22nd June 2026
Security Assurance Specialist
Information Security
Remote
up to £70k
We are seeking an experienced and highly motivated Security Assurance Specialist to join our growing organisation. This individual contributor role will play a critical part in driving and maintaining our Governance, Risk, and Compliance (GRC) capabilities while ensuring ongoing adherence to our Information Security Management System (ISMS) and other mandatory regulatory and compliance requirements.
As a trusted advisor to both Business and IT leadership, you will collaborate across the organisation to strengthen compliance frameworks, support audit readiness, manage compliance risks, and foster a culture of security and continuous improvement.
This is an excellent opportunity for a compliance professional who thrives in a dynamic environment and is passionate about enabling business growth while maintaining a strong compliance posture.
Key Responsibilities
Compliance & ISMS Governance
- Support the development, maintenance, and continuous improvement of all ISMS policies and standards.
- Ensure effective implementation and adoption of ISMS policies, standards, and compliance requirements across the organisation.
- Regularly assess compliance controls to ensure ongoing effectiveness, compliance, and continuous improvement.
- Drive the maturation and enhancement of compliance testing frameworks and control monitoring programs.
- Identify, analyse, and mitigate operational compliance and security risks.
Audit & Regulatory Compliance
- Lead organisational readiness for internal, external, and certification audits.
- Coordinate audit activities and manage audit findings through to successful remediation and closure.
- Ensure continued compliance with relevant security, regulatory, and industry standards.
- Monitor and provide guidance on emerging regulatory and compliance requirements.
Governance, Risk & Compliance (GRC)
- Act as the organisational lead for GRC initiatives and serve as a trusted advisor to Business and IT stakeholders.
- Manage and optimise GRC tools, reporting, metrics, and dashboards.
- Maintain compliance knowledge bases and provide expert guidance to teams as required.
- Support risk assessments and help align controls with business objectives and operational processes.
Security Culture & Awareness
- Promote a strong culture of security and compliance across the organisation.
- Develop, implement, and maintain security awareness programmes, training materials, and educational initiatives.
- Mentor Security, IT, and control owners in risk management, control effectiveness, and continuous improvement practices.
- Drive the adoption of business-as-usual compliance and security practices.
Business Partnership
- Work closely with Product, Engineering, Security, IT, and business teams to embed compliance requirements into operational processes.
- Advise on security considerations during the development, evaluation, selection, implementation, and configuration of systems and applications.
- Remove barriers and simplify processes to enable secure and compliant business operations.
- Support customer, client, and sales-related compliance requests, questionnaires, and due diligence activities.
Skills & Experience
Essential
- Significant experience in information security, compliance, governance, risk management, or audit functions.
- Strong understanding of Information Security Management Systems (ISMS), particularly ISO 27001 and related frameworks.
- Experience managing internal and external audits and remediation programmes.
- Knowledge of risk management methodologies and control frameworks.
- Experience working with GRC platforms and compliance reporting tools.
- Excellent stakeholder management and communication skills.
- Ability to influence and collaborate effectively at all levels of the organisation.
- Strong analytical, problem-solving, and organisational skills.
- Ability to work independently while managing multiple priorities.
Desirable
- Professional certifications such as CISA, CRISC, CISSP, CISM, ISO 27001 Lead Auditor, or ISO 27001 Lead Implementer.
- Experience within a software, technology, SaaS, or highly regulated environment.
- Knowledge of additional compliance frameworks and standards such as SOC 2, GDPR, NIST, or PCI-DSS.
What Success Looks Like
- Continued success in audits, certifications, and regulatory reviews.
- Strong organisational adherence to ISMS controls and security requirements.
- Increased maturity of compliance testing and monitoring frameworks.
- Enhanced security awareness and compliance culture across the business.
- Effective risk management and timely remediation of audit findings.
- Trusted partnership with business, technology, and customer-facing teams.
Consultant - Abigail Moss
Telephone: 0207 392 7516
Email: abigail.moss@spencer-rose.com
Share This Position