Job Introduction
Salary: £55,310.87 per annum with yearly increments based on performance.
Contract Type: Permanent
Location: Cardiff, Wales
Type of Working Arrangement: Blended approach of home and office-working is available - A minimum of two days per week to be worked in the office.
Hours: This is full-time role (37 hours per week)
British Transport Police (BTP) is the national police force for the rail network throughout Great Britain. We are the 'Guardians of the Railway,' putting passenger safety at the heart of what we do. Our values are simply: We Care, We Do the Right Thing, We Strive to Be Better Every Day, We Are One BTP, and We Are Proud to Protect. Join us and help create an environment where we can all be our best every day.
The Opportunity
British Transport Police have an opportunity for a Governance Risk and Compliance (GRC) Manager to join the Information Management Department. As a GRC Manager with BTP, you will provide strategic leadership and operational delivery of the organisation's Information Management Governance, Risk and Compliance function. You will play a pivotal role in ensuring BTP maintains a robust Information Security Management System (ISMS), aligned with national policing and industry standards, while embedding a culture of compliance, continuous improvement, and proactive risk mitigation across the organisation. You will also lead and develop a team of GRC Officers, providing coaching, direction, and oversight to support high performance and professional growth.
What You'll Be Doing
Strategic Leadership & Governance – Lead the development and continuous improvement of BTP's Information Security Management System (ISMS), ensuring alignment with national policing and industry standards, and act as the senior lead for information assurance governance and strategy.
Risk & Incident Management – Oversee the identification, assessment, and mitigation of information risks across BTP, maintain the organisational Information Management risk register, and lead the force-wide incident response process in line with national guidance.
Policy & Compliance Oversight – Develop and govern information security policies, ensuring compliance with GDPR, DPA 2018, and national standards, and monitor adherence through audits and assurance activities.
Third-Party Assurance – Manage third-party risk using the NPCC TPAP framework, ensuring suppliers meet BTP's security standards and reporting compliance to governance boards.
Team Leadership & Development – Lead, coach, and support the GRC team, fostering a high-performance culture, promoting agile working, and enabling cross-functional collaboration.
Strategic Reporting & Liaison – Prepare strategic advice and reports for senior stakeholders, act as BTP's Crypto Custodian, and liaise with national bodies including Police Digital Services and the Police Information Assurance Board.
What You'll Bring To The Team
Qualifications & Training – Educated to degree level (or equivalent experience) in a relevant discipline, with professional certifications including CISMP, CISSP, and GDPR/Data Protection.
Experience – Significant experience in information security, risk management, and compliance within a complex or regulated environment—ideally policing or public sector. Proven track record in developing governance frameworks, managing third-party assurance, and leading audits and accreditation processes.
Skills – Strong analytical and communication skills, with the ability to translate complex technical concepts into clear guidance for non-technical audiences. Skilled in stakeholder engagement working closely with colleagues in Technology, policy development, and embedding compliance through audits and risk assessments.
Leadership – Demonstrable ability to lead and develop high-performing teams, drive change, and embed new ways of working. Experience in coaching and supporting professional growth within a governance or compliance function.
Knowledge – Deep understanding of ISO/IEC 27001, GDPR, and national security standards (e.g. NCSC, NPCC). Solid working knowledge of cryptographic controls, accreditation processes, and assurance methodologies.
Strategic Thinking – Ability to prepare strategic reports and position papers, advise senior stakeholders, and contribute to the development of organisational information security strategy and policy.
Further information about this vacancy can be found in the attached job description.
How to apply: Applications will be via an up to date CV and an online application form, as part of this application you will be asked to outline how your skills and experience demonstrate your suitability for the role.
Completed applications must be submitted by 11.59pm, 4 March 2026
What We Offer
28 days annual leave plus bank holidays, increasing to 30 days after 5 years.
Family-friendly policies, including up to 26 weeks paid maternity and adoption leave.
Bespoke benefits platform and Blue Light Card access.
Salary sacrifice options for cycles, home technology, gym membership, and electric vehicles.
Interest-free annual rail season ticket loan after 6 months.
Access to the Transport Benevolent Fund for health, welfare, and financial support.
Development opportunities, including fully funded apprenticeships.
Excellent Pension scheme: We offer the BTP GPP Police Staff Pension Scheme, administered by Royal London. This group personal pension plan is available to all police staff and is a defined contribution scheme. It provides the flexibility to vary your pension contributions from 4.4% to 12% of your salary. For more information, visit the Royal London dedicated pension page or email us at Pension- Note: If you are an existing member of Police Staff in the RPS, your pension will not be affected.
Vetting: Successful applicants will be required to pass Management Vetting (5 years minimum UK residency required), including a full background and financial disclosure. For more information and Top Tips, please see attached document.
Medical: We'll ask for relevant health and medical history details to support employee wellbeing.
References: We'll ask for references to cover the past 5 years.
Inclusion & Diversity
At BTP, we are committed to fostering an inclusive workplace where everyone feels valued. We believe diversity drives innovation and better decision-making. Our roles are open to everyone, and we encourage applications from underrepresented groups, including Black, Asian, and minority ethnic candidates, women, LGBTQI+ individuals, people with disabilities, and those who are neurodiverse. As part of our commitment we operate a 'Disability Confident Scheme' - all candidates who declare a disability and meet the essential criteria for the role will be offered an interview.
For more information on Inclusion or the Disability Confident Scheme, please click the links Inclusion & Diversity Disability Confident Scheme
Join Us
Ready to take the next step in your career? At BTP, you'll have the opportunity to grow, make a real impact, and be part of something extraordinary.
Find out why BTP could be the perfect fit for you - About Us - British Transport Police
Curious about what life at BTP is really like? Hear directly from our people and discover what makes working here so rewarding. Explore real stories on our blog: Our Stories - British Transport Police
For further information, please contact our Resourcing Team -
The above advert, Job description and Application process is available through the medium of Welsh - if requested.
AI can be a useful tool to spark ideas or help you organise your thoughts, but when it comes to your application, we want to hear from you, not an algorithm. What truly stands out to us are genuine stories, personal insights and the experiences that have shaped who you are. Authenticity matters - it helps us understand your motivations, your strengths and how you'll contribute to our team. So, use AI if it helps you get started, but let your own voice lead the way.