GRC Consultant
Healthcare | Enablement over bureaucracy | Real ownership
Let's keep it simple.
This isn't a policy admin role.
This is for someone who actually runs technology governance - risk, change, cyber, audit - and knows how to make it work without slowing delivery to a crawl.
You'll own the governance framework across the business, ensuring technology risk is managed, ISO 27001 and Cyber Essentials Plus stay meaningful, and governance supports outcomes rather than becoming a tick-box exercise.
What you'll be doing
• Owning and evolving the technology governance framework
• Managing the Technology Risk Register and driving remediation
• Governing technology change without killing velocity
• Owning policies, standards and disaster recovery planning
• Supporting audits, certifications and customer assurance
• Working closely with InfoSec to align cyber and technology controls
• Providing clear, senior-level risk and compliance reporting
• Reviewing suppliers from a security and risk perspective
You're the bridge between risk, security and delivery.
What they need
• Proven experience running technology governance in an enterprise environment
• Strong hands-on technology risk management experience
• Solid exposure to ISO 27001 and Cyber Essentials Plus
• Understanding of infrastructure, change and operational technology environments
• Ability to influence senior stakeholders and simplify complexity
• CISSP / CISM desirable (experience matters more)
Healthcare experience helps.
Improving services matters more.
The reality
The business is growing.
Customers are asking harder security questions.
Regulation isn't getting lighter.
They need someone who can bring structure without creating friction.
If you've owned governance before and know how to balance risk with delivery — this will make sense.
If you prefer maintaining policies and attending meetings… probably not.