GRC Risk Manager
A Global Organisation requires a Contract GRC Risk Manager with specific expertise with ServiceNow IRM to lead enterprise and third-party Security Risk management by driving assessments, controls and translating technical risks into actionable business decisions across complex, global environments.
1. Day Rate: £600-£700pd
2. IR35 Status: Inside
3. Duration: 3 months initially
4. Travel: 2 days a week in Hertfordshire
This GRC Risk Manager will have the following previous experience:
5. Design, operate, and continuously improve an enterprise information security risk management capability using ServiceNow IRM, applying both qualitative and quantitative techniques to enable confident, risk-based decision-making.
6. Own third-party cyber risk oversight end to end: lead structured supplier assessments, review security and contractual obligations, and drive continuous monitoring across a complex global vendor ecosystem.
7. Lead post-incident risk analysis by identifying root causes, uncovering systemic weaknesses, and ensuring insights are embedded into controls, remediation plans, and the risk register.
8. Define and mature security metrics, including Key Risk Indicators and Key Control Indicators, to evaluate control effectiveness across critical assets, suppliers, and environments, using data and dashboards to inform action.
,