15 of 15 GRC Jobs in the City of London

and Head of Function. Engage regularly with IT, Security, and Business stakeholders to align risk reporting with organizational objectives. What We’re Looking For: RSA Archer expertise or other GRC tooling Proven experience with NIST or other regulatory-aligned frameworks. Deep understanding of Cyber Risk Management principles. Exceptionally organized, with strong attention to detail and ability to manage multiple priorities. More ❯

globally. What You’ll Do Advise executive stakeholders on defining and executing risk-based cyber security strategies. Design and deliver cyber transformation programmes that align with business goals. Define governance frameworks, target operating models, and maturity roadmaps. Support clients in achieving regulatory compliance (e.g., NIS2, GDPR, ISO27001). Lead or support project delivery across multiple sectors and stakeholder levels. What … and team management (Agile or Waterfall). Analytical and lateral problem-solving mindset. Bonus if you have: Security clearance or the ability to obtain it. Hands-on experience across GRC, cyber threat management, or vulnerability management. If you’re ready to work on some of the most pressing and complex cyber challenges facing organisations today and want to do it More ❯

resilience and enable growth. What You’ll Do Advise executives on actionable cyber strategies to support digital transformation Shape and deliver cyber transformation programmes aligned with organisational objectives Design governance and operational models to enhance cyber maturity and regulatory readiness Assess and define risk-based roadmaps that embed cyber security into business operations Work across a range of industries and … of relevant standards: NIST CSF, ISO27001, NCSC CAF, GDPR, NIS2, etc. Certifications such as CISSP, CISM, CISA, M.Inst.ISP, or MSc in Cyber Security Hands-on experience in areas like GRC, cyber threat management, vulnerability management Strong communication skills – written and verbal – with the ability to present to both technical and business stakeholders Consulting: Proven project delivery using Agile and Waterfall More ❯

of defense. Contribute to the evolution of the Technology and Cyber Risk and Control Framework through data-driven insights. Ensure alignment of analytics activities with regulatory expectations and internal governance standards. Drive continuous improvement in risk data quality, reporting processes, and analytics capabilities. The Requirements: Skills: Strong knowledge of risk management frameworks (e.g., NIST, ISO 27001, COBIT) and control environments. … general controls, cyber security principles, and technology risk domains. Proven experience in risk analytics, data visualization, and reporting (e.g., using Power BI, Tableau, or similar tools). Familiarity with GRC platforms and risk data management practices. Experience in a risk management, IT audit, or cyber security role within a financial services or regulated environment. Ability to interpret complex technical data More ❯

Information Security GRC Manager | ISO27001, SOC2, Azure Security | Global Trading Platform £70–80k base + 10% bonus Hybrid in London Training budget for certifications + conference attendance Strong emphasis on professional autonomy and ethical leadership A newly created opportunity to lead and shape the GRC function of a global financial group at a pivotal time, supporting the secure rollout of … required: CISSP, CISM, CRISC, or equivalent Strong knowledge of ISO27001:2022, SOC2 Type II, NIST CSF, PCI DSS, GDPR, DORA Confident with security risk assessments, audit responses, and policy governance Hands-on cloud security experience: ideally with Azure and the Shared Responsibility Model Comfort with complexity: able to analyze architecture, track metrics, and translate acronyms into actionable plans Mentorship ability … ready to step up, guide analysts, and model high-integrity InfoSec practice What you’ll be doing: GRC ownership: maintain ISO27001 and SOC2 certifications, policies, and the Information Security Management System Third-party risk management: oversee supplier assessments, support junior analysts, and guide reviews via Panorays Security awareness & training: manage phishing simulations and content using Proofpoint Security architecture reviews: support More ❯

and internal policies across multiple jurisdictions. You will implement compliance programs, monitor adherence, provide risk-based legal advice, and help shape a compliance-focused culture. Key Accountabilities: Compliance and Governance Ensure the organisation adheres to corporate governance standards, codes of conduct and relevant laws across all jurisdictions. Monitor regulatory developments and interpret their relevance and impact on the business, providing … not limited to anti-bribery and corruption, competition, whistleblowing, data protection and ethical conduct. Monitor adherence and manage internal reporting mechanisms by liaising with internal Global Risk and Compliance (GRC) function. Global Regulatory Compliance Ensure compliance with international legal and regulatory frameworks (e.g. GDPR, FCPA, local employment laws). Liaise with external counsel where jurisdiction-specific advice is needed with More ❯

Job Title: Security Governance Lead – NIST & Archer Expertise Location: London About the Role: Albany Beck is seeking a highly skilled Security Governance Lead to support a key financial services client in advancing its information security governance capabilities. This role requires deep expertise in NIST frameworks and Archer GRC, as well as strong leadership in centralising security policy management, controls, and … compliance operations. Key Responsibilities: Collaborate with the Executive Director of Security Governance to maintain and evolve the client’s information security policies, standards, and procedures in alignment with the organization’s master policy. Lead the centralisation, documentation, and continuous improvement of a unified controls inventory, including clear assignment of control ownership and alignment of roles and responsibilities. Maintain the service … on agreed security metrics, such as training completion rates and awareness initiatives. Coordinate the collection of evidence to support internal and external regulatory attestations and compliance reviews. Drive continuous governance improvements through structured policy lifecycle management and stakeholder engagement. Required Experience and Skills: Proven experience in a security governance or risk management leadership role within the financial services or consulting More ❯

Cyber Strategy Manager to lead the design and execution of cyber programmes for complex, large-scale clients. You’ll work directly with C-level stakeholders, shaping cyber operating models, governance structures, and transformation initiatives. Key Responsibilities Own end-to-end delivery of cyber strategy and transformation engagements Define and execute security roadmaps, operating models, and risk frameworks Lead teams delivering … GRC, cyber maturity, and compliance workstreams Communicate with client execs (CISO, CTO, Audit) and manage internal delivery teams Contribute to business development, team mentorship, and capability growth What We’re Looking For 5+ years in cybersecurity or cyber advisory Experience leading cyber transformation in a consulting or enterprise environment Deep understanding of frameworks: NIST, ISO27001, GDPR, NIS2, CAF Track record More ❯

13+ billion. Skills and Qualifications: Extensive ServiceNow IRM experience: Proven experience in designing and implementing ServiceNow IRM solutions, including a strong understanding of the platform's capabilities and functionalities. GRC knowledge: Deep understanding of Governance, Risk, and Compliance (GRC) principles and best practices. Technical skills: Proficiency in ServiceNow platform development, including scripting, workflows, and integrations. Communication and interpersonal skills: Excellent … communication, presentation, and stakeholder management skills. Solution architecture experience: Experience in designing and implementing complex solutions, including defining architecture roadmaps. Certifications: ServiceNow certifications like CIS-GRC or CIS-VRM are often preferred. More ❯

impact. Create a phased ESG framework that aligns with Helix’s core services, operational structure, and risk profile. Identify KPIs and reporting obligations across environmental performance, social value, and governance maturity. Partner with procurement, IT, HR, and client delivery functions to embed sustainable practices in operations and supply chain. Coordinate with senior leadership and external advisors to establish board-level … impact. Create a phased ESG framework that aligns with Helix’s core services, operational structure, and risk profile. Identify KPIs and reporting obligations across environmental performance, social value, and governance maturity. Partner with procurement, IT, HR, and client delivery functions to embed sustainable practices in operations and supply chain. Coordinate with senior leadership and external advisors to establish board-level … and stakeholder engagement skills. Highly organised with attention to detail. Desirable Certified Internal or Lead Auditor in ISO27001, 9001, 14001, or 45001. NEBOSH or IEMA qualifications. Experience in SaaS, GRC, property compliance, or similarly regulated sectors. Familiarity with compliance platforms (e.g. ISMS.online, Q-Pulse, etc.) Soft Skills Strong communication and problem-solving ability: a proactive, solution-focused approach to diagnosing More ❯

on retail and dining, to health and wellbeing, travel, and technology...and plenty more The Role We are currently recruiting for a Manager to join our existing Data and Information Governance Team. Reporting into the Senior Manager, Information Governance and Deputy Data Protection Officer supporting the further developing of the, dedicated first line capability for information risk, control frameworks and testing … a control framework across a complex infrastructure of product lines, control functions and subsidiaries, enabling effective oversight of information risk. You will develop elements of and implement an Information Governance Framework whilst developing and monitoring various risk controls within the RCSA framework in both Operations and as SME across the business. You will work directly with local 1LoD defence risk … in-depth knowledge and practical experience in the following: - Data Protection - Information Rights - Records Management - Information Risk You will be able to demonstrate evidence of delivering change in Information Governance to create a transparent, but 'privacy aware' compliance culture with proven experience in an operational risk management role in the public or private sector, preferably in financial services. You will More ❯

from security gap assessments to crisis simulations, risk frameworks, and technical reviews. Support the development and delivery of both technical (e.g. M365/cloud config reviews, vulnerability assessments) and GRC engagements. Help shape and evolve our cyber propositions , working closely with delivery leads across managed services, threat intel, and MDR. Scope and define client engagements with a clear focus on … deep domain knowledge, consulting experience, and the leadership skills to inspire others. You should have: A track record of consulting and delivering a wide range of cyber engagements — both GRC and technical. Strong understanding of frameworks like NIST, ISO 27001, CIS, and a pragmatic view on applying them. Familiarity with technical tooling for assessments, vulnerability analysis, and cloud reviews (you More ❯

research reports. Understanding of priorities of the chief risk officer including enterprise risk management, integrated risk management, third-party risk management, ESG risk and reputational risk. Deep understanding of Governance, Risk, and Compliance (GRC) software and other risk focused technologies. Additional benefits we offer... Competitive salary (with annual review) Performance-driven quarterly bonus scheme Pension with enhanced employer contribution Generous More ❯

at KPMG; a diverse business requires diverse personalities, characters, and perspectives. There really is a place for you here. Why Join KPMG as a Manager - IGH GRCS? KPMG's Governance, Risk and Compliance Services (GRCS) practice within IGH is an area of the firm with tremendous growth potential. GRCS is an integral part of our Enterprise Risk advisory practice. We … provide services relating to internal audit, internal control, corporate governance, risk management and related assurance projects. Clients are based in the public sector and our services deliver added value to clients using modern control assessment, risk management and audit techniques focusing on strategic, management and operational issues as well as financial management and reporting controls. We also work closely with … and co-sourced contractual basis • Managing and directly delivering individual and/or a programme of internal audit projects which includes planning, review, quality assurance and reporting • Risk management, governance and internal audit advisory services • Risk identification workshops and control reviews • Delivering control and risk training • Managing and reviewing internal control questionnaires • Compliance internal audits • Working with members of other More ❯

with support and guidance to enable successful delivery. You will work with colleagues in Home Office Commercial when contracts need organising and negotiating. You may be required to facilitate governance meetings and mechanisms and/or select the right people to join these discussions. In addition to this, you will be expected to mentor, coach or line manage less senior … and improve team delivery performance Applying appropriate techniques taken from different methodologies to effectively deliver successfully within a given context Managing budgets and commercial supplier relationships Understanding what good governance looks like and how to implement improvements Acting as the Delivery Manager for one or more delivery teams through a complete delivery lifecycle (prepare, deliver, improve) Governance, risk and compliance More ❯