1 to 25 of 109 GRC Jobs in the South East

a fast-scaling, high-impact organisation in the heart of London. This is a strategic, foundational hire —you will be responsible for designing and building out a brand-new Governance, Risk, and Compliance (GRC) function from the ground up. As the company continues to grow, the need for a comprehensive and mature cybersecurity posture has never been greater. You will … own the security vision and strategy while rolling up your sleeves to implement, scale, and continually improve our approach to GRC, risk management, threat mitigation, and compliance frameworks. Key Responsibilities Design and implement a scalable GRC framework tailored to the business, addressing risk management, compliance standards (ISO 27001, NIST, SOC 2, etc.), and internal governance controls. Security Strategy: Develop and … on cybersecurity at the board and executive level. Communicate risk posture, security investments, and incident updates clearly and confidently. Team Building: Build and lead a high-performing security and GRC team. Provide leadership, mentoring, and continuous development. Security Architecture & Technology: Guide the evaluation, adoption, and deployment of security tools and technologies that support the company’s security strategy. Security Culture More ❯

you possess the following?: Proven related experience in cybersecurity risk management in organizations of a similar scale. Experience in the identification and evaluation of risk, as well as using GRC tools and guidance developed for Risk mitigation. Practical knowledge of information security standards and risk assessment frameworks such as ISO 27001, SOC 2, NIST 800-32 Strong knowledge of cyber More ❯

you possess the following?: Proven related experience in cybersecurity risk management in organizations of a similar scale. Experience in the identification and evaluation of risk, as well as using GRC tools and guidance developed for Risk mitigation. Practical knowledge of information security standards and risk assessment frameworks such as ISO 27001, SOC 2, NIST 800-32 Strong knowledge of cyber More ❯

and Causeway domains. Security Team Collaboration Contribute to broader security initiatives and continuous improvement within the team and organisation. Skills, Experience, and Qualifications Essential 3+ years in information security, GRC, or vendor risk management. Experience issuing or responding to security questionnaires and DDQs. Solid knowledge of ISO 27001 Annex A, SOC 2, and GDPR/CCPA. Strong communication skills, capable More ❯

verbal communication abilities, with a focus on clear reporting and stakeholder engagement. Possession of industry-recognised certifications such as CISSP, CISM, CRISC, or CEH would be preferred. Familiarity with Governance, Risk, and Compliance (GRC) platforms and maintaining structured risk registers. Understanding of applicable regulations and data protection legislation, including GDPR and other industry-specific mandates. What you'll get in More ❯

Role Description The Information Security Analyst plays a key role in supporting Allianz UK's Information Security initiatives, with a focus on executing the Governance, Risk, and Compliance (GRC) activities and implementing the NIST Cyber Security Framework (CSF) across the organisation. The NIST analyst will involve in day-to-day GRC operations, such as designing and implementing security controls, interpreting … non-compliance issues and information security risks. As an Information Security Analyst at Allianz UK, you will be pivotal in advancing the company's Information Security initiatives by executing Governance, Risk, and Compliance (GRC) activities and implementing the NIST Cyber Security Framework (CSF) organization-wide. Your role will involve daily GRC operations, including designing and implementing security controls, interpreting requirements … catalogue, policies, and procedures aligned with the NIST Cyber Security Framework (CSF). Collaborating with the wider organization to integrate control testing and risk management activities into the existing governance framework. Assisting cross-functional teams and business units in integrating security measures into business operations. Supporting compliance activities with the Group Information Security Framework, Cyber Essentials, and PCI DSS attestation. More ❯

Senior Cyber Security Consultant - GRC (Governance, Risk, Compliance) Location: Reading, United Kingdom (Hybrid 1-2 days per month, with some travel) Job Type: 6 month contract (inside IR35) About the Role: We are seeking a talented and experienced Senior Security Consultant specialising in Governance, Risk, and Compliance (GRC). In this role, you will deliver Cyber GRC projects, guiding clients … to identify business issues and propose effective solutions to stakeholders ranging from technical teams to Director-level executives. Travel may be required for client engagements. Key Responsibilities: Deliver Cyber GRC projects from start to finish, including client identification, scoping, execution, and invoicing. Work with large enterprise customers to provide security consulting services. Apply established security frameworks and standards such as … ISO27001, NIST CSF, CIS Top 18, and COBIT. Demonstrate professional consulting experience in Enterprise IT-security, Cyber Security Governance, Technology Risk Management, Compliance, Business Continuity/DR, and Cloud Security. Ensure client satisfaction by delivering high-quality solutions tailored to business needs. What We Are Looking For Minimum of 6 years of professional experience in security consulting. Proficiency with security More ❯

packaging solutions, paper products and recycling services in more than 30 different countries across EMEA with over 30,000 colleagues. About the role Reporting to Head of I&T GRC, Governance and Risk Lead will be responsible for driving information and cyber security awareness, delivering security awareness training including phishing and facilitation of cyber scenario desktop simulations across central and … risk register, tools, process, reporting and review. You will take responsibility for managing a subset of aspects of ISO 27001 related documentation and control activities. As the I&T Governance and Risk Lead you will have the responsibility of aspects of the I&T GRC scope, delegated and assigned by the Head of I&T GRC. Key Accountabilities Engage with More ❯

Join to apply for the Information Technology Consultant role at Virgin Atlantic . This role is responsible for supporting the governance of information security, ensuring that an appropriate risk, policy, and reporting framework is managed to enable Virgin Atlantic Airways to use information safely and in compliance with regulation. It involves supporting the identification, management, and documentation of requirements impacting … the risk, policy, and reporting framework, as well as communicating governance matters with internal and external groups such as Internal Audit, Technology Leadership Team, Safety & Security, Virgin Group, or CPNI. The role ensures robust identification, management, and mitigation of information and cybersecurity risks across Virgin Atlantic’s operations. With an emphasis on risk management activities, third-party supply chain security … NIST Cybersecurity Framework PCI-DSS 4.0.1 UK GDPR, NIS2 Directive, CAP1753, and related sector obligations This makes it a great development role for those aiming to step into senior GRC or advisory roles. About you CRISC/CISA/CISM certification through ISACA or an equivalent professional body. ISO 27001 Lead Implementer/Auditor certification. Sound knowledge of information security More ❯

PSD2 SCA, CSSF) and global standards (PCI DSS, SWIFT CSP). This role requires technical knowledge, strategic thinking, and expertise in managing third-party risk , outsourcing compliance , and identity governance to safeguard operational resilience. What you will be doing: Regulatory & Technical Compliance: Support compliance with GDPR and complementary regulations like DORA (Digital Operational Resilience Act) , ensuring alignment in areas such … as incident reporting and data protection. Translate requirements from PSD2 SCA , PCI DSS , and SWIFT CSP into technical security controls. Maintain IT security governance frameworks (ISO 27001, NIST CSF, CIS Controls). Manage and maintain Security Policies and procerdures Third-Party Risk & Outsourcing Management: Design and implement third-party risk management programs to assess vendors, cloud providers, and outsourced services. … PAM). Conduct periodic user access reviews to ensure compliance with least privilege principles and regulatory requirements. Security awareness management experience. What we are looking for: 5+ years in GRC roles ; financial services or banking. Understanding of GDPR , DORA , PCI DSS, and outsourcing/third-party risk requirements. Hands-on experience with ISO 27001 implementation and third-party risk tools More ❯

PSD2 SCA, CSSF) and global standards (PCI DSS, SWIFT CSP). This role requires technical knowledge, strategic thinking, and expertise in managing third-party risk , outsourcing compliance , and identity governance to safeguard operational resilience. What you will be doing: Regulatory & Technical Compliance: Support compliance with GDPR and complementary regulations like DORA (Digital Operational Resilience Act) , ensuring alignment in areas such … as incident reporting and data protection. Translate requirements from PSD2 SCA , PCI DSS , and SWIFT CSP into technical security controls. Maintain IT security governance frameworks (ISO 27001, NIST CSF, CIS Controls). Manage and maintain Security Policies and procerdures Third-Party Risk & Outsourcing Management: Design and implement third-party risk management programs to assess vendors, cloud providers, and outsourced services. … PAM). Conduct periodic user access reviews to ensure compliance with least privilege principles and regulatory requirements. Security awareness management experience. What we are looking for: 5+ years in GRC roles ; financial services or banking. Understanding of GDPR , DORA , PCI DSS, and outsourcing/third-party risk requirements. Hands-on experience with ISO 27001 implementation and third-party risk tools More ❯

Job information: Functional Title - IT Security Specialist Department – Security Governance and Risk Management Corporate level – Associate Vice President Report to – Director of Security Location - London, onsite 2 days per week About the role: The individual will be part of the security function that is responsible for security governance, risk and assurance, to ensure the organisations security posture is robust, compliant … stakeholders Base level understanding of security risk management and taxonomy principles, to reduce risk to an acceptable level. Knowledge of vulnerability management and incident management practices. Ability to learn GRC tools and best practices. RSA Archer is preferred. Financial and/or Banking industry experience preferred. Professional qualifications/certifications Ideally qualified in MSc Information Security, CICA, CRISC, CISM and More ❯

Senior GRC Specialist City of London/Hybrid £Competitive + strong bonus and benefits GRC Frameworks, ISO 27001, NIST, DORA Senior IT GRC Specialist is required by prestigious financial services organisation in the heart of the City. In this collaborative role, you will support the development and enhancement of IT Governance, Risk, and Compliance frameworks, working closely with senior stakeholders … internal IT teams, and third-party partners to manage IT risk and ensure regulatory compliance across the business. Key Responsibilities: Governance: Contributing to the implementation and continuous development of IT GRC frameworks. Assisting in the review and maintenance of IT GRC documentation. Assist in the implementation and communication of IT risk and control management frameworks. Conduct governance reviews in line … with agreed schedules and document outcomes. Maintain documentation for IT risk and control management processes. Support the preparation and delivery of formal IT GRC reporting. Risk: Identifying, assessing, and documenting IT risks. Supporting IT risk management activities, including the execution of technical IT risk assessments. Supporting risk owners to define remediation plans and monitor progress on remediation activities. Manage day More ❯

various tools and activities. Manage and improve Three's Security Exception process. Work effectively with Enterprise risk and compliance functions to escalate enterprise-level Technology and Security risks. Operate GRC tools for Risk Management to record, track, and monitor risks and controls. Support ongoing education and awareness activities related to Security policies, Risk management frameworks, and governance across the company. More ❯

line team member, you will collaborate closely with the Information Security Manager to safeguard the organisation against cyber, information, physical, and technical security risks. Your expertise will drive robust governance frameworks, policy management, and compliance with industry standards, ensuring the protection of our systems, suppliers, and people. You’ll play a key role in ensuring the systems, suppliers, and people More ❯

meet risk management requirements and industry control frameworks. Contribute to the development and implementation of security policies, procedures, and controls. What will help you succeed Technical Skills: Experience with Governance, Risk, and Compliance (GRC) tools (preferred: OneTrust). Familiarity with AGILE methodologies, preferably Atlassian/Jira. Understanding of Application Security (OWASP Top 10). Knowledge of web development technologies and More ❯

NIST and RSA Archer platforms. Preferred Qualifications: Bachelor’s degree in Information Security, Cybersecurity, or related field. Professional certifications such as CISSP, CISA, CRISC, or CISM. Familiarity with other governance, risk, and compliance (GRC) tools. More ❯

GRC vCISO Senior Consultant - UK Remote - Up to £110,000 + Good Benefits Are you a confident, capable V-Ciso/GRC consultant ready to influence strategic security change? Looking for your next senior step in a supportive, agile consulting team? This could be the role for you. We're hiring a GRC/vCISO Consultant to join a fast … SME and retail-sector clients, acting as a trusted advisor across longer-term engagements - shaping security strategy, influencing stakeholders, and driving real change. The Role: Lead and deliver complex GRC engagements, operating at both a strategic and tactical level Build trust with clients, challenge assumptions diplomatically, and influence senior stakeholders Provide guidance across security frameworks and standards such as ISO27001 … and assumptions What You'll Bring: Strong 3rd Party/Professional Services consulting experience, ideally in SME, retail, or commercial environments Experience navigating delivering LONGER V-Ciso style engagements, GRC, risk frameworks, and regulatory compliance (we're not looking for an auditor!) A background in Cyber, Cloud or Networking is useful - even if not current/up to date. Certifications More ❯

Excellent communication skills, both verbal and written, with the ability to initiate and lead conversations with senior stakeholders Ability to prioritise and manage a varying workload Experience with using GRC solutions as part of a risk management programme. Understanding of cyber security best practices including knowledge of the general cyber threat landscape and common security controls architecture. Due to the More ❯

Excellent communication skills, both verbal and written, with the ability to initiate and lead conversations with senior stakeholders Ability to prioritise and manage a varying workload Experience with using GRC solutions as part of a risk management programme. Understanding of cyber security best practices including knowledge of the general cyber threat landscape and common security controls architecture. Due to the More ❯

Excellent communication skills, both verbal and written, with the ability to initiate and lead conversations with senior stakeholders Ability to prioritise and manage a varying workload Experience with using GRC solutions as part of a risk management programme. Understanding of cyber security best practices including knowledge of the general cyber threat landscape and common security controls architecture. Due to the More ❯

Excellent communication skills, both verbal and written, with the ability to initiate and lead conversations with senior stakeholders Ability to prioritise and manage a varying workload Experience with using GRC solutions as part of a risk management programme. Understanding of cyber security best practices including knowledge of the general cyber threat landscape and common security controls architecture. Due to the More ❯

Excellent communication skills, both verbal and written, with the ability to initiate and lead conversations with senior stakeholders Ability to prioritise and manage a varying workload Experience with using GRC solutions as part of a risk management programme. Understanding of cyber security best practices including knowledge of the general cyber threat landscape and common security controls architecture. Due to the More ❯

Excellent communication skills, both verbal and written, with the ability to initiate and lead conversations with senior stakeholders Ability to prioritise and manage a varying workload Experience with using GRC solutions as part of a risk management programme. Understanding of cyber security best practices including knowledge of the general cyber threat landscape and common security controls architecture. Due to the More ❯

Excellent communication skills, both verbal and written, with the ability to initiate and lead conversations with senior stakeholders Ability to prioritise and manage a varying workload Experience with using GRC solutions as part of a risk management programme. Understanding of cyber security best practices including knowledge of the general cyber threat landscape and common security controls architecture. Due to the More ❯