies, procedures, and guidelines.
• Assist in reviewing and updating governance frameworks in alignment with regulatory and business requirements.
• Coordinate with various teams to ensure that governance practices are integrated into the organization’s daily operations.
• Incident Response:
• Assist in the investigation and reporting of IT security incidents.
• Help develop and refine incident response plans and procedures.
• Track and report on the resolution of incidents to ensure proper documentation and follow-up.
• Training and Awareness:
• Support the delivery of IT security awareness programs and training to staff.
• Help in creating materials for cybersecurity training and communication efforts to ensure employees understand their responsibilities in maintaining security and compliance.
• Vendor and Third-Party Risk Management:
• Assist in evaluating the security risks associated with third-party vendors and suppliers.
• Help conduct due diligence and assessments on vendors, ensuring they meet security and compliance standards.
• Audit Support:
• Work closely with internal and external auditors to provide documentation and evidence of compliance.
• Assist in tracking and addressing audit findings, ensuring timely implementation of corrective actions.
• Policy Development and Maintenance:
• Assist in drafting, reviewing, and maintaining IT security policies and procedures.
• Help in the alignment of policies with business objectives and regulatory requirements.

Familiarity with NESA Information Assurance Standards: Understanding of the PCI NESA regulations and how they may relate to UK frameworks (like GDPR or NIS Regulations).

What You'll Bring To The Role:

Essential:

• Understanding of Regulatory Frameworks: Familiarity with GDPR, NIS Regulations, and other UK-based IT security regulations.
• Knowledge of Risk Management: Basic knowledge of risk identification, assessment, and mitigation techniques.
• Attention to Detail: Ability to identify potential issues and track compliance activities.
• Technical Aptitude: Familiarity with IT security concepts, frameworks like ISO 27001, and general cybersecurity best practices.

Desirable:

• AWS experience and/or certification.
• Bachelor’s degree in Computer Science or IT.
• Exposure to Security Standards (PCI, ISO).
• Experience with audits or compliance enforcement.
• Penetration testing experience (Kali Linux).
• Experience with site-to-site VPNs, network design, VLANs, routing, NAT.
• Creating PCI digital keys or security access modules.

Beyond technical capability, we are looking for someone familiar with matrix organisational structure who functions effectively in both geographically and technically dispersed domains. You'll naturally be a person of integrity who practices discretion and confidentiality, excellent communication and relationship management skills, flexibility, inquisitiveness and adaptability.

What’s in it for you?

Besides the opportunity to work for a global company that is customer and people focused, we offer:

• A focus on learning and development
• A great team of like-minded professionals
• Private Healthcare
• Income Protection Scheme
• Pension
• Group Life Assurance
• Cycle to Work Scheme
• Electric Car Benefit Scheme
• Employee Assistance Programme
• Eyecare and Spectacle Vouchers

Sounds good? Then apply now. Get on board today!

Add your resume and anything else to showcase why you would be a great addition to our team. We regret that this position is only available for UK&I citizens/Residents with indefinite leave to remain in the UK&I, with current full time work rights for the United Kingdom, currently residing in the UK.

No recruitment agencies, please! We won’t accept any introductions.

We aim to have a work environment where everyone feels included and everyone can realise their full potential.