What you'll be doing

You’ll play a key role in strengthening our IT governance, risk, and compliance framework. This includes evolving the ISMS, leading internal compliance activities, analysing audit data, and supporting security incident response with clear risk assessments and reporting.

You’ll oversee IT risk management processes—maintaining the risk register, tracking mitigation actions, and supporting reporting across cybersecurity, resilience, and third-party risk. Working closely with IT, Legal, Procurement, and business teams, you’ll also support system acquisitions, bids, and due diligence from a security perspective.

In addition, you’ll manage software governance and application risk, ensuring effective controls, clear ownership, and timely remediation. Reporting to the Group CISO, you’ll contribute to the development of the IT GRC function while promoting strong information security practices across the organisation.

What you'll bring to the role

• Strong understanding of information security, risk, and compliance in a regulated environment, with hands-on experience of frameworks such as ISO 27001, NIST, Cyber Essentials, and GDPR.
• Proven experience in IT risk or compliance roles, including risk assessments, audits, gap analysis, and maintaining risk registers.
• Comfortable working in project-based environments and managing multiple priorities to deliver accurate, high-quality outputs.
• Strong communication skills, with the ability to engage confidently with senior stakeholders and collaborate across technical and non-technical teams.
• Organised, detail-focused, and proficient in MS Office tools, with the ability to quickly pick up new systems.
• Proactive mindset and genuine interest in cybersecurity and IT governance, with a relevant degree or professional qualification preferred.

What we will give you in return

We want you to succeed at [Employer hidden] and thrive in your role. You will be well supported with regular career conversations. We also offer full training and numerous pathways into leadership and qualified clinical positions to help you shape your career with us.

• 25 days Annual Leave + Bank Holidays + additional day’s leave for your Birthday!
• Annual leave entitlement increases based on length of service: 27 days after 5 years’ service and 30 days after 10 years’ service
• Length of service recognition awards – every 5 years
• Employee Assistance Programme
• Initial Disclosure Check Cost covered, if applicable to role
• ‘My Possible Self’ App and health-related benefits
• Online discounts and cashback rewards – [Employer hidden] Perks
• Smart Technology scheme (qualifying period)
• Cycle to work scheme (qualifying period)
• Smart Holidays (qualifying period)
• Gym Flex (qualifying period)
• Healthcare Cash Plan – Simply Health Scheme
• Eye Care Vouchers
• ‘Cash for Colleagues’ – Employee referral scheme
• Access to development opportunities
• Sponsorship of professional qualifications through our Individual Professional Development (IPD) panel
• Leadership & management development
• Parental Leave Gift

About [Employer hidden]

[Employer hidden] is the UK’s leading independent provider of mental health and adult social care. With 12,000 colleagues and a network of 270 services, we support over 24,000 people each year to live their lives as fully and independently as possible. We treat more than 70 conditions – including depression, anxiety, eating disorders and children’s mental health – and provide residential and supported living care for autistic adults, people with a learning disability, Prader–Willi Syndrome, brain injuries and older people.

We are an equal opportunities employer committed to providing an inclusive, accessible recruitment process. Learn more about the accessibility support we offer here.

All roles are subject to a successful disclosure at an appropriate level from the Disclosure and Barring Service (DBS), Access NI or Disclosure Scotland. [Employer hidden] will cover the cost of a DBS check.

Please take the time to familiarise yourself with the full job description attached prior to making an application.

Shortlisting may begin upon receipt of applications, and the Recruiting Manager may close the vacancy early if enough suitable candidates are identified.

Documents: Job description - it technical risk analyst (uk).pdf