Cyber Risk and Compliance Analyst

Overview

Monday - Friday (37.5 hours per week - hybrid).

Benefits

• 25 days holiday (rising to 28 after 3 years' service) plus bank holidays.
• Private Medical - via vitality, with reward schemes paid for you and your family.
• Health cash plan - via Simply Health for employees and children.
• Pension - Oodle will contribute 5% of your salary into your pension pot.
• Free breakfast, drinks and fruit in the office.
• Employee discounts for major shops.
• 1 day volunteer day per year.
• Mental health care - 6 free counselling sessions via our EAP.
• Paid sick leave - enhanced company sick pay.
• Enhanced family leave - enhanced leave for primary and secondary caregivers.

What you'll be getting up to

• Maintain and operate the Cyber Risk Register, ensuring timely tracking and treatment of issues. Provide reporting for key governance committees.
• Deliver the Information Risk Assessment Programme, engaging business and technical stakeholders to assess and manage cyber threats and risks.
• Deliver Supplier Risk Assessments, working with procurement and business teams to assess and monitor third-party risk through the supplier life-cycle.
• Facilitate and document Security Risk Exceptions.
• Cyber Training and Awareness: Contribute to the design and rollout of security awareness content and phishing simulation programmes to embed a strong cyber culture.
• Security Policy Framework: Support ongoing development, maintenance, and communication of the organisation's Security Policy framework, reviewing and updating policies and procedures.
• Cyber Security & Resilience Compliance: Coordinate compliance efforts across standards such as PCI-DSS, audits, user access reviews, and FCA operational resilience requirements. Work with stakeholders to manage remediation actions and audit responses.
• Support Cyber Incident Management: Act as a supporting resource in cyber incident response activities, logging, tracking and learning from incidents and near misses.

Qualifications

• A minimum of two years' experience in a cyber risk / information security role.
• Working knowledge of cyber risk frameworks (e.g. ISO 27001, NIST CSF).
• Experience maintaining risk registers and conducting information risk assessments, including supplier risk assessments.
• Understanding of regulatory and compliance requirements (e.g. PCI-DSS).
• Excellent communication skills, with the ability to articulate technical and risk concepts to diverse stakeholders.
• Proactive and structured approach to managing tasks and stakeholders.
• Collaborative mindset to strengthen the organisation's security posture, in line with business objectives.
• Certified qualifications such as CRISC, CISMP, CISM, CISSP, ISO 27001 Lead Implementer, or equivalent.
• Experience with GRC tools (e.g. OneTrust, Archer, Protecht).
• Awareness of cloud platforms and SaaS (e.g. Microsoft Azure, M365, AWS) and associated security risks.
• Understanding of SYSC15 Operational Resilience (FCA Handbook).
• Exposure to incident management or data breach support.

Our values

• Embrace being human
• Strive for awesome
• Everyone's a builder
• Bravely honest
• Think customer

Oodle is proud to be an inclusive workplace and recognises diversity of experience, thoughts and backgrounds leads to better outcomes. We have DEI networks to support our culture.