About the Role
No1 Server Technologies Ltd. is looking for an experienced IT Risk and Compliance Manager to join our Cardiff team. This role will lead the development, implementation, and continuous improvement of the company’s technology risk, information security compliance, and governance programmes.
You will work closely with senior management, technical teams, service delivery leaders, and external auditors to identify technology risks and ensure that appropriate controls are operating effectively. The ideal candidate combines strong knowledge of IT governance and regulatory compliance with a practical understanding of cloud infrastructure, managed services, cyber security, and business operations.
Key Responsibilities
IT Risk Management: Maintain the organisation’s technology risk framework and ensure that cyber security, infrastructure, cloud, operational, and third party risks are identified and assessed.
Risk Assessments: Conduct regular risk assessments across systems, applications, infrastructure, business processes, and technology projects.
Compliance Programme Management: Develop and maintain compliance programmes aligned with relevant legal, regulatory, contractual, and industry requirements.
Security Framework Oversight: Support compliance with recognised frameworks and standards such as ISO 27001, Cyber Essentials, NIST, GDPR, and applicable UK data protection requirements.
Policy Development: Create, review, and maintain IT risk, information security, data protection, access control, incident management, and business continuity policies.
Control Monitoring: Evaluate whether technical and operational controls are appropriately designed, documented, implemented, and maintained.
Audit Coordination: Plan and coordinate internal audits, external assessments, customer assurance reviews, certification activities, and regulatory inspections.
Third Party Risk: Assess technology suppliers, cloud providers, contractors, and other third parties to ensure that security and compliance expectations are satisfied.
Incident and Remediation Management: Support the investigation of security incidents, control failures, and compliance breaches while tracking corrective actions through completion.
Risk Reporting: Prepare clear risk reports, compliance dashboards, and management updates for senior leadership and relevant governance committees.
Technology Project Support: Review new systems, infrastructure changes, cloud deployments, and business initiatives to identify risk and compliance requirements before implementation.
Awareness and Training: Deliver practical guidance and training to employees on information security, data protection, risk management, and compliance responsibilities.
What We Are Looking For
Experience: At least 5 years of experience in IT risk, information security governance, technology compliance, cyber security assurance, or a related field.
Management Experience: Previous experience managing compliance activities, audit programmes, risk registers, remediation plans, or governance projects.
Education: Bachelor’s degree in Information Technology, Cyber Security, Risk Management, Business, Computer Science, or a related discipline.
Framework Knowledge: Strong understanding of ISO 27001, Cyber Essentials, NIST, GDPR, IT governance, internal controls, and technology risk management practices.
Technical Understanding: Familiarity with cloud platforms, network infrastructure, identity and access management, vulnerability management, incident response, and managed IT services.
Audit Skills: Experience preparing evidence, managing findings, working with auditors, and coordinating certification or customer assurance activities.
Analytical Ability: Able to assess complex technology risks, identify control weaknesses, and recommend proportionate and practical improvements.
Communication Skills: Confident communicating technical and regulatory issues to senior leaders, clients, auditors, and non technical stakeholders.
Professional Qualifications: Certifications such as CISA, CRISC, CISSP, ISO 27001 Lead Implementer, ISO 27001 Lead Auditor, or equivalent are desirable.
Professional Approach: Demonstrates sound judgement, confidentiality, attention to detail, and the ability to manage competing compliance priorities.
Pay: £65,000.00-£72,000.00 per year
Work Location: In person