As our Governance, Risk & Compliance (GRC) Lead you'll work closely with business and technology teams, helping to articulate and communicate the InfoSec governance program, identify risks and evaluate and help implement controls and improvements.
Key Responsibilities:
* Internal Audit Execution: Conduct internal audits to evaluate and enhance IT controls, compliance with standards, and risk management processes.
* Audit Preparation: Assist internal control owners in scoping appropriate evidence and preparing for external audits.
* Gap Assessments: Facilitate and/or conduct internal gap assessments and audit readiness evaluations for frameworks such as ISO 27001 & 9001, GDPR, and DORA.
* Framework Tracking: Monitor updates to Cyber Essentials, ISO, and regulatory frameworks and ensure internal alignment.
* Control Documentation: Develop and maintain control narratives, walkthroughs, and documentation of compliance processes.
* Audit Findings: Identify control deficiencies and work with stakeholders to recommend cost-effective, value-added remediation actions.
* Compliance Reporting: Draft audit reports and present findings to management during status updates and closing meetings.
* External Audit Coordination: Collaborate with external audit teams to streamline processes and provide requested documentation and evidence.
* Security Monitoring: Use tools such as Rapid7, Crowdstrike or other SIEM solutions to assist with security monitoring and incident detection.
* Incident Response Support: Participate in incident response efforts, documenting security incidents and assisting in containment and recovery actions.
* Threat Identification: Contribute to analyzing cybersecurity threats and implementing recommendations to improve the security posture.
* Policy and Procedure Development: Assist in creating and refining cybersecurity policies and operational procedures to align with audit and compliance objectives.
* Vulnerability Management: Support the tracking and remediation of vulnerabilities in coordination with IT and Security Operations teams.
Skills & Experience
* Minimum
3 years' experience in information security
, with a focus on governance, risk, and compliance.
* Proven ability to
lead teams
and manage complex programmes in regulated environments.
* Strong understanding of
cyber security frameworks
and regulations (DSPT, ISO 27001 & 9001, CAF, GDPR, DORA).
* Experience authoring governance documentation (policies, standards, reports).
* Familiarity with
Microsoft-based technologies
, including IdAM, networks, applications, and cloud environments.
* Excellent communication and presentation skills, with the ability to engage technical and non-technical audiences.
* Demonstrated ability to
translate security frameworks across sectors
and align them with organisational goals.
Why Join Us?
* Development opportunities
– Structured learning, coaching, and clear career progression
* Generous holiday allowance
– 25 days holiday + bank holidays, increasing incrementally to 30 days after 5 years
* Enhanced Family Friendly Policies -
supporting you through every stage of life
* Exciting incentives
– Quarterly rewards, team socials, and top-performer perks
* Private healthcare
– Comprehensive health coverage to keep you at your best
* Pension contribution
– Helping you plan ahead with employer contributions
* Life cover
– 4x salary life assurance
* Retail discounts
– Exclusive savings with top UK retailers
* Culture & collaboration
– A supportive, passionate team that celebrates wins and values input
* A brand with momentum
– Join a business that's scaling fast with strong backing and bold ambitions
*You may also have experience in the following: Head of Cybersecurity GRC, Head of Information Security Governance, Cybersecurity Governance Lead, GRC Manager (Cybersecurity), Information Security Risk Manager, Senior GRC Consultant (Cybersecurity), Cybersecurity Risk and Compliance Lead, Information Security Compliance Manager, Head of InfoSec Governance, ISO 27001 Compliance Lead, ISO 27001 Lead Implementer / Auditor, NIST Cybersecurity Framework, Risk management (cyber/information security), Information Security Management System (ISMS), Control assurance / control testing, Regulatory compliance (GDPR, UK Cyber Essentials), Security governance frameworks