Compliance & Security Manager (GRC)
Permanent
Remote (UK-based)
An opportunity to take real ownership of security and compliance at a fast-growing tech company. Our client, a leading software business with an ambitious global growth trajectory, is looking for a Security & Compliance / GRC Manager to become the go-to expert across information security, data protection and regulatory compliance.
This isn't a tick-box compliance role. You'll shape how the business protects its customers' data, navigates complex commercial negotiations, and scales its compliance programme as it enters new markets and meets new regulatory demands.
What the successful Security & Compliance Analyst will do:
1. Own and maintain security and compliance documentation including policies, procedures, and support materials across information security and compliance programmes
2. Take full ownership of ISO 27001 certification — driving continuous improvement and leading preparation for internal and external audits
3. Manage the internal Data Protection compliance programme, ensuring adherence to UK GDPR, EU GDPR, CCPA and other applicable global regulations
4. Partner with commercial teams to navigate complex security and compliance negotiations, removing deal blockers and standardising processes
5. Own third-party supplier risk management, identifying and mitigating vendor risk across the supply chain
6. Contribute to the implementation of additional frameworks and standards such as NIST, FedRAMP and others as the business scales internationally
7. Identify opportunities to streamline onboarding, security reviews and compliance workflows through smarter documentation and process design
What we are looking for in the successful Security & Compliance Analyst:
8. Proven experience in a GRC or info-sec role within a technology company
9. ISO 27001 Lead Implementer or Lead Auditor certification —
10. In-depth, hands-on knowledge of ISO 27001 implementation and ongoing certification management
11. A strong track record of managing global data protection compliance including GDPR and CCPA
12. Familiarity with general compliance obligations such as Modern Slavery, AML and Anti-Bribery
13. Understanding of AWS cloud infrastructure and application security principles
14. A technical mindset with the ability to thrive in a fast-moving, ever-evolving environment
15. Excellent communication skills and a genuine passion for delivering a great customer experience
Great to have:
16. Degree in Computer Science, Information Security, Cybersecurity, Data Protection, Information Governance or Risk
17. Recognised qualifications such as CISSP or CompTIA Security+
18. Exposure to frameworks including NIST, HIPAA, FedRAMP or DORA
19. Knowledge of DevOps or DevSecOps practices
20. Prior experience of a scale-up or growth-stage SaaS company
**Please note**
21. Due to the security clearance requirements for this role, applicants must be eligible for [SC/DV] clearance. Eligibility criteria mean that candidates must have been a UK resident for a minimum of 5 years and hold the right to work in the UK.
Rewards & Benefits:
22. Remote-first role with flexibility across the UK
23. Long Term Incentive scheme eligibility
24. Personal development budget of c£1.5k per year for courses and certifications
25. Top-spec hardware provided
26. BUPA healthcare, life insurance and critical illness cover
27. Discounted gym membership & broader range of health and wellbeing benefits
Keywords: Security & Compliance Manager, GRC Manager ,Security & Compliance Analyst, GRC Analyst, Information Security Analyst, ISO 27001, Data Protection, GDPR, CCPA, UK GDPR, EU GDPR, GRC, Risk & Compliance, Third Party Risk, Supplier Risk, FedRAMP, NIST, HIPAA, DORA, AWS, Cloud Security, DevOps, Application Security, DevSecOps, Compliance Manager, Data Protection Officer, Privacy, Cybersecurity, Information Governance