Senior Security GRC Manager

We are seeking a Senior Security GRC Manager to join our Group Technology team in Milton Keynes. You will play a pivotal role in shaping and advancing our security governance, risk, and compliance practices across the Group Technology function. You will have a hands-on role to monitor, report on and lead initiatives to strengthen our security posture, ensuring regulatory alignment. This is an exciting opportunity to make a tangible impact, working with a diverse range of stakeholders and supporting the strategic direction of the business.

• Governance & Compliance: Lead the development, implementation, and continuous improvement of security and technology control frameworks; maintain and update security policies and standards; support governance forums, including Information Security, Business Continuity, and Audit & Risk Committees.
• Risk Management: Conduct operational risk assessments and provide expert consultancy on security risks, incidents, and investigations; identify and address gaps in controls, providing clear reporting and recommendations.
• Stakeholder Engagement: Collaborate with internal teams and external partners to manage security and technology risks; support external and internal audits, including completion of questionnaires and participation in audit meetings; conduct security assessments of third parties to manage supply chain risk.
• Continuous Improvement & Awareness: Champion a culture of continuous improvement, adopting new tools and practices to enhance security; promote security awareness and best practices across the organisation; maintain up-to-date knowledge of technology GRC trends and best practices.
• Leadership: Deputise for the Head of Security GRC as required; mentor and support colleagues within the team.

• Relevant security and compliance certifications such as CISMP, CISM, GDPR, CISSp or PCI.
• Proven experience in information security, governance, risk, and compliance roles.
• Strong understanding of security best practices, standards, and control frameworks.
• Knowledge of GRC principles, security auditing, and compliance validation.
• Experience with security frameworks and regulations (ISO27001, NIST, PCI, GDPR).
• Excellent communication skills, able to translate technical concepts for diverse audiences.
• Strong relationship-building and stakeholder management skills.

• Experience in the real estate sector is desirable.
• Understanding of emerging security controls (e.g., Zero Trust, DLP, IAM).
• Knowledge of cloud security, particularly within Azure and Microsoft environments.

Connells Group UK is an equal opportunities employer and positively encourages applications from suitably qualified and eligible candidates regardless of sex, race, disability, age, sexual orientation, transgender status, religion or belief, marital status, or pregnancy and maternity.

Don’t meet every single requirement? Studies have shown that women and people of colour are less likely to apply to jobs unless they meet every single qualification. At Connells Group we are dedicated to building a diverse, inclusive and authentic workplace. If you’re excited about this role but your experience doesn’t fit perfectly with every aspect of the job description, we encourage you to apply anyway. You may be just the right candidate for this or other opportunities.