Governance, Risk & Compliance Manager

Step into a pivotal role at the forefront of cyber security, driving impact for our client base!

We’re looking for an experienced Governance, Risk & Compliance Manager to join our dynamic team. This is your opportunity to take a leading role in shaping and delivering robust security strategies that protect our clients and strengthen their resilience against evolving cyber threats.

As our new GRC Manager, you will be the driving force behind the implementation of our Information Security Management System (ISMS) for assigned clients. Your expertise will help organisations understand their security challenges and enable them to enhance their security posture. You’ll lead from the front, fostering a culture of compliance and risk awareness across Sopra Steria, while delivering tangible value to our clients. This is a chance to make a real impact at the forefront of cyber security.

This is an office-based role, requiring 4–5 days per week at our Hemel Hempstead site.

We can offer great career progression opportunities, ability to be based anywhere across the UK, benefits which you can flex to meet your needs and training and development opportunities.

What you'll be doing:

• Implement ISMS strategy, policies and practices for assigned clients.
• Deliver services aligned with ISO27001 standards
• Provide regular reporting on ISMS effectiveness and operational performance.
• Manage security operations in line with organisational policy, standards and industry best practice.
• Conduct security risk and threat assessments (operational and system).
• Engage with internal stakeholders and third-party providers on security, risk and privacy matters.
• Respond to security incidents promptly, ensuring early identification and resolution.
• Oversee threat detection, vulnerability management and remediation activities.
• Represent security considerations in IT and process change assessments.
• Maintain ISMS, Operational Security and Risk Assurance documentation.
• Lead monthly client Security Working Group meetings and stakeholder sessions.
• Ensure audit readiness and support internal/external audits.
• Drive continuous improvement initiatives within Sopra Steria’s security function.

What you’ll bring:

• GRC/Operational Security Manager experience with solid understanding and experience with security policies and standards
• Technical proficiency and knowledge across the spectrum of information security solutions and operations
• Knowledge of IT security solutions and their integration and operation into business systems and processes
• Experience of security maturity and developing roadmaps aligned to the priorities of clients
• Experience of ISO/IEC 27001 Compliance and Certification

It would be great if you had:

• CISSP, CISA or CISM certified or equivalent degree in Information Security
• Experience of; MoD, Police or Public Sector experience would be an advantage

If you are interested in this role but not sure if your skills and experience are exactly what we’re looking for, please do apply, we’d love to hear from you!

Employment Type: Full-time, Permanent

Location: Hemel Hempstead

Security Clearance Level: DV

Internal Recruiter: Carolyne

Salary: Up to £75,000

Benefits: £5,400 car allowance, 25 days annual leave with the option to buy additional days, private medical, life assurance, pension, and generous flexible benefits fund

Although this role is advertised as full-time, we believe that flexibility at work can promote work/life balance, increase your motivation, reduce stress and improves performance and productivity. We support different ways of working and can offer a range of flexible working arrangements. So, if you’re interested and need to work flexibly, we encourage you to apply and talk to us about what might be possible.

Loved reading about this job and want to know more about us?

Steria’s Aerospace, Defence and Security business designs, develops and deploys digital solutions to Central Government clients. The work we do makes a real difference to the client’s goal of National Security, and we operate in a unique and privileged environment. We are given time for professional development activities, and we coach and mentor our colleagues, sharing knowledge and learning from each other. We foster a culture in which employees feel valued and supported and have pride in their work for the customer, delivering outstanding rates of customer satisfaction in the UK’s most complex safety- and security-critical markets.

We embrace difference as a source of creativity, innovation and competitive advantage and are striving to become a more diverse organisation. We welcome applications from people with a diverse variety of backgrounds and identities. We are committed to equality of opportunity for all and do not discriminate on the basis of race, religion, colour, gender, age, disability, sexual orientation or marital status. We have partnered with Vercida, the UK's largest diversity and inclusion focused careers site, where all our vacancies are available in an accessible format.

If you require any adjustments to the recruitment process, to enable you to perform to the best of your ability, please let us know when completing your application. We participate in the Disability Confident scheme and are committed to offering an interview to any candidate with a disability, who meets the minimum criteria for the role. If you believe this could apply to you, please let us know when completing your application.