Security Compliance & GRC Specialist

Job Title: Security Compliance & GRC Specialist

Up to £70,000 per annum

Remote, with occassional office presence in London

About the Role

We are seeking an experienced and proactive Security Compliance & GRC Specialist to lead and strengthen our information security, governance, risk, and compliance initiatives across the organisation.

This role will be instrumental in maintaining and maturing our Information Security Management System (ISMS), supporting successful audits and certifications, and embedding a strong culture of security compliance across the business.

The successful candidate will work closely with the SVP of Compliance, Security, IT, Product Development, and wider business stakeholders to ensure compliance requirements are met while enabling business growth and operational efficiency.

Security Compliance & GRC Specialist

Key Responsibilities

• Support and maintain all ISMS policies in partnership with the SVP of Compliance.
• Ensure effective implementation of ISMS policies, standards, and related security controls across the organisation.
• Regularly assess ISMS controls to ensure ongoing compliance, identify improvement opportunities, and drive continuous enhancement initiatives.
• Mature and develop compliance testing frameworks and operational risk assessment processes.
• Collect, analyse, and mitigate operational security and compliance risks/exposures.
• Lead the organisation through internal and external audits, ensuring continued certification and audit success.
• Manage audit findings through to remediation and closure to support future audit and recertification activities.
• Maintain compliance knowledge bases and provide on-demand guidance and expertise to teams across the business.
• Remove complexity and operational barriers that impact security, product development, and business controls.
• Balance business enablement with compliance and security requirements in a practical and risk-based manner.
• Mentor Security, IT teams, and control owners in aligning controls with business processes, risk management, and continuous improvement initiatives.
• Monitor and advise on emerging regulatory and compliance requirements.

Security Compliance & GRC Specialist

About the Role

We are seeking an experienced and proactive Security Compliance & GRC Specialist to lead and mature our information security compliance programme. This role will be responsible for maintaining and enhancing our ISMS framework, supporting audits and certifications, driving continuous improvement across security and compliance controls, and embedding a strong culture of security awareness throughout the organisation.

Working closely with the Heads of Functions of Compliance, IT, Security, Product and other business stakeholders, you will act as a trusted advisor and subject matter expert on governance, risk and compliance activities across the business.

Key Responsibilities

• Support and maintain all ISMS policies and frameworks in partnership with the SVP of Compliance.
• Ensure the effective implementation and ongoing management of ISMS policies, standards and related compliance initiatives.
• Regularly assess compliance controls to ensure ongoing adherence, operational effectiveness and continuous improvement.
• Drive the development and maturation of compliance testing frameworks.
• Identify, analyse and mitigate operational and compliance risks across the organisation.
• Lead and coordinate successful internal and external audits, ensuring all audit findings are effectively managed through to closure.
• Maintain compliance knowledge bases and provide on-demand guidance and support to teams across the business.
• Remove complexity and barriers that hinder effective security, product development and operational controls.
• Partner with stakeholders to balance business enablement with strong compliance and security posture.
• Support Security, IT and control owners in aligning risks, controls and business processes.
• Monitor and advise on emerging regulatory and compliance requirements.
• Champion and embed a strong culture of security compliance and continuous improvement.
• Develop, implement and maintain security policies, standards and awareness materials.
• Deliver internal security and compliance training programmes.
• Collaborate with IT and technical teams to ensure security best practices are Embedded within systems, applications and infrastructure.
• Manage GRC tooling, reporting and compliance metrics.
• Support customer, client and sales-related security and compliance activities as required.

Skills & Experience

Essential

• Proven experience in Information Security, Governance, Risk & Compliance (GRC), or related roles.
• Strong understanding of ISMS frameworks and standards such as ISO 27001, SOC 2, GDPR and related security controls.
• Experience managing audits, certifications and remediation programmes.
• Knowledge of risk management methodologies and compliance assessment processes.
• Familiarity with security policies, standards and awareness programmes.
• Strong stakeholder management and communication skills.
• Ability to simplify complex compliance and security concepts for technical and non-technical audiences.
• Experience working cross-functionally with Security, IT, Engineering, Product and business teams.
• Strong analytical, organisational and problem-solving capabilities.

Desirable

• Experience with GRC platforms and compliance tooling.
• Relevant certifications such as CISSP, CISM, CRISC, ISO 27001 Lead Auditor or Lead Implementer.
• Experience in fast-paced or high-growth environments.
• Knowledge of additional regulatory frameworks and customer security requirements.

Personal Attributes

• Collaborative and approachable
• Proactive and solutions-focused
• Strong attention to detail
• Commercially minded with a pragmatic approach to compliance
• Passionate about security, governance and continuous improvement
• Comfortable influencing at all levels of the organisation

We invite individuals from underrepresented groups to apply for any of our roles and are committed to supporting accessibility needs.