Governance, Risk & Compliance Manager

Step into a pivotal role at the forefront of cyber security, driving impact for our client base!

We’re looking for a DV Cleared experienced Governance, Risk & Compliance Manager to join our dynamic team. This is your opportunity to take a leading role in shaping and delivering robust security strategies that protect our clients and strengthen their resilience against evolving cyber threats.

As our new GRC Manager, you will be the driving force behind the implementation of our Information Security Management System (ISMS) for assigned clients. Your expertise will help organisations understand their security challenges and enable them to enhance their security posture. You’ll lead from the front, fostering a culture of compliance and risk awareness across Sopra Steria, while delivering tangible value to our clients. This is a chance to make a real impact at the forefront of cyber security.

This is an office-based role, requiring 4–5 days per week at our Hemel Hempstead site.

We can offer great career progression opportunities, ability to be based anywhere across the UK, benefits which you can flex to meet your needs and training and development opportunities.

• Implement ISMS strategy, policies and practices for assigned clients.
• Deliver services aligned with ISO27001 standards
• Provide regular reporting on ISMS effectiveness and operational performance.
• Manage security operations in line with organisational policy, standards and industry best practice.
• Conduct security risk and threat assessments (operational and system).
• Engage with internal stakeholders and third-party providers on security, risk and privacy matters.
• Respond to security incidents promptly, ensuring early identification and resolution.
• Oversee threat detection, vulnerability management and remediation activities.
• Represent security considerations in IT and process change assessments.
• Maintain ISMS, Operational Security and Risk Assurance documentation.
• Lead monthly client Security Working Group meetings and stakeholder sessions.
• Ensure audit readiness and support internal/external audits.
• Drive continuous improvement initiatives within Sopra Steria’s security function.

• GRC/Operational Security Manager experience with solid understanding and experience with security policies and standards
• Technical proficiency and knowledge across the spectrum of information security solutions and operations
• Knowledge of IT security solutions and their integration and operation into business systems and processes
• Experience of security maturity and developing roadmaps aligned to the priorities of clients
• Experience of ISO/IEC 27001 Compliance and Certification

• CISSP, CISA or CISM certified or equivalent degree in Information Security
• Experience of; MoD, Police or Public Sector experience would be an advantage

Employment Type: Full-time, Permanent
Location: Hemel Hempstead
Security Clearance Level: To be successful in this role, candidates need to hold active DV Clearance
Internal Recruiter: Carolyne
Salary: Up to £75,000
Benefits: £5,400 car allowance, 25 days annual leave with the option to buy additional days, private medical, life assurance, pension, and generous flexible benefits fund

Although this role is advertised as full-time, we believe that flexibility at work can promote work/life balance, increase your motivation, reduce stress and improves performance and productivity. We support different ways of working and can offer a range of flexible working arrangements. So, if you’re interested and need to work flexibly, we encourage you to apply and talk to us about what might be possible.

Steria’s Aerospace, Defence and Security business designs, develops and deploys digital solutions to Central Government clients. The work we do makes a real difference to the client’s goal of National Security, and we operate in a unique and privileged environment. We are given time for professional development activities, and we coach and mentor our colleagues, sharing knowledge and learning from each other. We foster a culture in which employees feel valued and supported and have pride in their work for the customer, delivering outstanding rates of customer satisfaction in the UK’s most complex safety- and security-critical markets.