Skip to main content
Skip to main content

Governance Risk & Compliance Manager

Department
Information Security
Location
Bristol CEC United Kingdom
Date Posted
24-09-2025

Information Security is critical in protecting information and information systems from unauthorized access its key domains are Cyber Security, Security Operations and Governance, Risk and Compliance. The department collaborates with and supports, other Digital & IT departments, UK business divisions and central functions

An exciting opportunity has arisen for a Governance Risk & Compliance Manager to support the team. Offered as a permanent role, it is Bristol based with a salary of circa £65,000 plus benefits inc. Car/Bonus.

Key Purpose

  • Responsible for developing, implementing and managing information security best practice frameworks, risk management, and ensuring compliance with legal, regulatory, and internal standards.

  • Establish governance controls to ensure that Ayvens UK operates efficiently, safely, securely, and in compliance with applicable regulations by working closely with internal teams and external stakeholders to identify, assess, and mitigate information security risks.

  • To actively remain informed and educated in respect of new and evolving areas of Technology, Information and Cyber security and be a proactive champion of security within the business

Responsibilities

  • Develop, implement, and maintain Ayvens UK Information Security GRC framework, ensuring that it aligns with business objectives and regulatory requirements.

  • Identify, assess, and manage information and cyber security risks across the organisation, developing mitigation strategies and ensuring effective controls are in place.

  • Manage the annual schedule of NIST barometer controls identifying and reporting on ineffective controls or control gaps. Work closely with identified control performers to ensure the collation and submission of evidence in a timely manner.

  • Maintain Ayvens UK compliance with selected standards including but not limited to Cyber Essentials and PCI DSS.

  • Produce and maintain Ayvens UK Information Security reference documentation to facilitate audit or customers’ requests.

  • Manage annual internal and external audits to ensure evidence is gathered efficiently and the audit proceeds to agreed timeline. Review and agree management responses to audit findings and create remediation plans.

  • Manage third party security assessments for new requirements and maintain compliance of existing suppliers based on required schedules. Work closely with supplier relationship managers to resolve required remediations.

  • Work with the Commercial teams as required to provide subject matter expertise for bids and tenders. Ensure customer questionnaires and other requirements are completed to required deadlines.

  • Conduct reviews of Ayvens policies, standards and processes to ensure compliance, highlight any non-compliance and manage remediation plans.

  • Perform the legal and regulatory watch requirements for Information Security ensuring Ayvens UK adheres to relevant laws, regulations, and industry standards. Address any non-compliance issues.

  • Own the Ayvens UK Information Security awareness program, ensure

Skills, Experience & Background

Technical Capabilities:

  • Experience of implementing, managing and improving information security best practice frameworks

  • Experience of monitoring and reporting compliance against internal, legal and regulatory standards

Desired Previous Experience:

  • Extensive experience of working within an Information Security and/or Cyber Risk function, specifically with experience of governance risk and compliance (GRC) or security assurance.
  • Proven knowledge and experience of industry standards and best practice e.g. ISO 27000 series, NIST cyber security framework.
  • Knowledge of risk management frameworks and methodologies.
  • Good understanding of GDPR, and data protection.
  • Experience of leading and co-ordinating internal and external audits.
  • Experience of implementing or delivering security awareness and education.
  • Experience of building strong and effective relationships with teams, stakeholders, customers, partners and de[1]livering excellent customer service.
  • Financial Services’ experience advantageous. Education and Technical Ability:
  • Hold or working toward Certified Information Systems Security Professional (CISSP) or equivalent.
  • ITIL Foundation Level Service Management V3 is desirable IT Applications: