Enable job alerts via email!

Cyber Security Lead

JR United Kingdom

Worcester

On-site

GBP 60,000 - 90,000

Full time

5 days ago
Be an early applicant

Boost your interview chances

Create a job specific, tailored resume for higher success rate.

Job summary

A leading company in the digital services sector seeks a GRC Lead to ensure compliance with European regulations and manage third-party risks. The role demands strategic oversight of risk management, technical security controls, and strong understanding of IT governance frameworks. Candidates should have significant experience in GRC roles, especially in financial services, and relevant certifications.

Qualifications

  • 5+ years of experience in GRC roles, preferably in financial services.
  • Hands-on experience with ISO 27001 implementation and third-party risk tools.
  • Strong understanding of GDPR, DORA, and PCI DSS requirements.

Responsibilities

  • Ensure alignment with GDPR and other relevant regulations.
  • Design and implement third-party risk management programs.
  • Participate in internal/external audits and remediate gaps.

Skills

Regulatory Compliance
Risk Management
Technical Security Controls
Identity and Access Management
Cloud Compliance

Education

CRISC
CISSP
CISM
CISA

Tools

Third-party risk tools
ISO 27001

Job description

Social network you want to login/join with:

Ant International powers the future of global commerce with digital innovation for everyone and every business to thrive. In close collaboration with partners, we support merchants of all sizes worldwide to realize their growth aspirations through a comprehensive range of tech-driven digital payment and financial services solutions.

Ant International strives to become the most trusted digital services connector to achieve sustainable growth of global commerce.

With a focus on Travel, Trade, Technology, and Talent, Ant International is committed to enhancing the digital mindset and capacities of businesses worldwide. Through fostering collaborative efforts with partners, we are driving responsible innovation and increase market accessibility for global SMEs.

We do so across our 4 key businesses: Alipay+, Antom, WorldFirst and ANEXT Bank.

Role Overview:

As a GRC Lead, you will ensure alignment with European regulations (e.g., GDPR, DORA, PSD2 SCA, CSSF) and global standards (PCI DSS, SWIFT CSP). This role requires technical knowledge, strategic thinking, and expertise in managing third-party risk, outsourcing compliance, and identity governance to safeguard operational resilience.

What you will be doing:

Regulatory & Technical Compliance:

  • Support compliance with GDPR and complementary regulations like DORA (Digital Operational Resilience Act), ensuring alignment in areas such as incident reporting and data protection.
  • Translate requirements from PSD2 SCA, PCI DSS, and SWIFT CSP into technical security controls.
  • Maintain IT security governance frameworks (ISO 27001, NIST CSF, CIS Controls).
  • Manage and maintain Security Policies and procedures

Third-Party Risk & Outsourcing Management:

  • Design and implement third-party risk management programs to assess vendors, cloud providers, and outsourced services.
  • Ensure compliance with DORA’s outsourcing requirements, including due diligence, contract oversight, and continuity planning.

Audit & Assurance:

  • Participate in internal/external audits (ISO 27001, SOC 2) and regulatory examinations, focusing on third-party and outsourcing compliance.
  • Remediate gaps in processes or documentation.
  • Maintain the enterprise risk register, prioritizing risks tied to third-party dependencies, outsourcing, and ICT disruptions.
  • Quantify risks using methodologies.

Technical Compliance & Security:

  • Advise on vulnerability management, endpoint security (EDR/XDR), and cloud compliance.
  • Good understanding on IAM (Identity and Access Management) strategies, including role-based access control (RBAC) and privileged access management (PAM).
  • Conduct periodic user access reviews to ensure compliance with least privilege principles and regulatory requirements.
  • Security awareness management experience.

What we are looking for:

  • Experience: 5+ years in GRC roles; financial services or banking experience is a strong plus.
  • Understanding of GDPR, DORA, PCI DSS, and outsourcing/third-party risk requirements.
  • Hands-on experience with ISO 27001 implementation and third-party risk tools.
  • Proficiency in IAM (Identity and Access Management) solutions and conducting user access reviews.
  • Familiarity with cloud Technology and IT infrastructure.
  • Strong knowledge of NIST frameworks (CSF, 800-53) and CIS Controls.
  • Certifications: CRISC, CISSP, CISM, or CISA preferred (equivalent experience considered).
Get your free, confidential resume review.
or drag and drop a PDF, DOC, DOCX, ODT, or PAGES file up to 5MB.

Similar jobs

Cyber Security Incident Response Consultant

JR United Kingdom

Worcester

Remote

GBP 50,000 - 80,000

8 days ago

Cyber Security Incident Response Consultant

JR United Kingdom

Coventry

Remote

GBP 60,000 - 90,000

Yesterday
Be an early applicant

Cyber Security Incident Response Consultant

JR United Kingdom

Bath

Remote

GBP 50,000 - 80,000

2 days ago
Be an early applicant

Cyber Security Incident Response Consultant

JR United Kingdom

Wolverhampton

Remote

GBP 60,000 - 90,000

2 days ago
Be an early applicant

Cyber Security Incident Response Consultant

JR United Kingdom

Cheltenham

Remote

GBP 50,000 - 80,000

7 days ago
Be an early applicant

Cyber Security Advisor

University of Southampton Malaysia

Southampton

Remote

GBP 40,000 - 65,000

7 days ago
Be an early applicant

Cyber Security Lead

JR United Kingdom

Swindon

On-site

GBP 70,000 - 100,000

4 days ago
Be an early applicant

Cyber Security Lead

JR United Kingdom

Coventry

On-site

GBP 55,000 - 85,000

4 days ago
Be an early applicant

Cyber Security Lead

JR United Kingdom

Wolverhampton

On-site

GBP 60,000 - 85,000

4 days ago
Be an early applicant