Head of Cyber GRC
I’m supporting an organisation seeking a Head of Cyber GRC, a senior, strategic hire responsible for leading their enterprise-wide governance, risk and compliance (GRC) function.
This role sits at the heart of the organisation’s cyber strategy, ensuring robust risk management, regulatory compliance, and effective governance across a complex, research-driven environment.
What you’ll be doing:
* Leading the organisation’s cyber risk and compliance strategy at an enterprise level.
* Designing and implementing governance frameworks, policies and institutional risk management processes.
* Managing regulatory compliance across PCI-DSS, Cyber Essentials+ and emerging standards.
* Owning third-party and vendor risk management across the full supplier lifecycle.
* Overseeing GRC technologies such as OneTrust and Bitsight, driving platform optimisation and continuous improvement.
* Providing board-level reporting, dashboards and assurance to senior leadership and governance committees.
* Embedding cyber risk and compliance into business planning, decision-making and cross-functional programmes.
* Leading organisation-wide training, awareness and capability development.
What you’ll bring:
* Extensive GRC leadership experience within complex or highly regulated environments.
* Strong knowledge of enterprise risk frameworks, regulatory engagement and governance committee support.
* Expertise in developing and maturing GRC programmes, risk registers and compliance processes.
* Experience with GRC tooling and enterprise risk management technologies.
* Exceptional communication skills and the ability to influence at executive and board level.
* Relevant qualifications (e.g., CRISC, IRM) and a proven strategic mindset.