GRC - Policy Lead

The Policy Support Lead will be responsible for developing, implementing, and maintaining security policies, standards, and procedures to ensure the protection of our information assets. This role requires a good understanding of security frameworks and regulatory requirements. In addition, this role requires you to have experience of Information Security.

The role will report directly to the Head of Governance, Risk and Compliance, with whom you will work to deliver the goals of the company to have a fit-for-purpose security standards framework. This is a role that requires the individual to be able to work independently, finds fulfilment in a challenging and fast-paced environment and take accountability to meet and drive the needs of the programme.

What you'll do as a Policy Support Lead

Security Standards Management:

• Develop and maintain comprehensive security policies, standards and procedures across the organisation.
• Align all standards with applicable regulatory requirements and frameworks (e.g., ISO 27001, GDPR, NIS-R).
• Review and update standards regularly in response to emerging threats and regulatory changes.

Governance & Compliance:

• Oversee the exception management framework, including reporting, approvals and reviews prior to expiry.
• Monitor compliance with security policies and standards across digital and business teams.
• Act as the primary point of contact for internal and external audits related to security standards.

Service Delivery & Operations:

• Coordinate the annual standards review cycle, ensuring timely updates and stakeholder engagement.
• Support the publication and socialisation of new or revised standards to ensure organisation wide awareness.
• Collaborate with cross functional teams to embed security best practices into digital processes.

Stakeholder & Communications Management:

• Build and maintain relationships with key stakeholders including the CISO, CIO, architecture teams, programme delivery and business owners.
• Provide clear, engaging, and relevant communication and training around security standards.
• Deliver security messaging both in person and virtually, ensuring consistency and clarity.

Continuous Improvement:

• Track policy effectiveness and recommend enhancements to improve standard adoption and compliance.
• Stay informed of the latest security regulations, technologies and industry best practices to ensure standards remain current and effective.

What you should bring to the role:

Essential Experience:

• Experience in information security or a related governance role.
• Experience applying security frameworks and regulatory requirements (CIS, GDPR, NIS-R).
• Experience collaborating across multiple business areas and functional teams.
• Proven ability to work independently, with strong stakeholder management capabilities.

Essential Technical Skills & Qualifications:

• Strong written and verbal communication skills with the ability to deliver complex messages clearly.
• Skilled in exception management, reporting and compliance monitoring.

Desirable Experience:

Additional skills and experiences would be great to have/bring:

• Experience in maintaining security standards and exception frameworks.
• Exposure to information risk management processes and controls.

Desirable Technical Skills & Qualifications:

• Relevant certifications such as CISSP, CISM or CISA.

Desirable Competencies:

• Strong relationship building and collaboration skills.
• Excellent organisational and time management skills.
• Ability to influence stakeholders and drive compliance in a matrixed environment.

NO SPONSORSHIP AVAILABLE

GCS is acting as an Employment Agency in relation to this vacancy.