Senior Compliance Analyst

Role Profile

Senior Compliance Analyst

Division/Dept.

Data Governance and Information Security

Location

Hybrid working with base location of Coventry or London

Reporting to

Security Compliance and Culture – Compliance Manager

In a nutshell

As a Senior Compliance Analyst, you’ll play a key role in driving the compliance assurance programme and will be responsible for delivering the annual NIST-CSF maturity assessment, driving continuous maturity and improvement; and you'll support the delivery of operational effectiveness testing of IT general controls.

You’ll be responsible for defining the security testing roadmap, communicating this with key stakeholders and senior management, and reporting on key outputs and remediation activities. Additionally, you’ll recommend and drive process enhancements across key control areas, seeking out opportunities to support broader compliance strategies.

What you need to do

• Deliver the internal annual NIST-CSF maturity programme.
• Own and coordinate the security testing roadmap, supporting the overall Compliance strategy.
• Manage the annual NIST-CSF assessment testing schedule.
• Support and drive the annual IT General Controls assurance programme, testing and evaluating IT Applications Controls within financial processes.
• Report on compliance activities to stakeholders and produce packs for audit and data governance committees.
• Continuously assess security and technology control effectiveness, raising risks or defining remediation requirements.
• Drive remediation plans to improve maturity and reduce risk, reporting results to stakeholders and senior management.
• Improve processes and documentation to support control testing and policy implementation.
• Ensure the integrity and efficiency of audit records and compliance activities.
• Manage DNS, Domains, and SSL programmes and support projects as needed.
• Handle purchase orders, invoicing, and receipts accurately and promptly.
• Maintain good relationships with Finance to resolve issues.

What you need to know and show

• Effective collaboration with teams and stakeholders to drive the agenda.
• Experience in assurance testing across industry frameworks, such as NIST-CSF, ISO27001, PCI-DSS, GDPR, and IT General Controls.
• Strong organizational skills to coordinate outputs from stakeholders.
• Familiarity with key frameworks and regulations.
• Proactive approach to industry changes and implementation.
• Ability to identify and resolve issues proactively.
• Prioritization skills to deliver quality results aligned with compliance strategy.
• Strong communication skills, both spoken and written.

Support we will provide

• Support and guidance from your line manager.
• Access to ITGC, GRC, Data Governance, and Infosec teams.
• Training materials on NIST, IT General Controls, PCI-DSS, GDPR.
• Additional resources as needed.

Qualifications

We are committed to inclusivity and development. We offer flexible working, benefits, and a supportive environment to help you grow and succeed in our team.