Risk Manager - GRC / Cyber / Third-Party
We are partnered with a world leading semiconductor company in the UK looking to bring on a GRC Risk Manager for their Enterprise Security team.
This is a contract engagement, inside IR35, based out of their Cambridge offices (hybrid working).
Key Responsibilities:
Enhance the Information Security Risk Management Framework within ServiceNow IRM, applying both qualitative and quantitative principles.
Lead structured supplier assessments, review complex contracts, and oversee ongoing monitoring for a global vendor ecosystem.
Conduct deep-dive reviews to identify root causes and ensure systemic lessons are integrated into the control environment.
Develop KRIs (Key Risk Indicators) and KCIs (Key Control Indicators) to measure security control effectiveness across critical assets.
Partner with engineering and business leads to ensure accountability for remediation and increase risk visibility at speed.
Key Requirements:
Hands-on experience with risk quantification (FAIR) and ServiceNow IRM is essential.
Deep familiarity with NIST CSF, NIST SP800-53, and ISO 27001.
Comfortable leading high-stakes vendor assessments and challenging technical stakeholders skillfully.
Confident utilizing metrics and dashboards to translate technical risks into actionable business insights for senior leadership.
A champion of AI and Automation to streamline GRC processes.
Ideally already certified in CRISC, CISM, CISSP, or FAIR
Keywords: GRC / Cyber Risk / Third-Party Risk / TPRM / ServiceNow IRM / FAIR / NIST CSF / ISO 27001 / Risk Quantification / Cambridge / Inside IR35 / Information Security
If you are interested in this GRC Risk Manager position, please send a copy of your CV to -
By applying to this role you understand that we may collect your personal data and store and process it on our systems. For more information please see our Privacy Notice https://eu-