Salary: £65,000 - 70,000 per year Requirements: Strong experience in information security, governance, risk, and data protection. Proven experience in IT or technology-driven environments. Solid understanding of ISO 27001 and GDPR. Confident working independently and influencing at senior levels. Excellent stakeholder management and communication skills. Ability to translate business needs into practical, secure solutions. Responsibilities: Own and evolve information security and data protection policies, standards, and procedures. Design and support governance processes to ensure consistent security and compliance. Lead and support information security and data protection risk management. Lead or support internal and external audits (ISO 27001 / GDPR), including remediation planning and tracking. Maintain clear, audit-ready compliance evidence and reporting. Act as a senior subject matter expert for information security, governance, and data protection. Work collaboratively with business, IT, and functional teams to balance security requirements with operational needs. Promote security and data protection awareness through training and engagement. Provide constructive challenge where security or compliance risks are unacceptable. Support incident governance and GDPR breach response processes. Assess supplier and third-party security and data protection risks. Technologies: Support Security More: We are currently looking for a GRC Specialist to lead and strengthen our information security and data protection capabilities. You will own the operation and continuous improvement of our Information Security, ensuring compliance with ISO 27001 and GDPR. This is a senior, hands-on role where you will work closely with business and IT teams to embed secure, compliant ways of working across the organization. This position will ideally be based 5 days a week in our Solihull office but could flex to hybrid. A manufacturing background would be preferential but not essential. last updated 6 week of 2026