PLEASE DO NOT APPY UNTIL YOU HAVE READ AND COMPLY WITH ALL OF THE REQUIREMENTS OTHERWISE YOUR APPLICATION WILL BE AUTOMATICALLY REJECTED.
Financial Sector
Reporting to the Head of Governance Risk and Compliance
Salary - up to £70k + 4% bonus
The Role
The Security GRC Lead supports the development, implementation, and day-to-day management of governance, risk, and compliance frameworks. This role helps ensure that security, regulatory, and risk management requirements are embedded across the organisation in a way that is proportionate, practical, and aligned with the customer-focused values.
The postholder will assist with risk assessments, compliance monitoring, and security audit activities, working closely with colleagues across IT, operations, and business teams. They will also support training, awareness, and reporting efforts to strengthen the overall security posture.
Key Responsibilities
* Frameworks & Policies – Assist in developing and maintaining the GRC frameworks, policies, and procedures.
* Risk Assessment – Conduct and support risk assessments, identifying, evaluating, and helping mitigate risks across the organisation.
* Compliance Monitoring – Support adherence to relevant regulations and industry standards (e.g. GDPR, FCA/PRA, NIST CSF, ISO27001, CQUEST).
* Audit Support – Assist with internal and external audits, compliance reviews, and risk management initiatives.
* Tracking & Reporting – Monitor and track compliance activities, preparing reports and metrics for management and regulatory stakeholders.
* Remediation Support – Work with teams to document, implement, and track remediation plans for identified risks or gaps.
* Awareness & Training – Contribute to the creation and delivery of training and awareness programmes on security governance, risk, and compliance.
* Regulatory Awareness – Keep up to date with emerging regulations, standards, and best practices.
Knowledge, Skills and Experience
* Bachelor’s degree in information security, risk management, or a related field, or equivalent work experience.
* Excellent English language skills.
* At least 5 years’ experience in a GRC, compliance, or risk management role.
* Experience with security frameworks and regulatory requirements relevant to financial services.
* Strong analytical and problem-solving skills, with the ability to interpret complex requirements and apply them practically.
* Excellent communication and interpersonal skills, with the confidence to work with stakeholders at all levels.
* Well-organised and detail-oriented, able to manage multiple priorities.
* Professional certifications such as CRISC, CISA, or CISM.