51 to 75 of 766 GRC Jobs in England

impact in Cyber Security, this role is for you! Responsibilities: Ensure protection of information assets and technologies Participate in security audits like ISO27001, ISO27701, ISO20000, NIST-CSF, and IASME Governance Conduct and document internal audits for our clients Deliver security awareness training, including public speaking engagements Manage Third-Party Risk Management (TPRM) including vendor security reviews Assist the Sales Team … with scoping engagements and delivering valuable services to clients Skills/Must have: Extensive experience in Information Security Governance, Risk, and Compliance (GRC) Experience contributing to an Information Security Management System (ISMS) certified to ISO27001 standards Knowledge of the Cyber Essentials Plus Scheme, GDPR, and Data Protection Act (2018) Strong communication skills and the ability to build relationships with internal More ❯

are driving responsible innovation and increase market accessibility for global SMEs. We do so across our 4 key businesses: Alipay+, Antom, WorldFirst and ANEXT Bank. Role Overview: As a GRC Lead, you will ensure alignment with European regulations (e.g., GDPR, DORA, PSD2 SCA, CSSF) and global standards (PCI DSS, SWIFT CSP). This role requires technical knowledge, strategic thinking, and … expertise in managing third-party risk, outsourcing compliance, and identity governance to safeguard operational resilience. What you will be doing: Regulatory & Technical Compliance: Support compliance with GDPR and complementary regulations like DORA (Digital Operational Resilience Act), ensuring alignment in areas such as incident reporting and data protection. Translate requirements from PSD2 SCA, PCI DSS, and SWIFT CSP into technical security … controls. Maintain IT security governance frameworks (ISO 27001, NIST CSF, CIS Controls). Manage and maintain Security Policies and procedures Third-Party Risk & Outsourcing Management: Design and implement third-party risk management programs to assess vendors, cloud providers, and outsourced services. Ensure compliance with DORA’s outsourcing requirements, including due diligence, contract oversight, and continuity planning. Audit & Assurance: Participate in More ❯

of experience in cybersecurity, specializing in cyber assurance, third-party risk management, and regulatory compliance audits. Proven track record of leading cyber assurance engagements and guiding clients through risk management and compliance processes based on industry frameworks (e.g., NIST, ISO 27001). Expertise in managing third-party audits and ensuring regulatory compliance across audit lifecycles. In-depth understanding of regulatory … Science, Engineering, or a related field. Relevant certifications such as CREST, OSCP, CISSP, CISM, CISA, ISO 27001 Lead Auditor, SANS, or other recognized credentials in cybersecurity, third-party risk management, and compliance auditing. Skills: Strong commercial acumen, with proven ability to generate new business in cyber assurance and regulatory compliance services. Exceptional communication, presentation, and analytical skills with the ability … Head of Credit Risk Management Services London, England, United Kingdom 1 day ago Director of Risk & Compliance (law firm) London, England, United Kingdom 2 months ago Head of Cyber Governance, Risk and Complience London, England, United Kingdom 4 days ago London, England, United Kingdom 3 weeks ago Head of Governance, Risk and Compliance - Info Sec - 12 Month FTC Director Financial More ❯

recognised security frameworks such as, NIST CSF, ISO27001 etc. Hands-on experience managing and maintaining cybersecurity compliance with regulatory frameworks such as FCA, PRA, NYDFS etc. Experience developing a governance framework by maintaining policy and procedure. Ability to achieve against agreed deadlines. Ability to work both independently and collaboratively. Strong interpersonal and communication skills (written and verbal), with the ability … in London Area, United Kingdom . Greater London, England, United Kingdom 3 days ago London, England, United Kingdom 3 days ago Contract Conflict and Compliance Analyst Senior Director of Governance, Risk, Compliance & Privacy London, England, United Kingdom 5 days ago City Of London, England, United Kingdom 2 weeks ago London, England, United Kingdom 2 months ago London, England, United Kingdom More ❯

My client, a Financial Services company based in London, are looking for an Information Security Governance, Risk and Assurance specialsit to join their growing team. This role is two days per week in the office in London (near Canary Wharf). About the Information Security Governance, Risk and Assurance specialist: The individual will be part of the security function that … is responsible for security governance, risk and assurance, to ensure the organisations security posture is robust, compliant against the security policy, standards and controls. The position will require close collaboration with technical, operational, compliance and audit teams to create a secure and compliant technology environment. What you will be doing: Maintain security policy, standards, procedures and frameworks. Ensure alignment with … non-technical stakeholders Strong understanding of security risk management and taxonomy principles, to reduce risk to an acceptable level. Knowledge of vulnerability management and incident management practices. Experience with GRC tools and best practices. RSA Archer is preferred. Financial and/or Banking industry experience preferred. Professional qualifications/certifications Ideally qualified in MSc Information Security, CICA, CRISC, CISM and More ❯

packaging solutions, paper products and recycling services in more than 30 different countries across EMEA with over 30,000 colleagues. About the role Reporting to Head of I&T GRC, Governance and Risk Lead will be responsible for driving information and cyber security awareness, delivering security awareness training including phishing and facilitation of cyber scenario desktop simulations across central and … risk register, tools, process, reporting and review. You will take responsibility for managing a subset of aspects of ISO 27001 related documentation and control activities. As the I&T Governance and Risk Lead you will have the responsibility of aspects of the I&T GRC scope, delegated and assigned by the Head of I&T GRC. Key Accountabilities Engage with More ❯

Join to apply for the Cybersecurity GRC - Compliance Director role at Northern Trust Join to apply for the Cybersecurity GRC - Compliance Director role at Northern Trust Get AI-powered advice on this job and more exclusive features. About Northern Trust Northern Trust, a Fortune 500 company, is a globally recognized, award-winning financial institution that has been in continuous operation … and over 22,000 partners, we serve the world’s most sophisticated clients using leading technology and exceptional service. Role/Department This role will sit in the Cybersecurity Governance, Risk and Compliance (GRC) team within Northern Trust’s Technology function (1st Line of Defense); it reports to the Global Head of Cybersecurity GRC as a key part of the … GRC leadership team. The Cybersecurity Compliance Director will spearhead the GRC Compliance team, and will be responsible for monitoring and adherence to cyber rules and regulations, controls oversight and assurance, and co-ordination of cyber controls information and evidence to regulators, auditors and clients. The ideal candidate will combine deep subject matter expertise in both cybersecurity and assurance (audit or More ❯

Join to apply for the Governance, Risk and Compliance Analyst role at Vista . Job Profile We are seeking a dedicated and detail-oriented Governance, Risk and Compliance (GRC) Analyst to join our team. In this role, you will ensure compliance with regulatory obligations, align with frameworks and security standards, and manage IT risk across the organization and supply chain. … You will collaborate with cross-functional teams and work closely with external vendors, auditors, and clients to embed GRC practices, maintain security controls, and ensure adherence to frameworks and policies. Your Responsibilities Maintain and improve our Information Security Management System (ISMS). Monitor compliance with security frameworks. Support the IT and Information Security policy lifecycle. Maintain the IT Security risk … partners. Complete audits for clients and coordinate with audit teams. Audit internal processes for compliance. Work with the Privacy Analyst on DPIAs, RoPAs, and data subject workflows. Maintain the GRC platform and security awareness training platform. Assist in creating and maintaining metrics on control effectiveness and maturity. Stay updated on relevant frameworks and regulatory requirements. Required Skills, Qualifications, and Experience More ❯

VICE PRESIDENT GOVERNANCE RISK & COMPLIANCE - AEROSPACE AND DEFENSE: Bullisher is a data-centric fintech solution provider in the aerospace and defense industry for institutional level investors, looking to disrupt and revolutionize a $3 trillion dollar industry. We spearhead an industry-leading Blackbox to facilitate and administer trade agreements, delivering solutions through innovation with uncompromising agility. JOB DESCRIPTION: The oversight requires … you to create an immersive simulation that leverages advanced problem-solving methods and complex cognitive tasks to deliver real-global operations scenarios for performing GRC tasks in virtual reality. Collaborating with leading-edge cognitive thinking systems, networks, and Systems of System Engineering, cybersecurity, space applications, and electromagnetic spectrum operations applications. You will develop and deliver security programs in fast-paced … Establish a System Security Plan (SSP) . The SSP needs to go through each NIST SP 800-171 control and include how the control is implemented, monitored, and enforced. GOVERNANCE: Create programs and pathways for transition into cybersecurity, regulations, compliance, and GRC, translating business into technical and security risk. RISK MANAGEMENT: The goal is to understand the lifecycle of risk More ❯

Senior IT GRC Analyst City of London/Hybrid £Competitive + strong bonus and benefits GRC Frameworks, ISO 27001, NIST A prestigious financial services organisation in the heart of the City of London is seeking a Senior IT GRC Analyst to join its dynamic team. In this collaborative role, you will support the development and enhancement of IT Governance, Risk … and Compliance (GRC) frameworks, working closely with senior stakeholders, internal IT teams, and third-party partners to manage IT risk and ensure regulatory compliance across the business. Key Responsibilities: Governance: Contributing to the implementation and continuous development of IT GRC frameworks. Assisting in the review and maintenance of IT GRC documentation. Assist in the implementation and communication of IT risk … and control management frameworks. Conduct governance reviews in line with agreed schedules and document outcomes. Maintain documentation for IT risk and control management processes. Support the preparation and delivery of formal IT GRC reporting. Risk: Identifying, assessing, and documenting IT risks. Supporting IT risk management activities, including the execution of technical IT risk assessments. Supporting risk owners to define remediation More ❯

Social network you want to login/join with: iO Associates have collaborated with our consultancy division to help in their search for a GRC Analyst. You will support the GRC Manager in identifying and evaluating security risks, strengthening the organisation's governance framework, and ensuring alignment with relevant industry regulations and standards. Key Responsibilities: Assess, document, and communicate information … security risks Develop and implement risk mitigation plans Maintain and evolve governance and compliance frameworks Monitor compliance against standards and regulations like ISO 27001, NIST, GDPR Coordinate audits (internal and external) Requirements: Degree in Computer Science/IT or relevant industry certifications such as CISA, CRISC, CISMP, ISO 27001 Lead Auditor/Implementer Working knowledge with legal/security needs More ❯

You will need to login before you can apply for a job. AVP, IT Security Specialist - RSA Archer, NIST, GRC - London - Hybrid AVP, IT Security Specialist – RSA Archer, NIST, GRC – London – Hybrid Join a leading security governance and risk team as an AVP, IT Security Specialist . You'll play a key role in ensuring robust security controls, compliance, and … stakeholders Key Skills & Experience: Minimum 2 years' experience in Information or Cyber Security, ideally in financial services Solid understanding of security risk management principles and taxonomy Working knowledge of GRC platforms – RSA Archer preferred Familiarity with NIST CSF , NIST 800–53 , ISO 27001 , SOC 1 & 2 Good written and verbal communication skills for technical and non–technical stakeholders Strong documentation More ❯

of risk remediation actions and promoting risk-awareness across IT operations. Conducting regular IT risk assessments to identify emerging threats and ensure compliance with regulatory and industry standards. Evaluating Governance, Risk, and Compliance (GRC) tools to ensure alignment with business needs and regulatory requirements. Maintaining and updating IT policy and procedural documentation in line with operational and compliance needs. Acting … this role: Bachelor’s degree in Information Technology, Computer Science, or a related field. Experience in IT Risk Management, Operational Risk, or a related discipline. Hands-on experience with GRC tools—particularly in IT Compliance, IT Risk Management, and Vendor Management—is desirable. Strong knowledge of IT risk management frameworks and standards such as ISO 27001 and NIST. Proven experience More ❯

risks we face as a business. As part of Group Risk, the Technology Risk and Controls team is responsible for the management of technology risks by providing oversight and governance of risks, issues, mitigations, and action plans. Responsibilities: Assist in the identification and assessment of technology risks and issues. Evaluate the design and operating effectiveness of technology controls, and document … efforts and track the implementation of corrective actions. Execute day-to-day activities, ensuring the robustness and continued improvement of our control environment. Play a role in ITV's GRC risk management system, ensuring it is maintained, updated, and all necessary risk management procedures are followed. Work closely with Risk teams across ITV to understand the impact of business changes More ❯

services, and assets, ensuring compliance with industry standards (e.g., CIS, NIST, ISO 27001, SOC 1/2) and internal security policies across all platforms and environments. Lead the security governance mechanism for capturing and managing security baseline adherence to rectify any policy exceptions and dispensations (deviations or gaps) against the security policy standards and controls and align security risks. Oversee … Artificial Intelligence, post quantum computing and cyber risk quantification. Considerable experience in cybersecurity, with notable experience in a senior or managerial role focused on security policy, standards, controls testing, governance, and compliance. Mastery experience of how security controls are implemented, their effectiveness, and alignment with security policy, standards and NIST best practice guidelines. Strong ability to consult with control owners … information clearly and effectively. Presenting data insights to non-technical stakeholders. Strong understanding of security risk management and taxonomy principles, to reduce risk to an acceptable level. Experience with GRC tools and best practices. RSA Archer is preferred. Proficiency in security frameworks (e.g., NIST CSF, ISO 27001, SOC1,2). Expert knowledge of security assurance practices such as audit, risk More ❯

are driving responsible innovation and increasing market accessibility for global SMEs. We do so across our 4 key businesses: Alipay+, Antom, WorldFirst, and ANEXT Bank. Role Overview: As a GRC Lead , you will ensure alignment with European regulations (e.g., GDPR, DORA, PSD2 SCA, CSSF) and global standards (PCI DSS, SWIFT CSP). This role requires technical knowledge, strategic thinking, and … expertise in managing third-party risk , outsourcing compliance , and identity governance to safeguard operational resilience. What you will be doing: Regulatory & Technical Compliance: Support compliance with GDPR and complementary regulations like DORA (Digital Operational Resilience Act) , ensuring alignment in areas such as incident reporting and data protection. Translate requirements from PSD2 SCA , PCI DSS , and SWIFT CSP into technical security … controls. Maintain IT security governance frameworks (ISO 27001, NIST CSF, CIS Controls). Manage and maintain Security Policies and procedures. Third-Party Risk & Outsourcing Management: Design and implement third-party risk management programs to assess vendors, cloud providers, and outsourced services. Ensure compliance with DORA's outsourcing requirements , including due diligence, contract oversight, and continuity planning. Audit & Assurance: Participate in More ❯

are driving responsible innovation and increase market accessibility for global SMEs. We do so across our 4 key businesses: Alipay+, Antom, WorldFirst and ANEXT Bank. Role Overview: As a GRC Lead, you will ensure alignment with European regulations (e.g., GDPR, DORA, PSD2 SCA, CSSF) and global standards (PCI DSS, SWIFT CSP). This role requires technical knowledge, strategic thinking, and … expertise in managing third-party risk, outsourcing compliance, and identity governance to safeguard operational resilience. What you will be doing: Regulatory & Technical Compliance: Support compliance with GDPR and complementary regulations like DORA (Digital Operational Resilience Act), ensuring alignment in areas such as incident reporting and data protection. Translate requirements from PSD2 SCA, PCI DSS, and SWIFT CSP into technical security … controls. Maintain IT security governance frameworks (ISO 27001, NIST CSF, CIS Controls). Manage and maintain Security Policies and procedures Third-Party Risk & Outsourcing Management: Design and implement third-party risk management programs to assess vendors, cloud providers, and outsourced services. Ensure compliance with DORA’s outsourcing requirements, including due diligence, contract oversight, and continuity planning. Audit & Assurance: Participate in More ❯

are driving responsible innovation and increase market accessibility for global SMEs. We do so across our 4 key businesses: Alipay+, Antom, WorldFirst and ANEXT Bank. Role Overview: As a GRC Lead, you will ensure alignment with European regulations (e.g., GDPR, DORA, PSD2 SCA, CSSF) and global standards (PCI DSS, SWIFT CSP). This role requires technical knowledge, strategic thinking, and … expertise in managing third-party risk, outsourcing compliance, and identity governance to safeguard operational resilience. What you will be doing: Regulatory & Technical Compliance: Support compliance with GDPR and complementary regulations like DORA (Digital Operational Resilience Act), ensuring alignment in areas such as incident reporting and data protection. Translate requirements from PSD2 SCA, PCI DSS, and SWIFT CSP into technical security … controls. Maintain IT security governance frameworks (ISO 27001, NIST CSF, CIS Controls). Manage and maintain Security Policies and procedures Third-Party Risk & Outsourcing Management: Design and implement third-party risk management programs to assess vendors, cloud providers, and outsourced services. Ensure compliance with DORA’s outsourcing requirements, including due diligence, contract oversight, and continuity planning. Audit & Assurance: Participate in More ❯

Join to apply for the Information Technology Consultant role at Virgin Atlantic . This role is responsible for supporting the governance of information security, ensuring that an appropriate risk, policy, and reporting framework is managed to enable Virgin Atlantic Airways to use information safely and in compliance with regulation. It involves supporting the identification, management, and documentation of requirements impacting … the risk, policy, and reporting framework, as well as communicating governance matters with internal and external groups such as Internal Audit, Technology Leadership Team, Safety & Security, Virgin Group, or CPNI. The role ensures robust identification, management, and mitigation of information and cybersecurity risks across Virgin Atlantic’s operations. With an emphasis on risk management activities, third-party supply chain security … NIST Cybersecurity Framework PCI-DSS 4.0.1 UK GDPR, NIS2 Directive, CAP1753, and related sector obligations This makes it a great development role for those aiming to step into senior GRC or advisory roles. About you CRISC/CISA/CISM certification through ISACA or an equivalent professional body. ISO 27001 Lead Implementer/Auditor certification. Sound knowledge of information security More ❯

PSD2 SCA, CSSF) and global standards (PCI DSS, SWIFT CSP). This role requires technical knowledge, strategic thinking, and expertise in managing third-party risk , outsourcing compliance , and identity governance to safeguard operational resilience. What you will be doing: Regulatory & Technical Compliance: Support compliance with GDPR and complementary regulations like DORA (Digital Operational Resilience Act) , ensuring alignment in areas such … as incident reporting and data protection. Translate requirements from PSD2 SCA , PCI DSS , and SWIFT CSP into technical security controls. Maintain IT security governance frameworks (ISO 27001, NIST CSF, CIS Controls). Manage and maintain Security Policies and procerdures Third-Party Risk & Outsourcing Management: Design and implement third-party risk management programs to assess vendors, cloud providers, and outsourced services. … PAM). Conduct periodic user access reviews to ensure compliance with least privilege principles and regulatory requirements. Security awareness management experience. What we are looking for: 5+ years in GRC roles ; financial services or banking. Understanding of GDPR , DORA , PCI DSS, and outsourcing/third-party risk requirements. Hands-on experience with ISO 27001 implementation and third-party risk tools More ❯

PSD2 SCA, CSSF) and global standards (PCI DSS, SWIFT CSP). This role requires technical knowledge, strategic thinking, and expertise in managing third-party risk , outsourcing compliance , and identity governance to safeguard operational resilience. What you will be doing: Regulatory & Technical Compliance: Support compliance with GDPR and complementary regulations like DORA (Digital Operational Resilience Act) , ensuring alignment in areas such … as incident reporting and data protection. Translate requirements from PSD2 SCA , PCI DSS , and SWIFT CSP into technical security controls. Maintain IT security governance frameworks (ISO 27001, NIST CSF, CIS Controls). Manage and maintain Security Policies and procerdures Third-Party Risk & Outsourcing Management: Design and implement third-party risk management programs to assess vendors, cloud providers, and outsourced services. … PAM). Conduct periodic user access reviews to ensure compliance with least privilege principles and regulatory requirements. Security awareness management experience. What we are looking for: 5+ years in GRC roles ; financial services or banking. Understanding of GDPR , DORA , PCI DSS, and outsourcing/third-party risk requirements. Hands-on experience with ISO 27001 implementation and third-party risk tools More ❯

PSD2 SCA, CSSF) and global standards (PCI DSS, SWIFT CSP). This role requires technical knowledge, strategic thinking, and expertise in managing third-party risk, outsourcing compliance, and identity governance to safeguard operational resilience. What you will be doing: Regulatory & Technical Compliance: Support compliance with GDPR and complementary regulations like DORA (Digital Operational Resilience Act), ensuring alignment in areas such … as incident reporting and data protection. Translate requirements from PSD2 SCA, PCI DSS, and SWIFT CSP into technical security controls. Maintain IT security governance frameworks (ISO 27001, NIST CSF, CIS Controls). Manage and maintain Security Policies and procerdures Third-Party Risk & Outsourcing Management: Design and implement third-party risk management programs to assess vendors, cloud providers, and outsourced services. … PAM). Conduct periodic user access reviews to ensure compliance with least privilege principles and regulatory requirements. Security awareness management experience. What we are looking for: 5+ years in GRC roles; financial services or banking. Understanding of GDPR, DORA, PCI DSS, and outsourcing/third-party risk requirements. Hands-on experience with ISO 27001 implementation and third-party risk tools. More ❯

PSD2 SCA, CSSF) and global standards (PCI DSS, SWIFT CSP). This role requires technical knowledge, strategic thinking, and expertise in managing third-party risk , outsourcing compliance , and identity governance to safeguard operational resilience. What you will be doing: Regulatory & Technical Compliance: Support compliance with GDPR and complementary regulations like DORA (Digital Operational Resilience Act) , ensuring alignment in areas such … as incident reporting and data protection. Translate requirements from PSD2 SCA , PCI DSS , and SWIFT CSP into technical security controls. Maintain IT security governance frameworks (ISO 27001, NIST CSF, CIS Controls). Manage and maintain Security Policies and procerdures Third-Party Risk & Outsourcing Management: Design and implement third-party risk management programs to assess vendors, cloud providers, and outsourced services. … PAM). Conduct periodic user access reviews to ensure compliance with least privilege principles and regulatory requirements. Security awareness management experience. What we are looking for: 5+ years in GRC roles ; financial services or banking. Understanding of GDPR , DORA , PCI DSS, and outsourcing/third-party risk requirements. Hands-on experience with ISO 27001 implementation and third-party risk tools More ❯

Job information: Functional Title - IT Security Specialist Department – Security Governance and Risk Management Corporate level – Associate Vice President Report to – Director of Security Location - London, onsite 2 days per week About the role: The individual will be part of the security function that is responsible for security governance, risk and assurance, to ensure the organisations security posture is robust, compliant … stakeholders Base level understanding of security risk management and taxonomy principles, to reduce risk to an acceptable level. Knowledge of vulnerability management and incident management practices. Ability to learn GRC tools and best practices. RSA Archer is preferred. Financial and/or Banking industry experience preferred. Professional qualifications/certifications Ideally qualified in MSc Information Security, CICA, CRISC, CISM and More ❯

Job information: Functional Title - IT Security Specialist Department – Security Governance and Risk Management Corporate level – Associate Vice President Report to – Director of Security Location - London, onsite 2 days per week About the role: The individual will be part of the security function that is responsible for security governance, risk and assurance, to ensure the organisations security posture is robust, compliant … stakeholders Base level understanding of security risk management and taxonomy principles, to reduce risk to an acceptable level. Knowledge of vulnerability management and incident management practices. Ability to learn GRC tools and best practices. RSA Archer is preferred. Financial and/or Banking industry experience preferred. Professional qualifications/certifications Ideally qualified in MSc Information Security, CICA, CRISC, CISM and More ❯