Overview
As a GRC Lead, you will have the opportunity to design and maintain security governance structures and risk management frameworks for clients within various sectors including Energy, Public and Finance. You will collaborate with stakeholders at all levels to ensure effective communication and compliance oversight of cybersecurity policies and strategies. This role focuses on driving transformational change and enhancing organizational resilience through structured governance and risk management practices.
Responsibilities
- Design and implement security governance structures and risk management frameworks.
- Develop and oversee the security policy ecosystem and awareness strategy.
- Engage with stakeholders to communicate cybersecurity risk positions and reduction options.
- Conduct technology risk reporting and collaborate with enterprise risk and audit committees.
- Ensure compliance with relevant regulatory frameworks and industry standards.
- Provide guidance and expertise on information security policies and frameworks.
- Support senior leadership in understanding and addressing cybersecurity risks.
Requirements
- Proven experience in setting Information Security Policies and Frameworks.
- Experience with Technology Risk Reporting and stakeholder engagement.
- Strong understanding of regulatory frameworks such as UK CAF and NIS2.
- Ability to effectively communicate risk positions to senior leadership.
- Familiarity with IT security frameworks, particularly NIST CSF.
- Bachelor's degree in Computer Science, Information Security, or equivalent experience.
- Relevant certifications such as GICSP, CISSP, or equivalent.