Governance Risk & Compliance Analyst

Sword is a leading provider of business technology solutions within the Energy, Public and Finance Sectors, driving real transformation change within our clients. We use proven technology, specialist teams and domain expertise to build solid technical foundations across platforms, data and business applications. We have a passion for using technology to solve business problems, working in partnership with our clients to help in achieving their goals.

We are delighted to present a newly created opportunity for a Governance, Risk & Compliance Analyst to join our internal security team. Reporting directly to the Sword Group CISO, you will help run and maintain Sword’s governance, risk, and compliance activities across key regulatory, certification, and client requirements.

• Security Governance: Support the development, maintenance, and improvement of security policies, standards, and procedures, helping to keep Sword aligned with ISO 27001, NIS2, and other relevant obligations.
• Risk Management: Support and maintain security risk management activities across suppliers, projects, and internal services, helping to identify risks, track treatment actions, and drive progress to completion.
• Legal, Regulatory, and Contractual Requirements: Help track, interpret, and maintain compliance with relevant legal, regulatory, client, and contractual obligations, including GDPR, NIS2, and the UK Cyber Security Resilience Bill.
• Data Protection: Lead and coordinate ongoing GDPR compliance activities globally by maintaining records, improving processes, working with stakeholders, and ensuring actions are progressed and completed.
• Third-Party and Supply Chain Security: Support supplier and supply chain risk management activities, including reviews, due diligence, follow-up actions, and the maintenance of appropriate records and evidence.
• Certification and Compliance Support: Lead and coordinate Sword’s ISO 27001 certification and Cyber Essentials activities, including evidence gathering, control tracking, stakeholder coordination, and follow-up of remediation actions.
• Audit and Assurance: Support internal and external audit activity by preparing evidence, coordinating responses, tracking findings, and helping ensure actions are completed.
• Business Resilience Support: Contribute to the maintenance and improvement of business continuity and disaster recovery arrangements, including documentation, review activity, and support for testing exercises.
• Security Culture and Awareness: Support awareness, training, and communication activities that help colleagues understand and follow security policies, processes, and responsibilities.
• Continuous Improvement: Take a practical, can-do approach to improving the GRC programme through steady progress, good organisation, and a focus on getting things done.

Supporting and maintaining governance, risk, and compliance activities aligned to industry standards and organisational objectives. Strong practical experience of frameworks, regulations, and obligations such as ISO 27001, GDPR, Cyber Essentials, NIS2, and the UK Cyber Security Resilience Bill, with the ability to apply these in a practical business context and coordinate related activities across a global organisation.

Supporting risk assessments, control reviews, remediation tracking, and evidence management across projects, suppliers, and internal services. Experience contributing to audit, certification, or compliance activity, including evidence gathering, issue tracking, stakeholder coordination, and support for follow-up actions. Supporting supplier and supply chain assurance activity, including due diligence, review of responses, and follow-up of security actions.

Good organisational, analytical, and problem-solving skills, with the ability to interpret requirements and help turn them into practical actions. Clear written and verbal communication skills, with the ability to work effectively with stakeholders across the business. Experience in a similar governance, risk, compliance, information security, or assurance role would be beneficial.

This role represents an outstanding opportunity for an individual with practical experience, or strong working knowledge, in governance, risk, compliance, or cyber security who is keen to keep building their expertise, takes ownership, and delivers results. You should have enough experience to lead and coordinate key compliance activities globally, particularly in GDPR, ISO 27001, and Cyber Essentials, with practical experience in running GDPR activities being essential.

• Practical experience leading and coordinating GDPR activities globally (essential).
• Practical experience of ISO 27001, Cyber Essentials, NIS2, and the UK Cyber Security Resilience Bill.
• Experience with risk assessments, control reviews, and remediation tracking.
• Experience contributing to audit, certification, or compliance activity.
• Experience with supplier and supply chain assurance activity.
• Good organisational, analytical, and problem-solving skills.
• Clear written and verbal communication skills.
• Experience in a similar governance, risk, compliance, information security, or assurance role would be beneficial.

• Relevant qualifications or certifications in ISO 27001, GDPR, Cyber Essentials, risk, audit, or information security would be beneficial, but practical experience leading and coordinating these activities globally is more important.
• Takes ownership, works proactively, and has a can-do attitude with a strong focus on following through and getting things done.
• Keen to learn, develop, and progress a career in governance, risk, and compliance.
• Well organised and able to manage competing priorities while maintaining momentum and attention to detail.
• Communicates clearly and works well with technical and non-technical colleagues to drive practical outcomes.

• Personalised Career Development: We create a development plan customised to your goals and aspirations, with a range of learning and development opportunities within a culture that encourages growth.
• Flexible working: Flexible work arrangements to support your work-life balance. We can’t promise to always be able to meet every request, however, are keen to discuss your individual preferences to make it work where we can.
• A Fantastic Benefits Package: This includes generous annual leave allowance, enhanced family friendly benefits, pension scheme, access to private health, well-being, and insurance schemes.

At Sword we are dedicated to fostering a diverse and inclusive workplace and are proud to be an equal opportunities employer, ensuring that all applicants receive fair and equal consideration for employment, regardless of whether they meet every requirement. If you don’t tick all the boxes but feel you have some of the relevant skills and experience we’re looking for, please do consider applying and highlight your transferable skills and experience. We embrace diversity in all its forms, valuing individuals regardless of age, disability, gender identity or reassignment, marital or civil partner status, pregnancy or maternity status, race, colour, nationality, ethnic or national origin, religion or belief, sex, or sexual orientation. Your perspective and potential are important to us.

If we can do anything to help make the hiring process more accessible, please let our talent acquisition team know when you apply so we can support any adjustments.