2 of 2 GRC Jobs in the North East

and other relevant frameworks. Risk Management: Lead the information security risk management program, including the identification, assessment, mitigation, and monitoring of risks across all systems and operations. Policy and Governance: Support and oversee the creation and enforcement of security policies, standards, and procedures. Incident Response: Develop, implement, and manage the security incident response plan. Leadership: Provide strong leadership and mentorship … to the governance, risk, and compliance team. Essential Requirements: Extensive security leadership: Proven experience (10+ years) in a senior information security role, with significant experience in a CISO or equivalent position within a software development or health technology environment UK health sector experience: In-depth knowledge and practical experience with UK healthcare security standards and regulations, including demonstrable expertise with … track record in developing, leading, and managing security incident response plans, including experience with major incident handling and communication with regulatory bodies (eg NCSC, ICO, NHS England). Policy & governance: Extensive experience in developing, implementing, and enforcing comprehensive information security policies, standards, and procedures. Regulatory compliance: Solid understanding of UK and EU data protection laws (eg GDPR, Data Protection Act More ❯

a security-focused culture that ensures robust, sustainable cyber practices.Working closely with service providers, you will lead oversight in areas critical to the business's cyber security posture, including governance, incident management, and ongoing security assessments. Your primary goal is to provide assurance that all aspects of Cyber Security meet and exceed compliance requirements, are aligned with the latest threats … with service providers and ensure they uphold a security-focused approach. Cyber Security Oversight : Overseeing and assuring the agreed security plans are met across each service line, including regular governance activities, such as: Incident Management and Cyber Security Testing, including regular reviews of supplier-led security testing Security Awareness: Assuring the training and awareness efforts conducted by suppliers, ensuring consistent … With proven background as a Cyber Security professional with experience at the managerial level, you will be adept at managing and influencing third-party suppliers. While this role is governance, risk, and compliance (GRC) focused, a technical background or understanding is advantageous for advising on architecture and technical security needs, will be required.Familiarity with NIST Cyber Security Framework (CSF), with More ❯