Information Technology Risk Manager in Coventry

We’re looking for someone who notices when the wiring doesn’t make sense in the first place - and fixes it before anyone else sees the flicker. As the Senior Compliance Analyst, you won’t just run an assurance programme - you’ll shape it. You’ll decide what “good” looks like across IT controls and Information Security, then build the engine that proves it (or exposes where it doesn’t hold up). This is part detective work, part system design, part quiet influence.

You’ll test controls, yes - but more importantly, you’ll make them better. Stronger. Harder to break. Easier to trust. And when something isn’t working? You won’t write a report and walk away. You’ll own the fix.

What you’ll actually do:

• You’ll take full ownership of the annual assurance programme across IT and Information Security controls - designing how we test, what we test, and why it matters.
• You’ll build and run the testing roadmap. Not just a schedule, but a narrative you can stand behind when you’re talking to senior stakeholders who want clarity, not jargon.
• You’ll look closely at how controls live in the real world - how they’re adopted, documented, and followed (or quietly ignored).
• Then you’ll turn that insight into reporting that lands with the Audit Committee and Data Governance Committee because it’s sharp, honest, and useful.
• You’ll continuously assess control effectiveness across the business, raising risks when needed - but more importantly, defining what “better” looks like and driving the remediation to get there.
• You’ll improve the machinery behind the scenes too - processes, documentation, audit records - so that compliance isn’t just thorough, it’s efficient and trusted.
• You’ll collaborate. A lot. Acting as the bridge between teams, translating compliance into something practical, and making sure issues don’t just get noticed - they get resolved.

What you bring:

• You’ve done this before. Not just the theory - the real work of delivering assurance programmes across frameworks like NIST-CSF, ITGCs, ITACs, Cyber Essentials, or similar.
• You know how to work with stakeholders who don’t live and breathe compliance - and still bring them with you.
• You can read a regulation, understand what it actually means for a business, and then make it happen without drama.
• You keep an eye on where the industry is going, not just where it is - and you’re comfortable turning that into action.
• You think clearly. You communicate simply. You don’t get lost in complexity unless it’s actually useful.

It helps if…

• You’ve spent time in IT audit - Internal or external - and know how audits really play out beyond the checklist.
• You’ve worked with auditors, managed timelines, handled findings, and used those outcomes to make things better rather than just “pass.”
• You understand core IT and Information Security controls - identity and access, change management, third-party risk - and you’re comfortable getting into the detail when needed.
• Certifications like CISA or ISO 27001 Lead Auditor are useful, but not what we hire for. We’re more interested in how you think than what’s on your certificate.

What you won’t be doing:

• You won’t be chasing paperwork for the sake of it.
• You won’t be the “compliance police.”
• You won’t be ignored.

What you’ll get:

• A manager who’ll back you, not micromanage you.
• Access to teams who know their craft - Compliance, ITGC, GRC, Finance, Data Governance, InfoSec - and are worth learning from.
• Training that actually helps: NIST, ITGC, PCI-DSS, GDPR, and whatever else you need to stay sharp.
• And the space to build something better than what you walked into.

If you’re the kind of person who sees gaps before they become problems - and cares enough to close them properly - you’ll fit right in.