Security GRC Manager
Security GRC Manager
Employer Active
Job Alert
You will be updated with latest job alerts via email
Job Alert
You will be updated with latest job alerts via email
Job Description
The Security GRC (Governance Risk & Compliance) Manager will take the lead in developing implementing and continuously improving our global security governance risk and compliance programs. Youll play a critical role in maintaining and achieving key security certifications driving regulatory compliance across multiple regions and enabling a strong security culture across the business.
Youll be joining a small high-performing and collaborative security team where your ideas initiative and hands-on mindset will make a real impact. If youre an experienced GRC professional with a passion for innovation a data-driven approach and a proven track record in tech environmentsthis is the role for you.
Responsibilities:
Security Frameworks: Lead the management and continuous improvement of security frameworks such as ISO/IEC 27001 NIST CSF and others as required.
Certifications & Audits: Oversee and drive certification and re-certification efforts for Cyber Essentials Plus SOC 2 Type 2 and other relevant regional or industry-specific standards across EMEA Americas and Asia.
Compliance & Regulation: Analyse global laws and regulatory requirements to ensure the business meets applicable security compliance obligations (e.g. EU GDPR DORA etc.).
Risk Management: Own and manage the security risk management program including advanced risk assessments vendor risk reviews and mitigation planning.
Security Incidents: Collaborate with cross-functional teams on security incident coordination response root cause analysis and continuous improvement efforts.
Stakeholder Reporting: Provide clear data-driven reporting to senior stakeholders on GRC metrics risks controls and compliance posture.
Awareness & Training: Design and deliver user training programs and security awareness initiatives to foster a strong security-first culture.
Customer Trust: Respond to customer assurance questionnaires support sales and legal teams with RFPs and security-related queries.
Qualifications :
5 years of hands-on experience in information security governance risk and compliance.
Deep experience leading and maintaining ISO 27001 NIST CSF and SOC 2 Type 2 programs.
Proven track record with certification efforts like Cyber Essentials Plus and local/regional compliance standards across EMEA Americas and Asia.
Strong understanding of international laws and regulations related to cybersecurity and data protection.
Expertise in ISMS management internal/external audits policy lifecycle management and compliance monitoring.
Confident in conducting risk assessments vendor reviews and third-party due diligence.
Comfortable presenting to and influencing executive leadership.
Experience working in tech startups or global technology corporations is highly desirable.
A hands-on innovative and analytical mindset you enjoy rolling up your sleeves and solving complex problems.
Excellent communication skills written and verbal with the ability to translate security language for different audiences.
Certifications required:
CISSP (Certified Information Systems Security Professional)
ISO 27001 Lead Implementer and/or Auditor certification
Nice to have:
Experience with security tools such as GRC platforms (e.g. Vanta Drata OneTrust)
Familiarity with regulatory frameworks like EU GDPR and DORA
Background in customer trust sales enablement or due diligence support
Additional Information :
- Hybrid working
- Contributory personal pension plan: - Minimum: Employee 2% and Employer 7%. Employer matches contributions in 1% increments to a maximum of: Employee 5% and Employer 10%
- Life Assurance 4 times annual salary
- Group Income Protection
- Private Medical Insurance this may include cover for partner and or children at company cost. Cover includes Optical Dental and Audiology
- Discretionary Bonus
- Competitive Annual Leave
- 2 Volunteering Days
- Benefit Hub
Remote Work :
No
Employment Type :
Full-time
Employment Type
Full-time