GRC Analyst in Exeter

Powered by Water, Driven by Purpose. South West Water keeps the South West flowing with safe, reliable drinking water and wastewater services across some of the UK’s most stunning landscapes. We’re proud to be part of Pennon Group, a leader in the UK water sector, working towards a greener future. Our goal? Net zero by 2030, supported by partnerships with Wildlife Trusts and National Parks.

Are you passionate about Cyber Security Governance, Risk Management and Compliance? We are seeking a proactive and knowledgeable Cyber Security GRC Analyst (up to £36,000 doe) to support and strengthen our organisation’s security posture. In this role, you will help ensure ongoing compliance with key security standards, manage governance frameworks, and contribute to the resilience of our cyber environment.

About the Role: As a Cyber Security GRC Analyst, you will play a central role in driving our governance, risk, and compliance activities. Reporting to the Cyber Security Compliance Manager, you will support internal reviews, risk assessments, policy development, and ongoing compliance with frameworks such as ISO 27001 and NIS Regulations. You’ll collaborate across the business to ensure risks are effectively managed, controls are embedded, and our security standards remain robust and continually improved.

Key Responsibilities:

• Plan, conduct, and document internal ISO 27001 audits across all areas of the Information Security Management System (ISMS), ensuring all controls and processes are regularly reviewed for effectiveness and compliance.
• Evaluate the effectiveness of information security policies, procedures, and controls, and identify areas for improvement or non-compliance.
• Develop and maintain an annual audit schedule to ensure comprehensive coverage of ISO 27001 requirements and continual improvement of the ISMS.
• Conduct and document internal audits and assessments aligned to ISO 27001 and NIS Regulations.
• Contribute to the development and maintenance of cyber security policies, standards, and procedures.
• Assist in maintaining the IT Security risk register, including identifying, assessing, and monitoring.
• Work closely with business stakeholders to gather evidence, close audit findings, and track corrective actions.
• Support security assurance activities, including penetration tests, vulnerability scans, and third party reviews.
• Promote strong cyber security awareness and contribute to a positive security culture.
• Ensure third party suppliers meet contractual and regulatory security requirements.
• Maintain compliance with relevant legislation and industry standards.
• Monitor adherence and enforce policies to safeguard organisational data.
• Ensure that data protection practices meet legal, regulatory, and standards requirements.

Why Governance, Risk & Compliance Matters: Effective GRC practices are essential for safeguarding sensitive information, maintaining customer trust, and protecting the organisation from regulatory, operational, and reputational risks. Regular internal ISO 27001 audits not only ensure ongoing certification but also drive continual improvement and resilience in our information security practices.

What We’re Looking For:

• Full UK driving licence.
• Strong understanding of cyber security principles, risks, and regulatory requirements.
• Familiarity with ISO 27001 or NIS or other cyber security standards and frameworks.
• Experience in conducting audits or assessments.
• Thrives in environments where clear governance, process adherence, and continual improvement are valued.
• Values the opportunity to help teams prepare for external audits or certifications.
• Excellent communication and relationship building skills.
• Excellent attention to detail.
• A collaborative, self-motivated approach with strong organisational abilities.
• Eligible for UK Government Security Clearance (SC).

Why You'll Love Working With Us: We know that the support and commitment of our staff is key to our success so you will receive the opportunity for ongoing development and training for a long-term career with us. In return, we offer an excellent range of benefits including:

• Annual salary of up to £36,000 depending upon experience.
• Generous holiday allowance plus bank holidays.
• A discretionary Bonus.
• Competitive Contributory Pension.
• Share-save Scheme.
• Various health benefits.
• Wellbeing support programmes.
• A range of Group Discounts.
• Cycle to Work Scheme.
• Financial support services.
• And plenty more!

Closing Date: 16th February. Please note that the successful candidate will be subject to a mandatory DBS check as part of the onboarding process. Be yourself, we like it that way. Together, we will build a culture of belonging, where inclusion is instinctive. Diversity is our strength and a reflection of our communities. We care, we value everyone, we celebrate uniqueness. Our core values which are essential to our success are:

• Be Rock Solid - Build trust and be trusted. Be the one we all look to and can depend on.
• Be You - We want you to bring your best every day. Be yourself and make your mark in your individual way.
• Be the Future - Embrace change. Drive Progress. Own the challenge.