Senior Governance, Risk and Compliance Analyst

About the role: You’ll be joining a close-knit, highly capable security team who genuinely enjoy working together and take pride in what they deliver. It’s a collaborative environment where ideas are shared openly, support is always there when you need it, and everyone is trusted to get on with their work without unnecessary layers or noise. There’s a strong sense of accountability, but also a lot of flexibility and understanding — people here back each other and celebrate progress together. From a technical perspective, you’ll help evolve our governance framework, strengthen existing controls and play a key role in achieving and maintaining certifications such as ISO27001. We’re looking for someone who has been through that journey before and can bring a pragmatic, delivery-focused approach. You’ll need to be comfortable operating in a business that’s evolving quickly, able to balance structure with flexibility, and confident working with stakeholders at all levels. Just as importantly, you’ll be someone who listens, builds trust easily and brings a calm, thoughtful approach to problem-solving.

Responsibilities:

• Working closely with the Governance and Compliance Manager (located in South Yorkshire, UK)
• Working closely with the Head of Information Security (located in North Yorkshire, UK)
• Leading the implementation and the changes required to help CEF to gain ISO27001 and additional certifications (such as ISO42001) as deemed necessary by the business
• Support CEF maintain security certifications (Cyber Essentials, PCI) and support activities to enhance security controls
• Auditing and reviewing security controls, policies and procedures to ensure alignment with current ways of working and best practice
• Undertaking security control gap analysis and proposing strategies to remediate or reduce any observed risks
• Supporting other Governance, Risk and Compliance team members in completing 3rd party supplier activities such as security due diligence reviews and client information security questionnaires
• Working with the Governance and Compliance Manager to foster a culture of continuous security training and upskilling for all CEF team members
• Supporting security governance measures and policies for AWS cloud security
• Working with the Governance and Compliance manager to identify, assess and prioritise potential information and data governance risks and issues across the business (including products, solutions, systems, data, people and processes), and through effective partnering relationships with business leaders, ensure that effective actions and controls are in place to mitigate those risks

Essential Experience:

• Previous experience in an operational information security role, engaging and communicating successfully with senior stakeholders across different business areas to address and ensure information security compliance.
• Previous experience gaining or maintaining ISO27001 certification
• Proven experience of defining the information security policies, controls and processes to manage an organisations’ risk position
• Proven experience of utilising Information Security principles and best practices such as ISO 27001, NIST, NCSC, PCI DSS requirements and other regulatory obligations.
• Experience in risk and vulnerability management

What We Offer:

• Work from anywhere in the UK – we aim to come together multiple times a year in our office in Durham so you must be willing to travel when required.
• Annual discretionary bonus
• 25 days holiday plus UK bank holidays.
• Company pension scheme.
• Access to Champion Health – the “Netflix of wellbeing”, covering physical, mental and financial wellbeing.
• Access to MySavings Platform, offering discounts and vouchers across groceries, dining out, gym memberships, days out, experiences and travel.
• Access to Light Up Learning, our platform for leadership, technical and personal development.
• Free use of our onsite gym at Janet Nash House, Durham.

About Us: Founded in 1951 in Kenilworth, UK, City Electrical Factors (CEF) has grown into a world-leading electrical wholesale and manufacturing business with over 400 branches across the UK and a strong presence in the USA, Canada, Spain and Australia. Our IT and digital teams are driving the next chapter of our journey... Re-engineering legacy systems, adopting modern cloud technologies and exploring AI to deliver faster, smarter and more connected customer experiences. We’re a predominantly remote workforce with teams distributed across the UK, USA, Canada, Spain and Australia. Our culture is collaborative, forward-thinking and people-focused — where your ideas and contributions genuinely matter.

Our Mission: City is a world leading electrical wholesale and manufacturing business providing electrical products to the industry. We in IT are delivering value to our business and our customers with the implementation of packaged software and bespoke engineering for the digital age using AWS serverless technology. We need talented and creative people across all areas to join us in rearchitecting our forward thinking business over the next few years and beyond as we evolve.

Ready to Apply? If you’re excited by technology, value collaboration and want to make a genuine impact, we’d love to hear from you. Click Apply to get started!