1 to 25 of 166 Permanent GRC Jobs in the UK

Head of Technology Governance, Risk, and Compliance (GRC) Because your new ideas are our way new ways of working. Evolve, your way. The Head of Technology Governance, Risk, and Compliance (GRC) is a key leadership role within the Primark Tech, reporting to the Chief Technology Security & Risk Officer (CTSRO). The role is responsible for ensuring effective governance, compliance, managing … Primark is all about tailoring to you, we offer Tax Saver Tickets, fitness centre, and a subsidised cafeteria. What You'll Do as a Head of Technology Governance, Risk, and Compliance (GRC) We want you to feel challenged and inspired. Here, you'll develop your skills across a range of responsibilities: Provide general leadership, oversight, and development of technology governance … levels of the organization and influence decision making process. Proven record of accomplishment in driving change using positive influencing skills to modify opinions, plans and behaviours to adopt risk management and compliance practices. Strong project management skills to oversee the implementation of risk management initiatives and compliance programs. Ability to provide guidance and training to employees on technology risk and More ❯

Head of Cybersecurity Governance Risk and Compliance Location: Mainly remote based working in the UK with travel to Oxford, Cowley (OX4 2GQ) occasionally Contract: Permanent Hours: Full time Salary: £70,000 per annum, plus car/car allowance Benefits: 33 days holiday, pension, life assurance, employee assistance programme, wellbeing support, and flexible benefits scheme About the Job As our Head … of Cybersecurity Governance Risk and Compliance youll work closely with business and technology teams, helping to articulate and communicate the InfoSec governance program, identify risks and evaluate and help implement controls and improvements. As part of your key responsibilities youll: Manage the day to day of the function and team Support the management of Information Security governance for the organisation … following skills and experience, but please apply if you think youd be able to perform well in this role! Excellent written and verbal communication skills Previous experience within a GRC function, IT Security/Cyber team, Internal Audit or an IT environment Hands on practical experience of ensuring full compliance with legal & regulatory frameworks including ISO 27001 Risk management Strong More ❯

Business Analyst Lead -GRC Location: Manchester, Birmingham and London Job Type: Contract Job Summary: The GRC Lead & Business Analyst is responsible for managing the organization's Governance, Risk, and Compliance (GRC) framework while also performing business analysis to enhance risk management, regulatory compliance, and operational efficiency. This role involves assessing risks, ensuring compliance, conducting audits, analyzing business processes, and driving … GRC-related projects. The GRC Lead Cum BA will work closely with IT, legal, finance, and business units to enforce policies, ensure compliance, and implement best practices for governance, risk, and assurance. Key Responsibilities: 1. Governance, Risk & Compliance (GRC) Management Develop, implement, and maintain GRC policies, frameworks, and procedures aligned with industry standards and regulatory requirements (ISO 27001, NIST, SOC … place. Maintain a risk register and track risk management initiatives. Lead third-party/vendor risk assessments requirement gathering, ensuring supplier security and compliance. Collaborate with leadership to align GRC practices with business objectives. 2. Compliance & Assurance Ensure the organization meets regulatory requirements and industry best practices. Manage compliance audits (ISO 27001, SOC 2, PCI DSS, GDPR, HIPAA) and coordinate More ❯

GRC Analyst Title: Governance, Risk & Compliance (GRC) Analyst Department: Procode IT Location: Chandlers Ford Salary: Circa £ 41,504 + Discretionary bonus scheme. Do you have commercial experience as a Governance, Risk & Compliance Analyst ? Do you have hands-on experience with ISO 27001 and being involved with audits? If so, this could be the role for you! About us We are … curious about what the future in tech holds? Do you have the drive to want to deliver great solutions for customers? Then we have an exciting opportunity as a GRC Analyst , where w e aim to provide you with a uniquely inclusive and diverse workplace, which showcases the extraordinary in all of us, by enabling you to be the best More ❯

Governance, Risk & Compliance (GRC) Lead Location: Fully Remote - UK Wide Department: Technology - IT Security and Service Management Contract Type: Permanent Salary: £55,000 - £65,000 About the Role We are seeking a highly experienced and motivated GRC Lead to join our Cyber Security team. This role is critical in shaping and delivering our information assurance strategy, ensuring that cyber security … such as DSPT , CAF , and DORA . You will also play a key role in stakeholder engagement, presenting confidently to senior leadership and translating complex technical requirements into actionable governance strategies. With a significant project pipeline launching in 2026, this is a unique opportunity to influence the future of cyber security governance in a regulated environment. Key Responsibilities Own and … leadership teams. Ensure timely and accurate submission of compliance documentation, including NHS audits and DSPT submissions. Skills & Experience Minimum 5 years' experience in information security , with a focus on governance, risk, and compliance. Proven ability to lead teams and manage complex programmes in regulated environments. Strong understanding of cyber security frameworks and regulations (DSPT, ISO 27001, CAF, GDPR, DORA). More ❯

will be influenced by your own breadth of experience and can encompass a wide spectrum of tasks, from crafting robust security architectures to offering guidance on GRC (governance, risk management, and compliance) activities. Your responsibilities may also involve: Offering your security expertise in support of significant system procurements and Agile programs, ensuring the secure delivery of solutions. Identifying, analysing, and More ❯

Governance, Risk and Compliance (GRC) Officer The Opportunity: Are you a specialist in corporate governance, risk and compliance? Are you a GRC Officer or Manager looking for an interesting role with huge future potential within the beautiful county of Somerset? If so, then please do read on, please do send us an enquiry so that we can talk to you … sense of responsibility and a desire to drive efficiency and compliance. Job Responsibilities: The primary function of this role is to support the Managing Director in all administrative and governance-related matters, ensuring smooth operations across various corporate functions. This role is responsible for a broad range of administrative, legal, and governance tasks, as well as contributing to strategic projects … years all within a busy engineering environment. Assist in the preparation and submission of confirmation statements and other statutory filings, including those to Companies House. Ensure compliance with corporate governance requirements and best practices. Assist with legal documentation, including reviewing and maintaining contracts and corporate policies. Project-Based Responsibilities may include: GDPR Implementation, Business Continuity Planning, IT Policy Development, Corporate More ❯

environments. Relevant certifications such as CISSP, CISM, CISA, M.Inst.ISP, or a postgraduate qualification (e.g. MSc in Cyber Security). Practical knowledge in domains like threat management, vulnerability management, cyber GRC, cyber architecture, and cyber assurance. Detail-oriented with strong analytical and problem-solving capabilities. Excellent written and verbal communication skills, including stakeholder reporting and presentation development. Consulting & Delivery Skills: Project More ❯

you possess the following?: Proven related experience in cybersecurity risk management in organizations of a similar scale. Experience in the identification and evaluation of risk, as well as using GRC tools and guidance developed for Risk mitigation. Practical knowledge of information security standards and risk assessment frameworks such as ISO 27001, SOC 2, NIST 800-32 Strong knowledge of cyber More ❯

you possess the following?: Proven related experience in cybersecurity risk management in organizations of a similar scale. Experience in the identification and evaluation of risk, as well as using GRC tools and guidance developed for Risk mitigation. Practical knowledge of information security standards and risk assessment frameworks such as ISO 27001, SOC 2, NIST 800-32 Strong knowledge of cyber More ❯

you possess the following?: Proven related experience in cybersecurity risk management in organizations of a similar scale. Experience in the identification and evaluation of risk, as well as using GRC tools and guidance developed for Risk mitigation. Practical knowledge of information security standards and risk assessment frameworks such as ISO 27001, SOC 2, NIST 800-32 Strong knowledge of cyber More ❯

you possess the following?: Proven related experience in cybersecurity risk management in organizations of a similar scale. Experience in the identification and evaluation of risk, as well as using GRC tools and guidance developed for Risk mitigation. Practical knowledge of information security standards and risk assessment frameworks such as ISO 27001, SOC 2, NIST 800-32 Strong knowledge of cyber More ❯

following fields of expertise: 7+ years' varied experience in information security, data protection, and security architecture roles, with a focus on cloud security, and compliance. Strong understanding of security governance, risk, and compliance frameworks such as ISO 27001, NIST 800-53/CSF, NIS/NIS2, DORA, UK CNI/OT/IIOT compliance. Hands-on experience building credibility with More ❯

risk assessments. Excellent analytical, organisational, and problem-solving skills. Strong written and verbal communication skills, with experience presenting to senior leaders. Proficiency in Risk management platforms (e.g., Archer, ServiceNow GRC). Professional certifications such as CTPRP, CISM, CISSP, or CRISC are highly desirable. What do we offer in return? A career that you define. Yes, we offer all the usual More ❯

of the Information Security Graduate: Assist with incidents and requests that are assigned to Information Security within ServiceNow. Learning how to conduct Information Security risk assessments within the Surecloud GRC tool. Assist in managing the requirements for the firm to comply with ISO/IEC 27001 Policies and Standards and Cyber Essentials Plus. Assisting with conducting information security audits internally More ❯

At ServQual - Security, we’re shaping the future of secure digital landscapes. Specializing in Cyber Security, Gen AI Security, Cloud Security, and Blockchain Security, we also lead in IT Governance, Risk Management, Compliance, and Security Architecture. Our mission: to ensure every system is secure by design and privacy by design . What You’ll Do As a Security Success Manager More ❯

At ServQual - Security, we’re shaping the future of secure digital landscapes. Specializing in Cyber Security, Gen AI Security, Cloud Security, and Blockchain Security, we also lead in IT Governance, Risk Management, Compliance, and Security Architecture. Our mission: to ensure every system is secure by design and privacy by design . What You’ll Do As a Security Success Manager More ❯

to continuously improve capability, enhance & integrate service offerings, and build the Professional Services team Skills/Must have: 5 years in a client-facing information/cyber security/GRC role Professional certifications including but not limited to CISSP, CCSP, CISM, CRISC, CISA, CDPSE. Experience in auditing and implementing security standards such as ISO 27001/2, NIST CSF, and More ❯

and data privacy frameworks like NIST Cybersecurity Framework (CSF), GDPR, CIS or similar. Experience of certification body audits. Should have good experience and knowledge of Cyber/Information Security Governance, Risk Management, and Compliance. ISO Consultant – SC Cleared - £50,000 to £60,000 per year – Remote with limited travel to Midlands area More ❯

CEH, GIAC Desirable to understand risk driven architecture such as Sherwood/SABSA/SANS Highly desirable to have exposure to DevSecOps functions. For clarification: This role is NOT GRC, neither is it a SOC role, rather it is more suited to a Security Engineer who has progress to a broader role engaging on multiple concurrent projects, influencing initial idealisation More ❯

CEH, GIAC Desirable to understand risk driven architecture such as Sherwood/SABSA/SANS Highly desirable to have exposure to DevSecOps functions. For clarification: This role is NOT GRC, neither is it a SOC role, rather it is more suited to a Security Engineer who has progress to a broader role engaging on multiple concurrent projects, influencing initial idealisation More ❯

Are you looking for an exciting new opportunity? Join a London based, product-agnostic consultancy specialising in information security governance, risk, and compliance management for clients across Europe. With a deep-rooted passion for cyber risk, the team excels at developing measurable controls that align with an organisation's risk appetite, capacity, and tolerance for breaches. Known for crafting innovative More ❯

to join our dynamic international team. As a Senior Security Consultant, you will play a crucial role in advising our clients at C-level on security strategy, governance, risk management, and compliance to enhance their cybersecurity maturity. You will work closely with clients to identify risks, conduct workshops, implement effective strategies, and ensure compliance with industry regulations and best practices. More ❯

and Head of Function. Engage regularly with IT, Security, and Business stakeholders to align risk reporting with organizational objectives. What We’re Looking For: RSA Archer expertise or other GRC tooling Proven experience with NIST or other regulatory-aligned frameworks. Deep understanding of Cyber Risk Management principles. Exceptionally organized, with strong attention to detail and ability to manage multiple priorities. More ❯

and Head of Function. Engage regularly with IT, Security, and Business stakeholders to align risk reporting with organizational objectives. What We’re Looking For: RSA Archer expertise or other GRC tooling Proven experience with NIST or other regulatory-aligned frameworks. Deep understanding of Cyber Risk Management principles. Exceptionally organized, with strong attention to detail and ability to manage multiple priorities. More ❯