Apply for this job now

Policy, Risk and Compliance Manager

Norwich, Norfolk
Job Type
1 Jul 2021
The Policy, Risk and Compliance Manager will be working in a complex IT function, and will be accountable for managing the day-to-day development and maintenance of ITCS Policy and the ITCS Risk register, whilst assessing compliance with policy and other associated regulations, and negotiating appropriate corrections or mitigations for non-compliance.

This new role will entail a number of key, regular activities:


Develop and maintain a good understanding of policies, as well as other related policies; ensure that these are current, well-defined and supportable
Develop and maintain a strong network of contacts both within and beyond responsibility for governance and approvals of policies
Identify requirements for new or updated policies as they arise; draft new policy wording as required, and circulating around appropriate governance/sign-off groups to embed
Review existing policies, guidelines and standards to identify improvements that will improve understanding and adoption
Work closely with Information Security and Data Protection teams to ensure that our commitments and legal obligations are supported by policy
Think strategically to identify ways in which Policy can be implemented across the organisation in the most effective ways
Report on policy to stakeholders both within and across the wider business

Act as the owner for the Risk Register, keeping a record of current risks and working with colleagues to regularly review and maintain the register
Work with the Data Protection team to review and mitigate any IT risks identified through
the Data Protection Impact Assessment process for new or existing services
data security breaches or near misses
Identify and gather detail on new or updated risks, and feed these into the risk register as required
Hold regular meetings with stakeholders to provide risk analysis in terms of trends and potential mitigation; this should include working with project delivery teams to identify ways in which IT change might increase or decrease risks
Participate in risk mitigation exercises, helping to identify, co-ordinate and champion efforts to reduce risks
Report to the wider Business and Exec team as required on risks

Act as the central owner for Compliance activity, identifying areas of potential non-compliance, both with internal policy and external regulations, determining action plans to resolve or mitigate non-compliance
Act as the primary point of contact for PCI Compliance and drive work to ensure PCI audits are supported and associated work is driven forwards
Work with stakeholders both within and outside to present pragmatic approach to compliance, ensuring that pragmatism and balance are maintained whilst delivering the best possible levels of compliance
Provide reporting to stakeholders on levels of compliance, areas of concern or future threats
Act as co-ordinator for Freedom of Information requests relating
Review and monitor compliance with agreements between the business and suppliers and other external stakeholdersAs part of the above, the role-holder is expected to have regular contacts with other Managers and department Heads of Department across ITCS to maintain good communications, accurate and up-to-date information and a good overall awareness of the strategic aims and initiatives of the department.

For more information please contact Henry Dawson at Pure Resourcing Solutions, or click apply. A full job spec is available
Apply for this job now


  • Job Reference: 318661621-2
  • Date Posted: 1 July 2021
  • Recruiter: Pure Resourcing Solutions Limited
    Pure Resourcing Solutions Limited
  • Location: Norwich, Norfolk
  • Salary: £40,000
  • Sector: I.T. & Communications
  • Job Type: Permanent