Head of Cyber Risk Governance & Compliance GRC

McFall Recruitment are partnering with a Financial Services company seeking a pragmatic and experienced Head of Cyber Security Governance, Risk & Compliance to lead and evolve our global Information Security control framework. This pivotal role will shape the resilience, responsiveness, and maturity of our Information Security function across all regions and business units.

Reporting directly to the Chief Information Security Officer (CISO) , you’ll play a key leadership role in transforming Cyber Security —enhancing people, processes, and technology to protect the business and maintain operational resilience.

What you’ll do

• Lead the global Cyber Security risk management programme , driving best-in-class governance and compliance.
• Develop and maintain cybersecurity policies, standards, and procedures aligned with regulatory requirements and business objectives.
• Conduct risk assessments , manage control evaluations, and oversee treatment planning.
• Embed cyber risk into enterprise risk frameworks through collaboration with global teams.
• Oversee vendor risk management and ensure third-party compliance.
• Chair and lead the Cyber Security Digital Resilience Forum .
• Support the NIST maturity uplift programme and alignment with ISO 27001:2022 .
• Ensure compliance with key regulatory standards (e.g. DORA, GDPR, MAS, CPS230, SOX ).
• Act as a trusted advisor to executives, boards, and regulators, providing clear, business-focused guidance.
• Develop and maintain metrics and dashboards to monitor KRIs, control effectiveness, and compliance status.

About you

• Proven experience in Cyber Security leadership , ideally within financial services .
• Deep understanding of global regulatory environments and financial sector risk frameworks .
• Strong leadership and stakeholder engagement skills; able to communicate clearly across technical and non-technical audiences.
• Hands-on experience managing global teams and priorities across time zones.
• Relevant certifications such as CISM, CRISC, CISSP, ISO 27001 Lead Implementer/Auditor are highly desirable.
• Methodical, analytical, and calm under pressure, with meticulous attention to detail.
• Demonstrated ability to drive cultural change , improve processes, and uplift maturity levels.