1 to 25 of 153 GRC Jobs in the UK

GRC Analyst – 6-month contract – London/Remote – Inside IR35 My Customer is looking for a GRC Analyst to join their Governance, Risk & Compliance (GRC) team. You will play a key role in strengthening their risk management processes, working primarily with Archer and other GRC tools to support risk assessment, compliance, and governance activities. In this role, you will be … responsible for identifying, assessing, and tracking security risks across assets, systems, and third parties, ensuring compliance with internal standards, policies, and regulatory frameworks. Key Skills from the GRC Analyst: Strong background in Security Risk and Governance with hands-on experience in Archer (experience with other GRC tools is also valuable). Solid understanding of risk assessment methodologies, security frameworks (NIST …/ISMS Accredited qualifications would be beneficial Experience working in financial sector would be beneficial Experience in ensuring internal IT system compliance against agreed standards Key Responsibilities of the GRC Analyst: Maintain and improve the security risk assessment framework, procedures, and workflows. Manage and update security questionnaires to align with compliance requirements, industry standards, and regulations. Conduct asset-level and More ❯

Oliver James is proud to be partnering with a globally renowned reinsurance company in their search for a Cyber Security Governance, Risk & Compliance (GRC) and Third-Party Risk Management (TPRM) Specialist. This role will play a crucial part in strengthening the organisation's security posture, focusing heavily on vendor risk, regulatory readiness, and cyber governance. Overview Oliver James is proud … to be partnering with a globally renowned reinsurance company in their search for a Cyber Security Governance, Risk & Compliance (GRC) and Third-Party Risk Management (TPRM) Specialist. This role will play a crucial part in strengthening the organisation's security posture, focusing heavily on vendor risk, regulatory readiness, and cyber governance. Based in the City of London with a flexible … and validate vendor security documentation (e.g., SOC 2, ISO 27001), evaluate control effectiveness, and coordinate remediation efforts for identified gaps. Ensure relevant business stakeholders are informed of potential risks. Governance, Risk & Compliance (GRC): Actively contribute to broader GRC initiatives, including: Managing GRC platforms and tools (e.g., control catalogues, issue tracking, policy management). Designing and deploying security awareness programs (e.g. More ❯

seamless data flow and integration between corporate systems (for example, linking finance and procurement systems or HR and payroll systems) to create a single source of truth. Implement data governance practices so that management reports and analytics are accurate and timely. Governance, Risk & Compliance: Implement strong IT governance and security practices for all corporate tech systems. Proactively use technology to … Expertise: Hands-on knowledge of implementing and supporting enterprise software such as ERP systems (e.g., Oracle Financials, SAP, or Netsuite), HRIS/Payroll systems (e.g., Workday, PeopleSoft, ADP), and GRC (Governance, Risk & Compliance) tools. Understanding of system architecture, integrations (middleware, APIs), and data management. Enterprise Applications: Proficiency with enterprise resource planning (ERP) systems, financial reporting software, and HR management systems. More ❯

possess the following? Relevant experience in cybersecurity risk management or equivalent in organizations of a similar scale. Experience in the identification and evaluation of risk, as well as using GRC tools and guidance developed for Risk mitigation. Practical knowledge of information security standards and risk assessment frameworks such as ISO 27001, SOC 2, NIST 800-32. Strong knowledge of More ❯

possess the following? Relevant experience in cybersecurity risk management or equivalent in organizations of a similar scale. Experience in the identification and evaluation of risk, as well as using GRC tools and guidance developed for Risk mitigation. Practical knowledge of information security standards and risk assessment frameworks such as ISO 27001, SOC 2, NIST 800-32. Strong knowledge of More ❯

possess the following? Relevant experience in cybersecurity risk management or equivalent in organizations of a similar scale. Experience in the identification and evaluation of risk, as well as using GRC tools and guidance developed for Risk mitigation. Practical knowledge of information security standards and risk assessment frameworks such as ISO 27001, SOC 2, NIST 800-32. Strong knowledge of More ❯

possess the following? Relevant experience in cybersecurity risk management or equivalent in organizations of a similar scale. Experience in the identification and evaluation of risk, as well as using GRC tools and guidance developed for Risk mitigation. Practical knowledge of information security standards and risk assessment frameworks such as ISO 27001, SOC 2, NIST 800-32. Strong knowledge of More ❯

possess the following? Relevant experience in cybersecurity risk management or equivalent in organizations of a similar scale. Experience in the identification and evaluation of risk, as well as using GRC tools and guidance developed for Risk mitigation. Practical knowledge of information security standards and risk assessment frameworks such as ISO 27001, SOC 2, NIST 800-32. Strong knowledge of More ❯

times. Provide audit artefacts and support internal/external audits. Contribute to broader security initiatives and continuous improvement within the organisation. About You 3+ years' experience in Information Security, GRC, or Vendor Risk Management. Strong experience issuing or responding to security questionnaires. Knowledge of ISO 27001 Annex A, SOC 2, and GDPR/CCPA. Excellent communication skills, able to translate More ❯

times. Provide audit artefacts and support internal/external audits. Contribute to broader security initiatives and continuous improvement within the organisation. About You 3+ years’ experience in Information Security, GRC, or Vendor Risk Management. Strong experience issuing or responding to security questionnaires. Knowledge of ISO 27001 Annex A, SOC 2, and GDPR/CCPA. Excellent communication skills, able to translate More ❯

times. Provide audit artefacts and support internal/external audits. Contribute to broader security initiatives and continuous improvement within the organisation. About You 3+ years' experience in Information Security, GRC, or Vendor Risk Management. Strong experience issuing or responding to security questionnaires. Knowledge of ISO 27001 Annex A, SOC 2, and GDPR/CCPA. Excellent communication skills, able to translate More ❯

times. Provide audit artefacts and support internal/external audits. Contribute to broader security initiatives and continuous improvement within the organisation. About You 3+ years' experience in Information Security, GRC, or Vendor Risk Management. Strong experience issuing or responding to security questionnaires. Knowledge of ISO 27001 Annex A, SOC 2, and GDPR/CCPA. Excellent communication skills, able to translate More ❯

times. Provide audit artefacts and support internal/external audits. Contribute to broader security initiatives and continuous improvement within the organisation. About You 3+ years' experience in Information Security, GRC, or Vendor Risk Management. Strong experience issuing or responding to security questionnaires. Knowledge of ISO 27001 Annex A, SOC 2, and GDPR/CCPA. Excellent communication skills, able to translate More ❯

times. Provide audit artefacts and support internal/external audits. Contribute to broader security initiatives and continuous improvement within the organisation. About You 3+ years’ experience in Information Security, GRC, or Vendor Risk Management. Strong experience issuing or responding to security questionnaires. Knowledge of ISO 27001 Annex A, SOC 2, and GDPR/CCPA. Excellent communication skills, able to translate More ❯

the tender process. This is a hybrid working role, with a requirement to be in our Warwick a few times per month. What you'll do: Assist on all Governance, Risk and Compliance activities across Network Services Business Unit. Provide specialist security expertise for multiple internal projects across the Network Services business area. Provide guidance in secure software development throughout More ❯

the tender process. This is a hybrid working role, with a requirement to be in our Warwick a few times per month. What you'll do: Assist on all Governance, Risk and Compliance activities across Network Services Business Unit. Provide specialist security expertise for multiple internal projects across the Network Services business area. Provide guidance in secure software development throughout More ❯

presentations and engaging effectively with senior stakeholders. Specialization in one or more of the following areas: Identity and Access Management Data Privacy and Protection Security Architecture Operational Technology Security Governance, Risk, and Compliance Ideally, You'll Also Have: Security-related qualifications such as CISSP, CISM, CISMP, ISO27001 lead implementer or auditor, MBCI, or IAPP. Experience operating within an NCSC Assured More ❯

Overview "Head of Cyber Governance, Risk and Compliance" - London Hybrid Full-time Personal Contract REQ5121 As a strategic leader in Governance, Risk and Compliance, you will guide SGN's cyber security and regulatory approach, ensuring our operations remain secure, resilient and fully compliant. We deliver safety, warmth, and comfort to homes and businesses. Every role, whether in the office or … on the front line, plays a key part in this mission. Here's how you will contribute Governance, Risk & Compliance (GRC) Leadership Lead and manage the GRC team, aligning cyber and business goals while ensuring compliance with NIS-R, ISO27001/2, and NIST-2. Oversee delivery plans, resource allocation, and stakeholder engagement for GRC initiatives. Training & Awareness Develop and More ❯

presentations and engaging effectively with senior stakeholders. Specialization in one or more of the following areas: Identity and Access Management Data Privacy and Protection Security Architecture Operational Technology Security Governance, Risk, and Compliance Ideally, You'll Also Have: Security-related qualifications such as CISSP, CISM, CISMP, ISO27001 lead implementer or auditor, MBCI, or IAPP. Experience operating within an NCSC Assured More ❯

and develop your career. We offer full 360-degree services to our clients from initial consulting on a range of areas including Risk Assessments, Vulnerability Management, Accreditations (ISO27001, GDPR), GRC (Governance, Risk, Compliance), Security Architecture Design and Build (technical and Non-technical), Incident Response, Protective Monitoring Services, Penetration Testing and much more. We take clients through a journey to improve More ❯

presentations and engaging effectively with senior stakeholders. Specialization in one or more of the following areas: Identity and Access Management Data Privacy and Protection Security Architecture Operational Technology Security Governance, Risk, and Compliance Ideally, You'll Also Have: Security-related qualifications such as CISSP, CISM, CISMP, ISO27001 lead implementer or auditor, MBCI, or IAPP. Experience operating within an NCSC Assured More ❯

to join our dynamic international team. As a Senior Security Consultant, you will play a crucial role in advising our clients at C-level on security strategy, governance, risk management, and compliance to enhance their cybersecurity maturity. You will work closely with clients to identify risks, conduct workshops, implement effective strategies, and ensure compliance with industry regulations and best practices. More ❯

and develop your career. We offer full 360-degree services to our clients from initial consulting on a range of areas including Risk Assessments, Vulnerability Management, Accreditations (ISO27001, GDPR), GRC (Governance, Risk, Compliance), Security Architecture Design and Build (technical and Non-technical), Incident Response, Protective Monitoring Services, Penetration Testing and much more. We take clients through a journey to improve More ❯

Through our end-to-end range of cyber and cloud capabilities, CyberCX empowers our customers to securely accelerate opportunities in the digital economy. Our services include: consulting and advisory, governance, risk and compliance, incident response, penetration testing and assurance, network and infrastructure solutions, cloud security and solutions, identity and access management, managed security services and cyber security training. More ❯

Programme Manager GRC Security About the Role We are seeking an experienced Programme Manager with GRC Security to lead the GRC workstream through a large SAP transformation. This role will be accountable for delivering a robust framework covering Roles & Authorisations, GRC and Security readiness to enable a secure, compliant and successful go-live. Key Responsibilities Roles & Authorisations Lead the design … of Duties risks and drive effective remediation. Oversee and support User Acceptance Testing (UAT) for role and access validation. Act as a subject matter expert on compliance best practices. Governance, Risk & Compliance (GRC) Implement and embed the programme s GRC framework. Track and report on compliance KPIs, control effectiveness and risk posture. Ensure collection and maintenance of audit-ready evidence. … remediation. Triage and manage security issues, with focus on critical go-live blockers. Ensure security standards and controls are fully integrated into solution design. About You Proven experience managing governance, risk, and compliance workstreams in large-scale SAP or ERP programmes. Strong expertise in SAP roles, authorisations and SoD principles. Hands-on experience with GRC frameworks, audit processes, and risk More ❯