33 Security Policy Development jobs in the United Kingdom

Security Governance Manager 

Reports to: Head of Information Security 

Location: Hybrid (Newmarket) and or Remote

Hours: 32 hours across a 4-day week (no salary sacrifice) 

Salary: £50,000 - £60,000 

Product: Group level - Wonde, Evouchers & Secure Schools 

Who we are and what is important to us:

Beyond unifies three technology-driven brands, Wonde, Evouchers and Secure Schools. 

Each brand shares a vision to reduce the friction of adapting technology, to help customers navigate an often overwhelming area and provide powerful solutions that make their everyday life easier. 

The three brands run independently with the autonomy to continue to prosper although as part of the Beyond team, you’ll join a wider, supportive environment where you’ll be able to pull on the expertise and capabilities of the group. 

We do not limit ourselves to standing still. We look ahead and strive to disrupt the sector we operate in. We believe technology should not be complicated or overwhelming. It should do what it says - quickly, safely and efficiently.

Job snapshot:

As Security Governance Manager, you will be responsible for ensuring the effectiveness of security policies and control frameworks. You will support the group in adopting a security mindset using a combination of coaching, supporting and leading by example. 

This is a newly created position where you will be provided with a genuine opportunity to create impact and drive the best security practices across the group. 

What you’ll be doing:

• Management and maintenance of the central Information Security Management System
• Maintain and certify new products to ISO 270001 
• Create, consult and operationalise security policies 
• Organise, lead and manage all security-related audit activity 
• Track and manage audit findings from conception through to delivery 
• Coordinate, monitor and measure activities to ensure the ISMS continues to operate as expected  
• Support and manage the supplier security assurance process 
• Manage the security awareness and training programme 
• Manage the continuous improvement process to ensure improvements and efficiencies within Security are achieved

Requirements

What we’re hoping you’ll bring:

• Previous experience in a security-focused role, particularly focusing on the implementation and management of an information security management system supporting ISO 270001
• A qualified ISO 27001 Lead Implementer or auditor (a nice to have)
• Excellent written and oral communication skills
• Natural capabilities to communicate with a diverse range of stakeholders
• Ability to influence and coach technical and non-technical stakeholders 
• Ambition and initiative to drive change in an evolving sector
• Self-motivation with the confidence and enthusiasm to take the initiative and get things done 
• Ability to prioritise workflow and ensure deadlines are met
• The willingness to learn and adapt in an ever-changing environment

Benefits

What you’ll get:

Beyond is much more than just a place to work. It is a place to grow, innovate, excel and learn. We have tech people, creative people and people people, all focused on providing a superior customer experience. 

We value, support and champion those we work with - promoting personal growth and happiness. We get that our success is dependent on the collective energy, intelligence and contributions of all our team members and we are committed to ensuring our work environment is the best it can be. 

We value your commitment and have worked hard to create adaptable and comprehensive benefits packages to suit individual needs, although you can expect the below as standard:

• 4-day working week 
• Flexible working schedule/work-from-home opportunities
• Onsite gym and well-being (quiet room) facilities 
• Buying and selling holiday scheme
• Additional holiday for length of service 
• Annual allowance for volunteering days 
• Onsite trained mental health and well-being champions 
• Monthly lunch club (on us) 
• Comprehensive wellness programmes (think meditation retreats and continuous access to well-being apps/initiatives) 
• Enhanced maternity, paternity and adoption benefits 
• Electric car scheme 
• Cycle to Work Scheme 
• Eye examination scheme 
• Financial contribution to the set up of work-from-home environments 
• Use of new and leading technology in the form of apple products 
• Frequent company-funded social events
• Office closure between Christmas & New Year 
• Access to continuous learning and development opportunities
• Comprehensive employee referral scheme 
• Casual Dress Code

In addition to the above, you’ll have access to our ‘take your pick’ benefits scheme which is tailored specifically to you! 

Beyond is an equal-opportunity employer. We encourage interest from all candidates and do not discriminate against any non-merit factors. If you require any adjustments to the application or selection process please call or email us so we can ensure you have the correct support: careers@wonde.com/ 01638 438094.

Head of Security Governance, Risk & Compliance

• Salary: 70,400 - 94,100
• Location: Cambridge/Hybrid Minimum 2 days a week in the office
• Contract: Permanent

TheHead of Security GRCis a senior leadership role within the Security SMT, tasked with driving the organisation's security governance, risk, and compliance strategy. This position engages across all levels of the business, ensuring regulatory compliance, effective risk management, and robust assurance processes to support decision-making by the Senior Leadership Team.

Youwill deliver a robust Security Assurance Framework, oversee supplier assurance activities, and maintain relevant ISO and Cyber Essentials certifications. Additionally, you'll drive the implementation of security standards, policies, governance reporting, and audit programmes to ensure robust controls are in place. You'll play a critical role in enabling informed decision-making and promoting a culture of security awareness across the organisation.

We areCambridge University Press & Assessment, a world-leading academic publisher and assessment organisation and a proud part of the University of Cambridge.

About the role

The position involves engaging atall organisational levels, managing security risks, ensuring regulatory compliance, and providing assurance on business practices to support informed decisions by the Senior Leadership Team and Security Board. Responsibilities include implementing and monitoring security standards, policies, AI governance, and audit programmes to ensure effective mitigations and controls. Additionally, the role entails designing and delivering the Security Assurance Framework, conducting supplier assurance activities and audits, leading the Awareness Community of Practice, and maintaining relevant ISO & Cyber Essentials certifications.

KeyAccountabilities:

• Develops security standards, policies, and guidelines and ensures compliance across Cambridge.
• Leads the delivery of approved projects and investments to reduce risk and security exposure.
• Proactively identifies new threats, risks, and trends; reports mitigation progress to the Security Board and SLT.
• Collaborates with key stakeholders to create customer-centric security policies for products and services.
• Coordinates audits, regulatory inquiries, and external vendor activities to align with industry standards.
• Responsible for leading and managing the GRC team to achieve compliance and team success in the organisation.
• Oversees vendor relationships to ensure protection of Cambridge global people and assets.
• Aligns attack surface management (ASM) process with GRC objectives and provides updates on mitigation progress.
• Integrates AI governance with relevant GRC frameworks to meet regulatory standards.
• Manages certifications like ISO 27001, 42001, Cyber Essentials, and HMG Security Policy Framework.

About you

We are looking for a highly skilled and experiencedprofessional with the following expertise:

• Proven experience managing an Information Security Management System (ISMS), including ISO 27001 certification.
• Strong working knowledge of security threats and proportionate mitigations, as well as supply chain security management systems.
• A minimum of 3 years' experience in a senior governance or risk management role.
• Active CRISC or ISO 27005 Risk Manager certification (or higher), with additional certifications such as ISO 27001/42001 Lead Auditor or Implementor being advantageous.
• Demonstrated experience in strategic governance of security, managing security risks in line with ISO 27005, and implementing ISO 27001 compliant systems.
• Expertise in auditing security controls for both internal operations and third parties.
• Exceptional stakeholder management skills, with the ability to build relationships across all organisational levels.
• Strong negotiation skills to influence decisions and achieve positive outcomes.
• Experience leading and developing teams, both within the UK and regionally.

If you would like to know more about thisopportunity and what will make you successful, please see the full job description attached to the bottom of this vacancy on our careers site.

Rewards and benefits

We will support you to be at your best in work and to live well outside of it. In addition to competitive salaries, we offer a world-class, flexiblerewards package, featuring family-friendly and planet-friendly benefits including:

• 28 days annual leave plus bank holidays
• Private medical and Permanent Health Insurance
• Discretionary annual bonus
• Group personal pension scheme
• Life assurance up to 4 x annual salary
• Green travel schemes

We are a hybrid working organisation, and we offer a range of flexible working options from day one. We expect most hybrid-working colleagues to spend 40-60% of their time at their dedicated office or location. We will also consider other work arrangements if you wish to work more flexibly or require adjustments due to a disability.

Ready to pursue your potential? Apply now.

We reviewapplications on an ongoing basis, with a closing date for all applications being 27th July although we may close it earlier if suitable candidates areidentified. Interviews are scheduled to take place shortly after it closes.

Please note that successful applicants will be subject to satisfactory background checks including DBS due to working in a regulated industry.

University Press & Assessment is an approved UK employer for the sponsorship of eligible roles and applicants under the Skilled Worker visa route. Please refer to thegovwebsite for guidance to understand your own eligibility based on the role you are applying for.

Head of Security Governance, Risk & Compliance

Head of Security Governance, Risk & Compliance

• Salary: 70,400 - 94,100
• Location: Cambridge/Hybrid Minimum 2 days a week in the office
• Contract: Permanent

TheHead of Security GRCis a senior leadership role within the Security SMT, tasked with driving the organisation's security governance, risk, and compliance strategy. This position engages across all levels of the business, ensuring regulatory compliance, effective risk management, and robust assurance processes to support decision-making by the Senior Leadership Team.

Youwill deliver a robust Security Assurance Framework, oversee supplier assurance activities, and maintain relevant ISO and Cyber Essentials certifications. Additionally, you'll drive the implementation of security standards, policies, governance reporting, and audit programmes to ensure robust controls are in place. You'll play a critical role in enabling informed decision-making and promoting a culture of security awareness across the organisation.

We areCambridge University Press & Assessment, a world-leading academic publisher and assessment organisation and a proud part of the University of Cambridge.

About the role

The position involves engaging atall organisational levels, managing security risks, ensuring regulatory compliance, and providing assurance on business practices to support informed decisions by the Senior Leadership Team and Security Board. Responsibilities include implementing and monitoring security standards, policies, AI governance, and audit programmes to ensure effective mitigations and controls. Additionally, the role entails designing and delivering the Security Assurance Framework, conducting supplier assurance activities and audits, leading the Awareness Community of Practice, and maintaining relevant ISO & Cyber Essentials certifications.

KeyAccountabilities:

• Develops security standards, policies, and guidelines and ensures compliance across Cambridge.
• Leads the delivery of approved projects and investments to reduce risk and security exposure.
• Proactively identifies new threats, risks, and trends; reports mitigation progress to the Security Board and SLT.
• Collaborates with key stakeholders to create customer-centric security policies for products and services.
• Coordinates audits, regulatory inquiries, and external vendor activities to align with industry standards.
• Responsible for leading and managing the GRC team to achieve compliance and team success in the organisation.
• Oversees vendor relationships to ensure protection of Cambridge global people and assets.
• Aligns attack surface management (ASM) process with GRC objectives and provides updates on mitigation progress.
• Integrates AI governance with relevant GRC frameworks to meet regulatory standards.
• Manages certifications like ISO 27001, 42001, Cyber Essentials, and HMG Security Policy Framework.

About you

We are looking for a highly skilled and experiencedprofessional with the following expertise:

• Proven experience managing an Information Security Management System (ISMS), including ISO 27001 certification.
• Strong working knowledge of security threats and proportionate mitigations, as well as supply chain security management systems.
• A minimum of 3 years' experience in a senior governance or risk management role.
• Active CRISC or ISO 27005 Risk Manager certification (or higher), with additional certifications such as ISO 27001/42001 Lead Auditor or Implementor being advantageous.
• Demonstrated experience in strategic governance of security, managing security risks in line with ISO 27005, and implementing ISO 27001 compliant systems.
• Expertise in auditing security controls for both internal operations and third parties.
• Exceptional stakeholder management skills, with the ability to build relationships across all organisational levels.
• Strong negotiation skills to influence decisions and achieve positive outcomes.
• Experience leading and developing teams, both within the UK and regionally.

If you would like to know more about thisopportunity and what will make you successful, please see the full job description attached to the bottom of this vacancy on our careers site.

Rewards and benefits

We will support you to be at your best in work and to live well outside of it. In addition to competitive salaries, we offer a world-class, flexiblerewards package, featuring family-friendly and planet-friendly benefits including:

• 28 days annual leave plus bank holidays
• Private medical and Permanent Health Insurance
• Discretionary annual bonus
• Group personal pension scheme
• Life assurance up to 4 x annual salary
• Green travel schemes

We are a hybrid working organisation, and we offer a range of flexible working options from day one. We expect most hybrid-working colleagues to spend 40-60% of their time at their dedicated office or location. We will also consider other work arrangements if you wish to work more flexibly or require adjustments due to a disability.

Ready to pursue your potential? Apply now.

We reviewapplications on an ongoing basis, with a closing date for all applications being 27th July although we may close it earlier if suitable candidates areidentified. Interviews are scheduled to take place shortly after it closes.

Please note that successful applicants will be subject to satisfactory background checks including DBS due to working in a regulated industry.

University Press & Assessment is an approved UK employer for the sponsorship of eligible roles and applicants under the Skilled Worker visa route. Please refer to thegovwebsite for guidance to understand your own eligibility based on the role you are applying for.

Head of Security Governance, Risk & Compliance

Job Title: Head of Security Governance, Risk & Compliance

Salary: £70,400 - £94,100

Location: Cambridge/Hybrid Minimum 2 days a week in the office

Contract: Permanent

 

The Head of Security GRC is a senior leadership role within the Security SMT, tasked with driving the organisation's security governance, risk, and compliance strategy. This position engages across all levels of the business, ensuring regulatory compliance, effective risk management, and robust assurance processes to support decision-making by the Senior Leadership Team.

You will deliver a robust Security Assurance Framework, oversee supplier assurance activities, and maintain relevant ISO and Cyber Essentials certifications. Additionally, you'll drive the implementation of security standards, policies, governance reporting, and audit programmes to ensure robust controls are in place. You'll play a.

Information Security Manager

Location: Central Bristol
Job Type: Full-time, Hybrid (2 days per week in-office)
Salary: 60,000 - 70,000 + Benefits

We are recruiting an Information Security Manager to lead the operational and strategic security programme for a respected organisation headquartered in central Bristol. This hybrid role offers the opportunity to shape the company's approach to information risk and resilience, while managing a skilled internal team and driving alignment with industry standards and best practice.

Reporting to the Head of Security & Governance , the successful candidate will play a central role in delivering risk reduction across the business. You'll be responsible for maintaining ISO27001 compliance, overseeing risk assessment and mitigation, and supporting incident management across multi-entity operations.

• Lead and manage a team of three security professionals , supporting their development and day-to-day delivery.
• Ensure ongoing ISO27001 accreditation and alignment with broader assurance frameworks (e.g. NIST CSF, Cyber Essentials).
• Shape and implement the company's information security strategy , including policy, tooling, and training.
• Conduct risk assessments, oversee remediation plans, and guide secure-by-design approaches across projects.
• Provide technical leadership in areas including threat intelligence, compliance reporting, and incident response .
• Support regulatory and internal audits, contributing clear documentation and continuous improvement.
• Collaborate with internal teams and external partners, including service providers and the organisation's parent company.

• Demonstrable experience in information security leadership , including line management or team leadership .
• In-depth knowledge of ISO27001, GDPR, FCA SYSC, PCI DSS and other regulatory/compliance frameworks.
• Hands-on experience with security technologies: SIEM, IAM, vulnerability assessment, endpoint protection, cloud services (AWS, SaaS, IaaS) .
• Strong communication skills and stakeholder management abilities.
• Experience in incident response and enterprise risk reporting.
• Professional certifications such as CISSP or ISO27001 Lead Implementer/Auditor (desirable).

• Hybrid working (2 days per week in-office)
• Generous annual leave & pension contributions
• Life assurance and private health options
• Training budget and career development support
• Collaborative, supportive team culture

If you're ready to lead a team, shape an enterprise-wide security programme, and work at the heart of a well-established organisation, we'd love to hear from you.

Apply today - successful applicants will be contacted within 24-48 working hours.

Information Security Manager

Location: Central Bristol
Job Type: Full-time, Hybrid (2 days per week in-office)
Salary: 60,000 - 70,000 + Benefits

We are recruiting an Information Security Manager to lead the operational and strategic security programme for a respected organisation headquartered in central Bristol. This hybrid role offers the opportunity to shape the company's approach to information risk and resilience, while managing a skilled internal team and driving alignment with industry standards and best practice.

Reporting to the Head of Security & Governance , the successful candidate will play a central role in delivering risk reduction across the business. You'll be responsible for maintaining ISO27001 compliance, overseeing risk assessment and mitigation, and supporting incident management across multi-entity operations.

• Lead and manage a team of three security professionals , supporting their development and day-to-day delivery.
• Ensure ongoing ISO27001 accreditation and alignment with broader assurance frameworks (e.g. NIST CSF, Cyber Essentials).
• Shape and implement the company's information security strategy , including policy, tooling, and training.
• Conduct risk assessments, oversee remediation plans, and guide secure-by-design approaches across projects.
• Provide technical leadership in areas including threat intelligence, compliance reporting, and incident response .
• Support regulatory and internal audits, contributing clear documentation and continuous improvement.
• Collaborate with internal teams and external partners, including service providers and the organisation's parent company.

• Demonstrable experience in information security leadership , including line management or team leadership .
• In-depth knowledge of ISO27001, GDPR, FCA SYSC, PCI DSS and other regulatory/compliance frameworks.
• Hands-on experience with security technologies: SIEM, IAM, vulnerability assessment, endpoint protection, cloud services (AWS, SaaS, IaaS) .
• Strong communication skills and stakeholder management abilities.
• Experience in incident response and enterprise risk reporting.
• Professional certifications such as CISSP or ISO27001 Lead Implementer/Auditor (desirable).

• Hybrid working (2 days per week in-office)
• Generous annual leave & pension contributions
• Life assurance and private health options
• Training budget and career development support
• Collaborative, supportive team culture

If you're ready to lead a team, shape an enterprise-wide security programme, and work at the heart of a well-established organisation, we'd love to hear from you.

Apply today - successful applicants will be contacted within 24-48 working hours.

Title: Infomation Security Engineer

Contract: 8 month (Initially)

Rate: Up to £625 Per Day (Inside IR35)

Location: Remote!

Are you passionate about embedding security into the heart of technology change?

if so.

Our client is looking for an experienced Secure by Design Specialist to support their high-profile organisation in strengthening their security posture across major transformation initiative.

WHJS1_UKTJ

To support the Chief Information Security Officer in managing and reporting the Information Security Risks faced by Technology Services (TS) in delivering AJ Bells systems and services. This role is responsible for facilitating the secure delivery of AJ Bells technology and business change. The Information Security Architect will play a lead role in designing and implementing security controls and.

WHJS1_UKTJ