Risk and Compliance Analyst – Pension Software – Bristol
Location: Emersons Green (Hybrid working)
Salary: £32,000 - £37,000 + bonus + benefits
No agencies
Procentia is a multi-award-winning software and technology company specialising in the Pensions and Bulk Purchase Annuities market.
Since 2002, we’ve been developing intelligently designed ‘PenTech’ solutions that help pension schemes and insurers provide lasting value for their administrators and members.
We’re experts in the pensions sector. That’s all we do!
Our flagship solution is IntelliPen, a leading online administration and management system created for the modern pension era, not yesterday’s. Our software helps pension schemes of all types and sizes manage exceptional volumes of data and provide beautiful member experiences, while minimising the need for administrator intervention and involvement.
We're an innovative, visionary and fast-growing tech company. Through insight and research, we anticipate the future needs of our industry to support pensions schemes on their digital transformation journeys. We work to ensure their investment in our technology is future-proofed and their data is secure.
As a Risk and Compliance Analyst you will report to the Risk and Compliance Manager and ensure our company adheres to all Information Security accreditations, governance, and internal and external standards deemed a requirement. As part of our continuing growth, we’re looking for a new Risk and Compliance Analyst to join our team.
You will be responsible for supporting the implementation and delivery of the Risk and Compliance strategy, policies, working practices and measures defined within the Information Security Management System (ISMS) across the UK business.
Support with the creation and implementation of security policies and guiding management on the requirements of national quality standards (ISO 27001, SOC2, Cyber Essentials Plus)
Continual monitoring of the effectiveness of the ISMS and contribute to the advice given to senior management to determine whether the information security objectives are aligned with the organisations business objectives.
As directed by the Risk and Compliance Manager, you will be the point of contact to manage Improvement Plans/Remedial Action Plans, ensuring reviewers are aware and complete corrective action plans.
With the input from Risk and Compliance Manager you will guide and advise on Company Information Security documentation and the combined ISMS library.
The Risk and Compliance Analyst shall support or take a lead role in the audit of our security systems and complete a detailed report outlining whether the business is working effectively or whether some amendments are needed. This information is presented to the Group Head of Security, Risk and Compliance and will outline any necessary changes that need to be made in order to improve the integrity of the system.
The Risk and Compliance Analyst is expected to lead when required with internal and external stakeholders, current and prospective clients, suppliers, and with external auditors and advisors where required, during initiating new governance, standards, internal and external audits relating to security.
Essential skills
* Excellent communication and interpersonal skills
* Risk and Compliance experience
* ISO 27001 / SOC 2 / Security experience / certification
* Detail oriented
* Good judgement
* Good organisational skills
* Time management
* Strong sense of ethics
* Adaptable and agile
* A responsible and reliable professional, with an inclusive and consultative approach
* Ability to prioritise, meet deadlines and deliver rapid outcomes
* Excellent verbal, written communication, and organisational skills
* Ability to build credibility with colleagues and external clients and suppliers
* Proficiency in Microsoft Office applications
* Ability to multitask effectively
* Ability to work independently and as part of multi-disciplinary teams
What will you be doing:
•You will manage a diverse workload including multiple parallel tasks and you will prioritise your time and tasks effectively alongside the demands set on the business and to achieve time-critical deadlines.
•Support relevant business areas to update policies and controls to ensure compliance with applicable regulatory, audit, and security best practices to identify hidden risks or non-conformity issues.
•Work with SMEs to close compliance gaps where identified.
•Support the production and maintenance of detailed security documentation and the Information Security Management System (ISMS) with relevant business areas.
•In partnership with the Risk & Compliance Manager, support or take a lead role in the ISO 27001/SOC 2 and other security audit programs and take specific ownership of actions resulting from external audit and compliance activity – facilitate interaction between the relevant teams from issue identification through to remedial action, evidence collections and close. Escalate when required.
•Work with SMEs and stakeholders such as IT, Facilities, People, Marketing to identify, remediate and track information security issues.
Our generous benefits package offers:
* 25 days holiday (plus public holidays) increasing with length of service up to a maximum of 28 days
* Carry over holiday (up to 1 week)
* Buying and Selling holiday (up to 1 week)
* Volunteer day – 1 day per year to support a charity or cause that positively impacts the local communities
* 5% Employer contribution pension
* Life Assurance
* Private Medical Insurance
* Employee Assistance Programme (EAP)
* Health care cash plan
* Cycle to Work Scheme
* Tech Scheme - affordable way to get the latest home and tech for you and family
* Byond (exclusive discounts on everyday spend)
* Tusker – Electric Car Leasing scheme
* Refer a friend bonus
* Annual subscription for up to a maximum of two professional bodies
* Procentia Plodders and Pacers – running club
* Weekly office fruit basket
* Procentia Pantry
* Monthly socials
If you think you have most of what we are looking for, then go ahead and apply. We’d love to hear from you!
Procentia is committed to fair and accessible employment practices. If selected for an interview, we will be happy to work with you to ensure your interview is accessible and accommodation is provided. When your interview is being scheduled, please advise us of how we might be able to support your participation.