We’re building the UK's next generation engineering powerhouse, providing critical technology that strengthens national security and resilience.
We specialise in turning advances in sensing, AI, and communications into operational capability for the edge, where connectivity may be degraded or denied. Our work focuses on accelerating the deployment of technology, improving decision-making for frontline teams, and protecting people and critical assets in demanding environments.
Headquartered in Bristol, Rowden employs around 160 people and operates over 20,000 square feet of engineering and manufacturing facilities. We have a growing international footprint and are one of Europe’s fastest-growing engineering businesses.
About the role
We are looking for a Security Governance, Risk and Compliance (GRC) Officer to join our expanding security team. In this role, you will work alongside our security architects and engineers, providing governance, risk and compliance support across the organisation. Helping to ensure security is joined up, proportionate and embedded in how we deliver work.
We are open to candidates from a range of backgrounds, you don’t need to arrive with deep prior knowledge of every defence-specific framework. If you’ve built skills in risk, audit, compliance, quality or governance, those are highly transferable here and we’ll support you to build the specialist knowledge through structured training on the job.
This is a role with clear room to grow into broader security assurance and governance responsibility as our security function scales alongside the business.
This role requires a minimum of 3 days per week on-site at our Bristol HQ.
Candidates must be eligible for SC clearance.
More information about security clearance is available here: https://www.gov.uk/government/publications/united-kingdom-security-vetting-clearance-levels
As Rowden’s Security Governance, Risk and Compliance Officer, you will:
- Advise programme and engineering teams on governance, risk, and compliance - helping them identify security requirements.
- Work closely with customer stakeholders to push for security solutions that are both effective and realistic.
- Own and develop risk management and assurance documentation and Secure by Design artefacts for new projects.
- Support the security aspects of bids and contracts and liaise with contracting authorities and accrediting bodies.
- Support compliance with UK defence and government requirements, including the MOD Cyber Security Model and Def Stan 05-138, the NCSC Cyber Assessment Framework, Secure by Design, and JSP 440 / Defence Security Policy Framework expectations.
- Track changes to relevant legislation, standards and guidance, including NCSC guidance, MOD requirements, ISO standards and UK GDPR / the Data Protection Act 2018.
- Help deliver security awareness and training, building a strong security culture.
Essential
- Experience in a security governance, risk and compliance, information security, audit or assurance role.
- A sound understanding of security governance and compliance principles.
- Working knowledge of ISO 27001 and information security risk management, including risk assessment and treatment.
- Experience maintaining policies, controls and evidence, and supporting internal or external audits.
- Strong written skills, with the ability to produce clear policies, reports and risk documentation.
- Sound risk judgement and the ability to make proportionate, well-reasoned decisions.
- A methodical, detail-oriented approach, with the discipline to keep accurate records and evidence.
- Strong communication skills, with the ability to turn standards and guidance into clear actions.
- Confidence to challenge and advise constructively at all levels.
- Ability to work at pace, manage competing priorities, while maintaining quality and control.
Desirable (not essential)
- A degree, or equivalent experience, in cyber security, information assurance, risk management or a related discipline.
- One or more recognised certifications, such as CISMP, ISO 27001 Lead Auditor or Lead Implementer, CISSP, CISM, CISA or CRISC held or being worked towards.
- Familiarity with UK defence and government frameworks.
- Knowledge of NIST CSF or 800-53 and of UK GDPR / the Data Protection Act 2018.
- Experience working in a defence, government or other regulated or secure environment.
About you
- Pragmatic: You apply controls proportionately and in a risk-based way, avoiding tick-box compliance.
- Collaborative: You build strong working relationships across teams and with external partners.
- Proactive thinker: You anticipate issues and actively shape how risks are managed, rather than only reacting.
- Resilient: You're comfortable in a fast-paced environment where requirements evolve as we learn more about the operational problem.
- Continuous improvement mindset: Keen to build specialist knowledge and keep pace with changing standards, threats and guidance.
We are committed to building a flexible, inclusive, and enabling company. Our aim is to create a diverse team of talented people with unique skills, experience, and backgrounds, so please apply and come as you are!
We also recognise the importance of flexible working and support this wherever we can. We typically operate a flexible, hybrid-working model, with an average 3 days in the office each week (dependent on the role). We welcome the opportunity to discuss flexibility, part-time working requirements and/or workplace adjustments with all our applicants.
Rowden is a Disability Confident Committed company, and we actively encourage people with disabilities and health conditions to apply for our roles. Please let us know your requirements early on so that we can make sure you have everything you need up front to help make the recruitment process and experience as easy as possible.
Finally, if you feel that you don’t meet all the criteria included above but have transferable skills and relevant experience, we’d still love to hear from you!
What matters to us?
- Our focus is on the end user. We exist to deliver the best possible outcomes for the users of our systems.
- Pace matters. The problems we solve are urgent.
- Our diverse skills and backgrounds make us better. Our team prides itself on being inclusive and multidisciplinary.
- We are radically honest. Saying what we mean, even when it isn’t easy.
- We are pragmatists. We provide realistic, focused solutions that get to the point.
- We improve continuously. We are relentless in our drive to make things better.
