Job Role: Head of Security GRC Salary: £100,000 - £110,000 bonus Location: Birmingham, Hybrid Role The Head of Security Governance, Risk and Compliance (GRC) plays a key leadership role in safeguarding the customers, assets, and reputation. This role is responsible for embedding effective security governance, risk management, and compliance practices, ensuring that security and regulatory obligations are met while enabling the ability to operate with confidence and integrity. The postholder will establish and maintain proportionate security frameworks, policies, and processes. They will work closely with colleagues at all levels to strengthen security risk awareness, integrate risk-based decision-making, and promote a culture of accountability and resilience. Key Responsibilities Leadership of the Security GRC function. Governance & Policy – Define, implement, and continuously improve the governance frameworks, policies, and standards for information security, risk, and compliance. Risk Management – Lead enterprise-wide security risk management activities, including risk identification, third party risk management, assessment, control evaluation, and mitigation planning. Regulatory & Standards Compliance – Ensure adherence to relevant regulatory requirements (e.g. PRA, FCA, GDPR) and security standards (e.g. NIST CSF), maintaining readiness for internal and external audits. Communications, Awareness & Training – Oversee security and compliance awareness initiatives, ensuring effective staff training and customer-focused communication. Continuous Improvement – Monitor and review governance and compliance processes, adapting to regulatory updates and emerging risks, and driving improvements. Collaboration & Influence – Build strong relationships with Legal, IT, Procurement, and business functions to embed risk-based decision-making and ensure a consistent, proportionate approach. Leadership & Oversight – Provide expert advice to senior management and the Board, reporting on risk posture, compliance status, and emerging issues. Knowledge, Skills and Experience Degree in information security, risk management, or a related field. 10 years proven experience in security governance, risk, and compliance leadership, ideally within financial services or a regulated environment. Strong knowledge of UK and EU regulatory requirements relevant to financial institutions. Demonstrated ability to design and embed proportionate governance and risk frameworks in a mid-sized organisation. Excellent stakeholder management skills, with the ability to influence at Board and executive level. Strong communication and leadership skills, with a focus on building a culture of accountability and risk awareness. Professional certifications such as CISA, CISM or CISSP. Feel free to get in touch direct, I will be reviewing CVs/making calls out of normal hours.