Head of Information Security

Head of Cyber GRC

I’m supporting an organisation seeking a Head of Cyber GRC, a senior, strategic hire responsible for leading their enterprise-wide governance, risk and compliance (GRC) function.

This role sits at the heart of the organisation’s cyber strategy, ensuring robust risk management, regulatory compliance, and effective governance across a complex, research-driven environment.

What you’ll be doing:

• Leading the organisation’s cyber risk and compliance strategy at an enterprise level.
• Designing and implementing governance frameworks, policies and institutional risk management processes.
• Managing regulatory compliance across PCI-DSS, Cyber Essentials+ and emerging standards.
• Owning third-party and vendor risk management across the full supplier lifecycle.
• Overseeing GRC technologies such as OneTrust and Bitsight, driving platform optimisation and continuous improvement.
• Providing board-level reporting, dashboards and assurance to senior leadership and governance committees.
• Embedding cyber risk and compliance into business planning, decision-making and cross-functional programmes.
• Leading organisation-wide training, awareness and capability development.

What you’ll bring:

• Extensive GRC leadership experience within complex or highly regulated environments.
• Strong knowledge of enterprise risk frameworks, regulatory engagement and governance committee support.
• Expertise in developing and maturing GRC programmes, risk registers and compliance processes.
• Experience with GRC tooling and enterprise risk management technologies.
• Exceptional communication skills and the ability to influence at executive and board level.
• Relevant qualifications (e.g., CRISC, IRM) and a proven strategic mindset.