Governance, Risk & Compliance Officer

CompanyAvidity

LocationGlasgow, Scotland, United Kingdom

Posted At3/10/2026

UK Visa Sponsorship Analytics

Analytics are greyed out due to low classification confidence (45.0%).

Occupation Type

Business associate professionals not elsewhere classified.

Occupation Code Skill LevelMedium Skilled

Sponsorship Salary Threshold

£41,700 (£21.38 per hour)

Standard minimum applies

Above analytics are generated algorithmically based on job titles and may not always be the same as the company's job classification. You can also check detailed occupation eligibility, and salary criteria on our UK Visa Eligible Occupations & Salary Thresholds page.

Disclaimer: Hunt UK Visa Sponsors aggregates job listings from publicly available sources, such as search engines, to assist with your job hunting. We do not claim affiliation with Avidity. For the most up-to-date job details, please visit the official website by clicking "Apply Now."

Description

Governance, Risk & Compliance Officer

Location: Glasgow (Hybrid)

Contract: 12-month fixed term contract with the potential for longer term opportunities

Salary: up to £40,000 per annum (pro rata)

About the Role

We’re looking for a motivated and curious Governance, Risk & Compliance Officer to join our small, high-impact Group GRC team. If you enjoy variety, problem solving, and working across information security, data protection, governance, and risk, this role offers the ideal blend.

This is not a narrow technical role. You’ll contribute to everything from ISO 27001 audits to privacy support, risk registers to business continuity testing. Working closely with colleagues across Avidity Group and its subsidiary businesses, you’ll help teams make informed decisions and operate safely — without slowing the business down.

If you enjoy learning, collaborating, and making a meaningful difference, you’ll feel at home here.

What You’ll Be Doing:

Information Security (Primary Focus)

Plan and deliver ISO 27001 internal audits and follow up corrective actions.
Support ISO 27001 surveillance and recertification activities.
Maintain and enhance the Information Security Management System (ISMS).
Conduct due diligence and risk assessments for suppliers, projects, applications, and systems.
Maintain security risk registers and reporting dashboards.
Contribute to policy updates and development (e.g., AI, remote working, BYOD).
Support Business Continuity and Disaster Recovery (BC/DR) processes and testing.
Help design and deliver security and privacy training.
Support security incident investigations and root cause analysis.
Act as a point of contact for security queries.
Manage service desk tickets relating to security governance and compliance.

Data Protection (Secondary – Development Opportunity)

Support low-to-medium severity data breach investigations.
Assist with Subject Access Requests and other rights-based enquiries.
Maintain privacy documentation (DPIAs, ROPAs, logs, evidence).

Support privacy communications and awareness initiatives.

Corporate Governance, Risk & Compliance

Support internal audits across Group functions and operating companies.
Maintain Group risk registers and contribute to risk analysis and control improvements.
Assist with policies, procedures, and governance frameworks.
Support BC/DR testing.
Help deliver GRC initiatives across multiple businesses in a pragmatic, supportive way.

What We’re Looking For:

Essential Skills & Experience

Strong working knowledge of ISO 27001 and core security controls.
Experience planning and delivering internal audits.
Experience supporting security incidents and/or breach investigations.
Excellent written and verbal communication skills — able to simplify complex topics.
Strong analytical skills and attention to detail.
Confident using Excel (pivot tables, lookups, dashboards) and PowerPoint (executive-ready slides).
Ability to manage competing priorities and meet deadlines.

Desirable

Experience across wider GRC activities.
Experience supporting UK GDPR compliance.
Interest in Health & Safety governance or operational risk.
Experience delivering training to mixed audiences.
Familiarity with Visio, MS Project, MS Forms, SharePoint, Copilot, or wider M365 governance.
ISO 27001 auditor or related qualifications (e.g., Security+, CISM, CRISC, CIPP/E).

The Mindset That Makes You Successful Here:

We’re looking for someone who is:

Curious and eager to grow across the GRC landscape.
Proactive and self-directed.
Trustworthy with sound judgement and discretion.
Solutions-focused — asking “How can we do this safely?” rather than “You can’t do that.”
Adaptable and willing to take ownership.
Comfortable building positive relationships across teams and levels.

Working Pattern & Environment

Hybrid working with 1–2 days per week in our Glasgow office, depending on business needs.
Some periods (e.g., audits or incidents) may require additional on-site presence.

Living within a reasonable commuting distance is desirable.

Evening or weekend work is rare and only required in exceptional circumstances.

You’ll work in a small, agile GRC function where your contribution has visible impact.

Why Join Us?

Develop across information security, data protection, governance, and risk.
Gain hands-on experience with ISO 27001, internal audit, BC/DR, privacy, and GRC frameworks.
Play a key role in shaping GRC maturity across the Group.
Be supported by the Group Risk Manager / DPO with coaching and development opportunities.
Work on meaningful projects that improve how the business operates.

Benefits:

25 days holiday + flexible public holidays (increases with service)
Company pension scheme (3% employer contribution)
Life assurance (3x annual salary)
Discounted private healthcare & Health Cash Plan
Annual Leave Purchase Scheme (up to 5 days)
Employee Assistance Programme (24/7 wellbeing support)
Family-friendly policies (enhanced maternity & paternity leave)
Employee benefits & discounts portal

If this role sounds like the right next step for you, we’d love to hear from you.