Working hours: 35 hours per week, Monday to Friday
Duration: Permanent
Location: Gloucester
Job Ref:205074
About the role
Benefact Group are looking for a Group Cyber Governance, Risk and Compliance Manager to join our Gloucester office.
Reporting to the Head of Group Cyber Security, the Cyber Security Governance, Risk and Compliance (GRC) Manager will lead the development and delivery of Cyber GRC capabilities across the Group. The role is accountable for designing, implementing and embedding pragmatic governance, risk and compliance processes, controls and supporting tooling within Group Technology and across wider Group functions, enabling teams to deliver secure, compliant outcomes at pace. The role provides expert advice, coordinates assurance activity and drives remediation to strengthen Cyber resilience, supporting effective decision‑making for senior management and Boards / Committees.
Why join us?
Join a collaborative and inclusive culture that’s committed to making a difference and building a more sustainable future. Ranked amongst the UK's 15 Best Big Companies to Work For in 2025, we offer fantastic career and development opportunities within a rapidly growing, innovative Group — where all profits go to charity and good causes.
What you'll be doing
* Cyber GRC operating model — Own the Cyber GRC roadmap and establish consistent ways of working, taxonomy, methodologies, tooling and reporting across Group Technology.
* Risk and control oversight — Manage the Cyber Risk Register, support risk owners, and deliver clear, business‑focused cyber risk reporting and dashboards.
* Governance and policy leadership — Maintain the Cyber governance framework, lead key governance forums, embed requirements into change processes, and represent Technology in internal/ external governance.
* Regulatory and assurance management — Lead Cyber/ Technology compliance, deliver the control assurance plan, and manage regulatory, audit and assurance engagements end‑to‑end.
* Third‑party assurance and leadership — Oversee cyber due diligence for suppliers, manage third‑party reviews, and build/ lead a high‑performing Cyber GRC team with strong senior stakeholder relationships.
What you'll need to have
* Cyber GRC leadership — Experience leading Cyber GRC, risk management and control assurance in UK‑regulated financial services or similarly complex regulated environments.
* Senior stakeholder influence — Proven ability to influence senior leaders and drive adoption of governance and controls through pragmatic guidance and clear decision pathways.
* Regulatory and framework expertise — Strong knowledge of FCA/ PRA/ EU expectations, operational resilience, third‑party risk, and recognised cyber frameworks (ISO 27001/ 27005, NIST), including control design, testing and remediation.
* Audit and compliance delivery — Demonstrated success leading regulatory and audit examinations, owning evidence and responses, and driving sustainable remediation closure.
* Leadership and communication — Line or matrix leadership experience, relevant certifications (CISSP, CISM, CRISC etc.), and strong written communication with the ability to produce concise, decision‑ready board‑level reporting.
What we offer
* A competitive salary - let's discuss it
* Hybrid working
* Group Personal Pension - up to 12% employer contribution
* Generous annual bonus scheme: on‑target bonus between 7.5% and 30%
* 28 days annual leave plus bank holidays, and a holiday buy and sell scheme
* An array of health and wellbeing benefits, including private healthcare, income protection and life assurance
* £200 annual personal grant to a charity of your choice
* Encouraged to take at least one volunteering day per year
* Employee Assistance Programme
* Full study support to gain professional qualifications
* Access to virtual GP
* Enhanced maternity and paternity pay
Hear from the hiring manager
This is an exciting opportunity to join a growing, high performing and supportive team and to lead the development and delivery of a critical area of specialist operations. This is a first line role that will be directly involved in the delivery of cyber security, and the right candidate will be empowered to closely influence the wider cyber security function across the Group.
About us
Benefact Group is a unique international financial services Group made up of over 30 businesses. We are owned by a charity and have been the 3rd largest UK corporate donor over a decade*, having given away £250 million since 2014. We have ambitious plans to become the UK’s number one corporate donor, with strategic objectives in place to double the Group’s size.
We believe it’s essential to attract, empower, grow and reward talented people, offering fantastic opportunities for career and personal development. Our giving ethos, 135-year history and the diversity of what we do, has enabled us to build a culture of kindness, great ambition, and of passionate people driven to do better and be better.
At Benefact Group, we are committed to creating an inclusive culture and building an environment where each and every one of us feels valued and respected. We are a community made up of people with a range of different backgrounds, abilities, perspectives, beliefs and interests and we value the strength this brings to us as a Group. We welcome applications from everyone.
If you need any additional support during the recruitment process, then please let us know.
*Directory of Social Change’s UK Guides to Company Giving 2017-26
#J-18808-Ljbffr