GRC Specialist - Solihull

I am currently looking for a GRC Specalist to lead and strengthen my client's information security and data protection capabilities.

You'll own the operation and continuous improvement of their Information Security, ensuring compliance with ISO 27001 & GDPR. This is a senior, hands-on role where you'll work closely with business and IT teams to embed secure, compliant ways of working across the organisation.

Responsibilities / Duties
- Own and evolve information security and data protection policies, standards, and procedures.
- Design and support governance processes to ensure consistent security and compliance.
- Lead and support information security and data protection risk management.
- Lead or support internal and external audits (ISO 27001 / GDPR), including remediation planning and tracking.
- Maintain clear, audit-ready compliance evidence and reporting.
- Act as a senior subject matter expert for information security, governance, and data protection.
- Work collaboratively with business, IT, and functional teams to balance security requirements with operational needs.
- Promote security and data protection awareness through training and engagement.
- Provide constructive challenge where security or compliance risks are unacceptable.
- Support incident governance and GDPR breach response processes.
- Assess supplier and third-party security and data protection risks.

Ideal Background
- Strong experience in information security, governance, risk, and data protection.
- Proven experience in IT or technology-driven environments.
- Solid understanding of ISO 27001 and GDPR.
- Confident working independently and influencing at senior levels.
- Excellent stakeholder management and communication skills.
- Ability to translate business needs into practical, secure solutions.

Side notes
- This will ideally be 5 days a week in their Solihull office but could flex to hybrid
- A manufacturing background would be preferential but not essential