Governance, Risk & Compliance (GRC) Lead

Governance, Risk & Compliance (GRC) Lead

Newcastle upon Tyne - onsite

Salary: £75,000 plus bonus

The Opportunity

National enterprise scale business is seeking a highly capable Governance, Risk & Compliance (GRC) Lead to drive the evolution of their security and risk landscape during a period of significant transformation and investment. This is a rare chance to step into a senior, influential position—shaping the GRC strategy, building capability, and ensuring regulatory excellence across a complex and high‐profile environment.

The Role

Working as the Right-hand to the Head of Information Security, you will:

Leadership & Ownership

  • Lead the entire GRC portfolio and shape a function that is still maturing.
  • Manage a small but growing team, across multiple sites

Governance & ISMS

  • Own the ISMS and drive the organisation’s journey to ISO 27001 certification.
  • Ensure ongoing Cyber Essentials and Cyber Essentials Plus compliance across the business.
  • Develop, maintain and embed policies, processes and governance structures.

Risk Management

  • Stand up and mature the IT risk management framework across the business.
  • Produce risk registers, KRIs, governance packs and executive‐ready reporting.
  • Oversee and enhance third‐party risk assurance.

Regulatory & Framework Compliance

  • Support delivery of obligations under the Security & Resilience Bill and CAF.
  • Provide guidance on NIS2 for international operations.
  • Anticipate evolving regulatory requirements and prepare the organisation accordingly.

Incident Response Governance

  • Lead scenario planning, readiness and policy work on the GRC side of incident response.
  • Work closely with the Security Operations Lead, who owns technical response.

The Person

With a strong background in GRC and ideally possessing an information security certification such as CISSP, CISM or CRISC, you will have:

  • The ability to interpret and challenge technical controls
  • Experience managing or maturing an ISMS and delivering ISO 27001 compliance.
  • Solid IT risk management experience.
  • Strong communication skills with senior stakeholders, including exec-level reporting.

Most importantly you will be:

  • Practical, hands-on, comfortable shaping a function that is still developing.
  • Able to influence, challenge and communicate with technical stakeholders.
  • Detailed in documentation, audit readiness and governance reporting.

Exposure to public-sector aligned frameworks (CAF, NIS/NIS2), will be beneficial, though not essential.

Apply Now
Apply Now

Job Details

Company
Nigel Wright Recruitment
Location
Newcastle Upon Tyne, England, United Kingdom
Posted