Job Description
I am currently looking for a GRC Specalist to lead and strengthen my client's information security and data protection capabilities. You'll own the operation and continuous improvement of their Information Security, ensuring compliance with ISO 27001 & GDPR. This is a senior, hands-on role where you'll work closely with business and IT teams to embed secure, compliant ways of working across the organisation. Responsibilities / Duties- Own and evolve information security and data protection policies, standards, and procedures. - Design and support governance processes to ensure consistent security and compliance. - Lead and support information security and data protection risk management. - Lead or support internal and external audits (ISO 27001 / GDPR), including remediation planning and tracking. - Maintain clear, audit-ready compliance evidence and reporting. - Act as a senior subject matter expert for information security, governance, and data protection. - Work collaboratively with business, IT, and functional teams to balance security requirements with operational needs. - Promote security and data protection awareness through training and engagement. - Provide constructive challenge where security or compliance risks are unacceptable. - Support incident governance and GDPR breach response processes. - Assess supplier and third-party security and data protection risks. Ideal Background- Strong experience in information security, governance, risk, and data protection. - Proven experience in IT or technology-driven environments. - Solid understanding of ISO 27001 and GDPR. - Confident working independently and influencing at senior levels. - Excellent stakeholder management and communication skills. - Ability to translate business needs into practical, secure solutions. Side notes- This will ideally be 5 days a week in their Solihull office but could flex to hybrid - A manufacturing background would be preferential but not essential