Security GRC Manager
Security GRC Manager
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
The Security GRC (Governance Risk & Compliance) Manager will take the lead in developing implementing and continuously improving our global security governance risk and compliance programs. Youll play a critical role in maintaining and achieving key security certifications driving regulatory compliance across multiple regions and enabling a strong security culture across the business.
Youll be joining a small highperforming and collaborative security team where your ideas initiative and handson mindset will make a real impact. If youre an experienced GRC professional with a passion for innovation a datadriven approach and a proven track record in tech environmentsthis is the role for you.
Responsibilities:
Security Frameworks: Lead the management and continuous improvement of security frameworks such as ISO/IEC 27001 NIST CSF and others as required.
Certifications & Audits: Oversee and drive certification and recertification efforts for Cyber Essentials Plus SOC 2 Type 2 and other relevant regional or industryspecific standards across EMEA Americas and Asia.
Compliance & Regulation: Analyse global laws and regulatory requirements to ensure the business meets applicable security compliance obligations (e.g. EU GDPR DORA etc..
Risk Management: Own and manage the security risk management program including advanced risk assessments vendor risk reviews and mitigation planning.
Security Incidents: Collaborate with crossfunctional teams on security incident coordination response root cause analysis and continuous improvement efforts.
Stakeholder Reporting: Provide clear datadriven reporting to senior stakeholders on GRC metrics risks controls and compliance posture.
Awareness & Training: Design and deliver user training programs and security awareness initiatives to foster a strong securityfirst culture.
Customer Trust: Respond to customer assurance questionnaires support sales and legal teams with RFPs and securityrelated queries.
Qualifications :
5 years of handson experience in information security governance risk and compliance.
Deep experience leading and maintaining ISO 27001 NIST CSF and SOC 2 Type 2 programs.
Proven track record with certification efforts like Cyber Essentials Plus and local/regional compliance standards across EMEA Americas and Asia.
Strong understanding of international laws and regulations related to cybersecurity and data protection.
Expertise in ISMS management internal/external audits policy lifecycle management and compliance monitoring.
Confident in conducting risk assessments vendor reviews and thirdparty due diligence.
Comfortable presenting to and influencing executive leadership.
Experience working in tech startups or global technology corporations is highly desirable.
A handson innovative and analytical mindset you enjoy rolling up your sleeves and solving complex problems.
Excellent communication skills written and verbal with the ability to translate security language for different audiences.
Certifications required:
CISSP (Certified Information Systems Security Professional)
ISO 27001 Lead Implementer and/or Auditor certification
Nice to have:
Experience with security tools such as GRC platforms (e.g. Vanta Drata OneTrust)
Familiarity with regulatory frameworks like EU GDPR and DORA
Background in customer trust sales enablement or due diligence support
Additional Information :
- Hybrid working
- Contributory personal pension plan: Minimum: Employee 2 and Employer 7. Employer matches contributions in 1 increments to a maximum of: Employee 5 and Employer 10
- Life Assurance 4 times annual salary
- Group Income Protection
- Private Medical Insurance this may include cover for partner and or children at company cost. Cover includes Optical Dental and Audiology
- Discretionary Bonus
- Competitive Annual Leave
- 2 Volunteering Days
- Benefit Hub
Remote Work :
No
Employment Type :
Fulltime
Employment Type
Full-time
