Head of Cyber Risk, Governance & Compliance GRC

McFall Recruitment are partnering with a Global Financial Services organisation on a Head of Cyber Governance, Risk & Compliance (GRC)

London or Edinburgh Hybrid

We're looking for an experienced Head of Cyber Governance, Risk & Compliance (GRC) to lead a global team responsible for strengthening and harmonising the organisation's cybersecurity control framework.

Reporting directly to the CISO, you'll manage a team of six covering governance, risk, and audit, driving consistency, compliance, and maturity across global operations.

This is a key leadership role for a strategic yet hands-on cyber risk professional with strong knowledge of frameworks such as NIST, ISO 27001, CPMI-IOSCO, and the CRI Cyber Risk Profile.

What you'll do

Lead and develop a global GRC team, ensuring effective cyber risk management and governance practices.

Maintain and enhance policies, standards, and documentation to meet regulatory and audit requirements.

Oversee vendor and third-party due diligence, supplier notifications, and control assurance.

Utilise tools such as SecurityScorecard, RiskConnect, and SharePoint for risk monitoring and reporting.

Translate technical risk into board-level reporting and engage with senior stakeholders across global regions.

Collaborate closely with teams in Operational Resilience, Engineering, and Cyber Operations.

About you

Proven experience leading cyber risk and compliance functions within financial services or regulated industries.

Strong knowledge of cyber risk management frameworks and regulatory harmonisation across global jurisdictions (US, UK, EU, Japan).

Excellent communication skills - able to simplify complexity for executive audiences.

Highly organised, documentation-focused, and detail-oriented.

Certifications:

CISM (essential), CRISC, ISO 27001 Lead Implementer/Auditor, CISSP or CGEIT (advantageous), DORA/NIST CSF training desirable.

Join a forward-thinking organisation on a global transformation journey - shaping the next generation of cyber resilience and governance.