Job Title

The Security GRC (Governance, Risk & Compliance) Manager will take the lead in developing, implementing, and continuously improving our global security governance, risk, and compliance programs. You’ll play a critical role in maintaining and achieving key security certifications, driving regulatory compliance across multiple regions, and enabling a strong security culture across the business.You’ll be joining a small, high-performing, and collaborative security team where your ideas, initiative, and hands-on mindset will make a real impact. If you’re an experienced GRC professional with a passion for innovation, a data-driven approach, and a proven track record in tech environments—this is the role for you.Responsibilities:Security Frameworks:Lead the management and continuous improvement of security frameworks such as ISO/IEC 27001, NIST CSF, and others as required.Certifications & Audits:Oversee and drive certification and re-certification efforts for Cyber Essentials Plus, SOC 2 Type 2, and other relevant regional or industry-specific standards across EMEA, Americas, and Asia.Compliance & Regulation:Analyse global laws and regulatory requirements to ensure the business meets applicable security compliance obligations (e.g., EU GDPR, DORA, etc.).Risk Management:Own and manage the security risk management program, including advanced risk assessments, vendor risk reviews, and mitigation planning.Security Incidents:Collaborate with cross-functional teams on security incident coordination, response, root cause analysis, and continuous improvement efforts.Stakeholder Reporting:Provide clear, data-driven reporting to senior stakeholders on GRC metrics, risks, controls, and compliance posture.Awareness & Training:Design and deliver user training programs and security awareness initiatives to foster a strong security-first culture.Customer Trust:Respond to customer assurance questionnaires, support sales and legal teams with RFPs and security-related queries.Qualifications:5+ years of hands-on experience in information security governance, risk, and compliance.Deep experience leading and maintaining ISO 27001, NIST CSF, and SOC 2 Type 2 programs.Proven track record with certification efforts like Cyber Essentials Plus and local/regional compliance standards across EMEA, Americas, and Asia.Strong understanding of international laws and regulations related to cybersecurity and data protection.Expertise in ISMS management, internal/external audits, policy lifecycle management, and compliance monitoring.Confident in conducting risk assessments, vendor reviews, and third-party due diligence.Comfortable presenting to and influencing executive leadership.Experience working in tech startups or global technology corporations is highly desirable.A hands-on, innovative, and analytical mindset – you enjoy rolling up your sleeves and solving complex problems.Excellent communication skills – written and verbal – with the ability to translate security language for different audiences.Certifications required:CISSP (Certified Information Systems Security Professional)ISO 27001 Lead Implementer and/or Auditor certificationNice to have:Experience with security tools such as GRC platforms (e.g., Vanta, Drata, OneTrust)Familiarity with regulatory frameworks like EU GDPR and DORABackground in customer trust, sales enablement, or due diligence supportAdditional Information:Hybrid workingContributory personal pension plan: - Minimum: Employee 2% and Employer 7%. Employer matches contributions in 1% increments to a maximum of: Employee 5% and Employer 10%Life Assurance – 4 times annual salaryGroup Income ProtectionPrivate Medical Insurance – this may include cover for partner and or children at company cost. Cover includes Optical, Dental and AudiologyDiscretionary BonusCompetitive Annual Leave2 Volunteering DaysBenefit Hub#J-18808-Ljbffr