Governance Risk and Compliance Lead (GRC) - Cyber

GRC Lead – Cybersecurity (Financial Services)

London | Competitive Package

We're partnering with a leading global financial services firm to appoint a Governance, Risk, and Compliance (GRC) Lead into their high-performing Information Security function. This is an exciting opportunity to join a fast-paced, globally recognised institution with a mature cyber programme and significant investment in its security posture.

As a trusted search partner, we’re looking for an experienced and strategic GRC professional who can bring deep subject matter expertise across third-party risk, regulatory compliance, audit readiness, and awareness training. You’ll play a pivotal role in helping the firm navigate the evolving threat landscape while maintaining compliance with complex global regulations.

The Opportunity

Sitting within a dynamic global InfoSec team, you’ll be responsible for:

• Leading third-party risk assessments and driving continuous improvement of vendor governance processes.
• Owning client due diligence responses, ensuring the business meets external compliance and assurance requirements.
• Developing and delivering enterprise-wide awareness training, phishing simulations, and educational campaigns.
• Advising technical teams and stakeholders on controls around access management, incident handling, BCP, SDLC, and data protection.
• Supporting audits and regulatory engagements, including evidence gathering and remediation tracking.
• Facilitating a governance programme around risk acceptances and policy exceptions.
• Mentoring junior GRC professionals and driving internal knowledge sharing.

What We’re Looking For

We’re keen to speak with individuals who bring:

• 6+ years of experience in GRC within cybersecurity, ideally in financial services or highly regulated environments.
• Proven capability in third-party risk management, client due diligence, and compliance frameworks (e.g., NIST, ISO 27001, DORA, etc.).
• Experience in managing audits and regulatory engagements across multiple jurisdictions.
• Excellent communication skills – able to translate complex technical concepts to non-technical stakeholders.
• A collaborative, proactive approach with the ability to thrive in a global, fast-moving organisation.
• Bonus points if you hold certifications such as CISA, CRISC, CISM, CISSP or equivalent.

Tools You Might Use

Familiarity with platforms such as:

• InfoSec training solutions (e.g., Ninjio)
• Third-party risk platforms (e.g., Venminder, CyberGRX, Upguard)
• Microsoft O365 suite

Why Apply?

This is a high-impact role offering direct visibility with senior stakeholders, the chance to shape security posture across a global organisation, and real opportunities for career progression. You’ll be supported by a collaborative team culture, continuous learning, and the ability to influence how cyber risk is managed across a major financial institution.

If you would like to discuss this role in confidence, reach out to Javed Hussain at 0208 142 3930 or javed.hussain@marlinselection.com