Security GRC Manager

The Security GRC (Governance, Risk & Compliance) Manager will take the lead in developing, implementing, and continuously improving our global security governance, risk, and compliance programs. You’ll play a critical role in maintaining and achieving key security certifications, driving regulatory compliance across multiple regions, and enabling a strong security culture across the business.

You’ll be joining a small, high-performing, and collaborative security team where your ideas, initiative, and hands-on mindset will make a real impact. If you’re an experienced GRC professional with a passion for innovation, a data-driven approach, and a proven track record in tech environments—this is the role for you.

1. Security Frameworks: Lead the management and continuous improvement of security frameworks such as ISO/IEC 27001, NIST CSF, and others as required.
2. Certifications & Audits: Oversee and drive certification and re-certification efforts for Cyber Essentials Plus, SOC 2 Type 2, and other relevant regional or industry-specific standards across EMEA, Americas, and Asia.
3. Compliance & Regulation: Analyse global laws and regulatory requirements to ensure the business meets applicable security compliance obligations (e.g., EU GDPR, DORA, etc.).
4. Risk Management: Own and manage the security risk management program, including advanced risk assessments, vendor risk reviews, and mitigation planning.
5. Security Incidents: Collaborate with cross-functional teams on security incident coordination, response, root cause analysis, and continuous improvement efforts.
6. Stakeholder Reporting: Provide clear, data-driven reporting to senior stakeholders on GRC metrics, risks, controls, and compliance posture.
7. Awareness & Training: Design and deliver user training programs and security awareness initiatives to foster a strong security-first culture.
8. Customer Trust: Respond to customer assurance questionnaires, support sales and legal teams with RFPs and security-related queries.

• 5+ years of hands-on experience in information security governance, risk, and compliance.
• Deep experience leading and maintaining ISO 27001, NIST CSF, and SOC 2 Type 2 programs.
• Proven track record with certification efforts like Cyber Essentials Plus and local/regional compliance standards across EMEA, Americas, and Asia.
• Strong understanding of international laws and regulations related to cybersecurity and data protection.
• Expertise in ISMS management, internal/external audits, policy lifecycle management, and compliance monitoring.
• Confident in conducting risk assessments, vendor reviews, and third-party due diligence.
• Comfortable presenting to and influencing executive leadership.
• Experience working in tech startups or global technology corporations is highly desirable.
• A hands-on, innovative, and analytical mindset – you enjoy rolling up your sleeves and solving complex problems.
• Excellent communication skills – written and verbal – with the ability to translate security language for different audiences.

• CISSP (Certified Information Systems Security Professional)
• ISO 27001 Lead Implementer and/or Auditor certification

• Experience with security tools such as GRC platforms (e.g., Vanta, Drata, OneTrust)
• Familiarity with regulatory frameworks like EU GDPR and DORA
• Background in customer trust, sales enablement, or due diligence support

• Hybrid working
• Contributory personal pension plan: - Minimum: Employee 2% and Employer 7%. Employer matches contributions in 1% increments to a maximum of: Employee 5% and Employer 10%
• Life Assurance – 4 times annual salary
• Group Income Protection
• Private Medical Insurance – this may include cover for partner and or children at company cost. Cover includes Optical, Dental and Audiology
• Discretionary Bonus
• Competitive Annual Leave
• 2 Volunteering Days
• Benefit Hub