1 to 25 of 39 GRC Jobs in London

Are you a governance leader who thrives at the intersection of information security, compliance, and organisational resilience? We're looking for an experienced Senior Security Governance Manager to drive our Information Governance, Cyber Security, and Quality frameworks to new heights. This is a high-impact role where you'll shape the strategic direction of security governance across the business, ensuring … compliance with UK, NHS, and international regulations - while empowering teams to work securely and confidently in a complex digital environment. What You'll Be Responsible For Information Governance Develop and execute the organisation's Information Governance (IG) strategy in line with UK, NHS, and international data protection frameworks. Maintain governance policies and key artefacts such as DPIAs, Data Processing Agreements … and support independent audit processes. Monitor compliance across business units and lead corrective actions where required. Cyber Security Lead the implementation and maintenance of Cyber Security policies, ensuring robust governance across all business areas. Manage the ISO 27001 certification lifecycle - including audits, remediation, and recertification. Collaborate with technical and product teams to embed security standards and oversee incident response procedures. More ❯

risk management, and vulnerability identification. Certifications: ISO 27001 Lead Implementer/Auditor, CISSP, CISM (highly desirable). Skills: Excellent communication, documentation, and project management abilities. Preferred Extras Familiarity with GRC tools and ISMS platforms. Ability to work independently and manage multiple priorities. Strong problem-solving skills in a fast-paced environment. Your expertise will keep us secure, compliant, and ahead More ❯

risk management, and vulnerability identification. Certifications: ISO 27001 Lead Implementer/Auditor, CISSP, CISM (highly desirable). Skills: Excellent communication, documentation, and project management abilities. Preferred Extras Familiarity with GRC tools and ISMS platforms. Ability to work independently and manage multiple priorities. Strong problem-solving skills in a fast-paced environment. Your expertise will keep us secure, compliant, and ahead More ❯

staff & a focus on technical excellence? If so, we are looking for an experienced IT Security Engineer to join our growing Security Ops team, working closely with the wider GRC & policy team, DevOps teams, Dev’ team & internal IT teams to make sure security is at the heart of all our technical process'. This role will cover a wide array More ❯

staff & a focus on technical excellence? If so, we are looking for an experienced IT Security Engineer to join our growing Security Ops team, working closely with the wider GRC & policy team, DevOps teams, Dev’ team & internal IT teams to make sure security is at the heart of all our technical process'. This role will cover a wide array More ❯

frameworks, policies, and regulatory requirements. Collaborate with IT, Risk, Compliance, and project teams to deliver practical, client-focused security advice. What they're looking for: Strong technical security and GRC experience. Experience in project delivery and stakeholder engagement (not hands-off). Knowledge of ISO 27001, NIST, or similar frameworks. Excellent communication, analytical, and problem-solving skills. Contract Details: Location More ❯

Essentials/Essentials Plus. Our clients span telecommunications, Government infrastructure, and digital currencies - covering essential services and critical payment infrastructure. Services include: • Security consulting across the area of security governance, risk, compliance and standards alignment • Penetration testing • Security architecture for cloud and infrastructure • Detection and response • Fractional heads and virtual support • NCSC Assurance service provider for Cyber Essentials and a More ❯

Essentials/Essentials Plus. Our clients span telecommunications, Government infrastructure, and digital currencies - covering essential services and critical payment infrastructure. Services include: • Security consulting across the area of security governance, risk, compliance and standards alignment • Penetration testing • Security architecture for cloud and infrastructure • Detection and response • Fractional heads and virtual support • NCSC Assurance service provider for Cyber Essentials and a More ❯

Essentials/Essentials Plus. Our clients span telecommunications, Government infrastructure, and digital currencies - covering essential services and critical payment infrastructure. Services include: • Security consulting across the area of security governance, risk, compliance and standards alignment • Penetration testing • Security architecture for cloud and infrastructure • Detection and response • Fractional heads and virtual support • NCSC Assurance service provider for Cyber Essentials and a More ❯

e.g., Gemini, Microsoft Copilot, OpenAI, Anthropic) and their practical constraints. Experience building AI roadmaps that align business functions (Marketing, Sales, Customer Service, Operations, Digital, Risk). Knowledge of AI governance, risk, compliance, and responsible AI frameworks relevant to FS environments. Exposure to AI delivery teams, including MLOps, data engineering, AI consulting, or agent-development teams. Ability to translate complex technical More ❯

e.g., Gemini, Microsoft Copilot, OpenAI, Anthropic) and their practical constraints. Experience building AI roadmaps that align business functions (Marketing, Sales, Customer Service, Operations, Digital, Risk). Knowledge of AI governance, risk, compliance, and responsible AI frameworks relevant to FS environments. Exposure to AI delivery teams, including MLOps, data engineering, AI consulting, or agent-development teams. Ability to translate complex technical More ❯

driving the implementation of controls, monitoring, and documentation for compliance readiness. Key Requirements Proven experience in s ecurity engineering and compliance delivery Deep understanding of SOC 2, ISO 27001, GRC frameworks and audit processes Hands-on experience integrating cybersecurity tools and platforms such as Crowdstrike, Vanta, Rapid7 Strong adherence to Azure security best practices Knowledge of TX-RAMP and FedRAMP More ❯

our ideal customers use are are familiar with the procurement and billing/AP space You have experience with demoing, implementing or administering key applications such as ERPs, CLMs, GRC, procurement and/or AP automation platforms. You're an effective communicator, simplifying technical concepts for both technical and non-technical audiences. You're a proactive problem solver, with strong More ❯

strategic senior leader to oversee our Cyber Engineering, Identity & Access Management (IAM), and Data Loss Prevention (DLP) functions. This role will be responsible for driving the design, delivery, and governance of enterprise-wide security engineering solutions, while ensuring secure, scalable, and resilient identity and data protection services. The ideal candidate will combine deep technical expertise with strong leadership skills to … automation, orchestration, and advanced analytics to improve detection, response, and resiliency. Identity & Access Management Own enterprise-wide IAM strategy, including workforce and customer identity, privileged access management (PAM), identity governance and administration (IGA), and multi-factor authentication (MFA). Lead initiatives to modernize and integrate IAM platforms to support cloud adoption, Zero Trust, and frictionless user experiences. Partner with business … to prevent unauthorized data exfiltration, insider threats, and regulatory breaches. Implement monitoring, classification, and enforcement mechanisms that balance data protection with business enablement. Partner with business, compliance, and data governance teams to align DLP strategy with General Data Protection Regulation, Financial Conduct Authority, Prudential Regulation Authority, Sarbanes-Oxley, and other global data protection requirements. Provide executive and Board-level reporting More ❯

our global law firm, focused on protecting client data, intellectual property, and business operations while enabling secure innovation. Through four key pillars Digital Trust, Technical Assurance, Security Operations, and Governance, Risk and Compliance (GRC) the team delivers comprehensive security solutions that align with our firms strategic objectives as well as client and regulatory requirements. Our integrated approach combines secure by … Digital Trust vision into a workable, mature and optimized function and service. This role requires extensive experience across all Identity and Access Management core disciples including identity management, identity governance and administration, privileged access, and conditional access and in particular, machine identities. It also requires deep technical skills in the DevSecOps. This role will support the transformation of IAM into … AI workloads into a coherent identity Configure and maintain technologies that support the IAM function and AI security such as Active Directory, Entra ID Privileged Identity, Privileged Access, and Governance; Conditional Access Policies (for AI IDs); CyberArk, Palo Altos XSIAM and XSOAR platforms. Design and transition AI IAM service components into operation operational manuals, support patterns, standard changes, request management. More ❯

Location: London (onsite 2 days per week) Duration: 6 months Rate: Inside IR35, rate to be discussed Are you an experienced Head of Information Security Governance, Risk and Compliance looking for your next opportunity to make an impact within an evolving and fast paced environment? Do you have strong experience of leading 3rd party security assurance processes? If so, apply … now. We are seeking an experienced Head of InfoSec GRC & Awareness to lead governance, risk, compliance, and security awareness initiatives across an organisation at a time of significant modernisation. This pivotal role ensures a robust security posture by developing and enforcing policies, standards, and training programmes aligned with business objectives and regulatory requirements. The key responsibilities of the Head of … Information Security GRC & Awareness are: Lead the development and enforcement of enterprise-wide information security policies and standards. Drive security governance and cyber maturity through compliance, assurance reviews, and gap analysis. Oversee the Information Security Risk Management process Conducting in depth supplier due diligence/third party assurance processes Manage audit readiness and support internal/external audit activities. Own More ❯

their customers' assets and data against an evolving landscape of sophisticated global and local threats. Job Type: Permanent Location: London, UK Work Place: Remote Requirements Experience with information security governance, risk and compliance experience for a global organization Knowledge of technical infrastructure, networks, databases and systems in relation to IT Security and IT Risk A strategic business partner with the … the capacity to effectively lead, manage, and inspire a team, enabling them to achieve both strategic and functional objectives Experience developing and publishing company-wide policies, standards, and other governance documents Ability to work very well cross-functionally and are able to think rigorously and make hard decisions and tradeoffs Ability to demonstrate initiative, operate autonomously, and assume complete responsibility More ❯

Working Our client are seeking an experienced Information Security Analyst to provide immediate support to the Information Security team. This role is a hybrid of technical security analysis and governance, risk, and compliance (GRC)activities. The successful candidate will play a key role in assessing risks, reviewing supplier and project security documentation, responding to security questionnaires and tenders, supporting incident … This is a hands-on delivery role for someone who can work independently, make sound judgements, and communicate clearly with both technical and non-technical stakeholders. Key Responsibilities Security Governance & Risk Technical Security Oversight Supplier and Third-Party Security Assurance Advisory and Awareness Desirable Relevant certifications such as CISSP, CISM, CRISC, CEH, CompTIA Security+, or equivalent experience. Experience working in More ❯

and applications attestation. This is a hands-on role with a strong emphasis on stakeholder engagement. Your New Role: Support the Global ICA Manager and vendor in shaping the governance and managing the attestation process within ServiceNow IRM, ensuring critical applications meet compliance requirements. Review and validate system outputs, challenging discrepancies between expected and actual results, and escalating for further … support where appropriate. Create and maintain risks and issue trackers, extract/upload data to GRC tools, produce divisional IT risk dashboards, and prepare reporting packs for senior stakeholders. Deliver actionable insights through Power BI and advanced Excel reporting for ICA and Application Attestation activities. Act as a subject matter expert, collaborating with third-party vendors on solution design and … federated structures like QBE’s operating model. Working knowledge of NIST, ISO, COBIT and other risk management frameworks Advanced Excel (including VBA), Power BI, and SharePoint proficiency; experience with GRC tools such as Archer for data extraction and reporting. Skilled in presenting to senior leadership and translating insights into clear, meaningful narratives. Comfortable working in ambiguity, managing multiple priorities, and More ❯

significant experience of designing, engineering and securing cloud hosted solutions against real-world threats. Strong cloud security engineering and/or architecture experience in the fundamental Cloud Security Domains - Governance, Risk and Control (GRC), Identity and Access Management, Cloud Network and Compute Infrastructure Security, Data Protection (at-rest/in-transit), Workload Security, SIEM, Logging and Monitoring. Experience with Cloud More ❯

Are you looking to join a global software technology company, with their main base of operations here, in the UK, as an experienced GRC Information Security Analyst ? Do you have experience in the GRC Security space with audits, auditors, ISO27001, PCI DSS, SOC2, NIST & current compliance regulations? If so & you are looking to expand your information Security career, meet new … team members, embrace new challenges & join a world-class team – we’d like to hear from you! Job title: GRC Information Security Analyst. Global Technology company. Salary: £60K - £65K Basic range + 10% Bonus + Excellent benefits package Location: Central London office. We offer a hybrid workplace, with a LOT of flexibility for remote . However, due to the nature … days per week on this, in office. Some weeks, it may be zero though! Some weeks, it may be 3 days – flexibility is key. If you’re an experienced GRC Security Analyst, you’ll already know what the role will entail, but see below for things we’ll need to see in order to be considered: - Knowledge and experience of More ❯

Are you looking to join a global software technology company, with their main base of operations here, in the UK, as an experienced GRC Information Security Analyst Do you have experience in the GRC Security space with audits, auditors, ISO27001, PCI DSS, SOC2, NIST & current compliance regulations? If so & you are looking to expand your information Security career, meet new … team members, embrace new challenges & join a world-class team – we’d like to hear from you! Job title: GRC Information Security Analyst. Global Technology company. Salary: £60K - £65K Basic range + 10% Bonus + Excellent benefits package Location: Central London office. We offer a hybrid workplace, with a LOT of flexibility for remote . However, due to the nature … days per week on this, in office. Some weeks, it may be zero though! Some weeks, it may be 3 days – flexibility is key. If you’re an experienced GRC Security Analyst, you’ll already know what the role will entail, but see below for things we’ll need to see in order to be considered: - Knowledge and experience of More ❯

month contract – London/Remote My Customer is seeking an experienced Senior Security Consultant to take a leading role in the end-to-end (Design, implementation) delivery of Governance, Risk & Compliance (GRC) and IT simplification initiatives. The Senior Security Consultant would be working at the heart of major programmes – including designing and implementing Security frameworks around cloud (Azure) migrations, AI … to delivery. Strong background designing and creating security audit preparation and coordination. Proven ability influencing and communicating with stakeholders at all levels. Hands-on experience designing and supporting ISMS governance and security implementation across large programmes of work. Practical experience creating and conducting risk assessments, including project risk and third-party/vendor risk. Solid understanding of security frameworks and More ❯

governance. Required Skills: Proven experience in business/systems analysis, especially in banking, procurement, or third-party risk management. Strong background in implementing SaaS platforms, ideally ProcessUnity or similar GRC/TPRM tools. Familiarity with SaaS and cloud-based applications (Azure/AWS). Excellent understanding of technical and non-functional requirements like performance, security, and scalability. Experience in interface … specification and integration design, including APIs and data mapping. Outstanding stakeholder management and communication skills. Preferred Skills: Knowledge of GRC platforms and third-party risk workflows. Experience with procurement systems (e.g., Coupa, Ariba, SAP). Proficiency in JIRA, Confluence, Visio, and SQL. Exposure to Agile and Waterfall methodologies. Education: Bachelor's degree in Information Systems, Business Administration, Supply Chain Management More ❯

governance. Required Skills: Proven experience in business/systems analysis, especially in banking, procurement, or third-party risk management. Strong background in implementing SaaS platforms, ideally ProcessUnity or similar GRC/TPRM tools. Familiarity with SaaS and cloud-based applications (Azure/AWS). Excellent understanding of technical and non-functional requirements like performance, security, and scalability. Experience in interface … specification and integration design, including APIs and data mapping. Outstanding stakeholder management and communication skills. Preferred Skills: Knowledge of GRC platforms and third-party risk workflows. Experience with procurement systems (e.g., Coupa, Ariba, SAP). Proficiency in JIRA, Confluence, Visio, and SQL. Exposure to Agile and Waterfall methodologies. Education: Bachelor's degree in Information Systems, Business Administration, Supply Chain Management More ❯