Security Auditor & Risk Assessor in Derby

AMS is a global workforce solutions partner committed to creating inclusive, dynamic, and future-ready workplaces. We help organisations adapt, grow, and thrive in an ever-evolving world by building, shaping, and optimising diverse talent strategies. Our Contingent Workforce Solution (CWS) is one way we support our clients. Acting as an extension of their recruitment teams, we connect them with skilled interim and temporary professionals, fostering workplaces where everyone can contribute and succeed.

On behalf of our globally respected client who develop cutting-edge technologies that deliver clean, safe and competitive solutions to meet the planet's vital power needs, we are looking for a Security Auditor & Risk Assessor for a 12 month contract based in Derby. Please note this role is a hybrid position in which you would be required to work onsite 3 days per week and work from home 2 days per week.

Purpose of the role: You will lead and perform independent security audits and risk assessments to identify vulnerabilities, control weaknesses, and policy non-compliance across IT systems, applications, and third-party environments, whilst evaluating risk exposure and partnering with stakeholders to develop and implement remediation plans that strengthen the organisation's overall security posture.

What you'll do: Reporting into the Security team, you will:

• Support the VP Digital Risk & Compliance in defining and delivering a risk-based audit and assessment programme across IT systems, business units, supply chain partners, and third-party providers.
• Conduct comprehensive security audits and risk assessments, evaluating control effectiveness, identifying gaps, and assessing risk exposure.
• Produce clear, timely audit and risk assessment reports, including risk ratings and prioritised recommendations.
• Develop and agree risk treatment and remediation plans with system and business owners to mitigate identified risks.
• Analyse audit and assessment outputs to identify systemic risks and trends, driving improvements in policy, processes, controls, and technology.
• Present findings, risk insights, and recommendations to senior stakeholders in a clear and compelling manner.
• Support the development and enhancement of Information Security policies, standards, and procedures aligned to recognised frameworks (e.g., ISO 27000).

The skills you'll need:

• Strong understanding of information security principles, risk management, and audit methodologies.
• Knowledge of enterprise IT systems, applications, security practices, security controls and architectures.
• Familiarity with recognised cyber security frameworks and standards (e.g., ISO 27000, NIST, NIS2, CIS), including their application in audit and risk assessment contexts.
• Desirable but not essential, familiarity with EASA Part-IS regulation and associated requirements.
• Ability to assess and articulate risk clearly, with experience in risk-based decision-making approaches.
• Excellent communication and stakeholder engagement skills, with the ability to influence outcomes.
• Broad IT security knowledge supported by relevant certifications or experience.
• Awareness of cloud technologies and risk considerations in enterprise environments.
• Proactive mindset with willingness to learn and contribute to wider compliance domains such as Product Safety, Data Privacy, and Export Control.

Desirable Qualifications:

• Degree or MSc in Information Security (or equivalent).
• CISSP, CISM, CRISC, or equivalent.
• ISO 27001 Lead Implementer / Lead Auditor.
• Experience with Microsoft Azure or other cloud platforms.

Next steps: We will only accept workers operating via an Umbrella or PAYE engagement model. If you are interested in applying for this position and meet the criteria outlined above, please click the link to apply and we will contact you with an update in due course.