Governance, Risk & Compliance (GRC) Lead
other jobs Nigel Wright Group
Added before 3 Days
- England,North East,Tyne and Wear,Newcastle upon Tyne
- Full Time, Permanent
- £70,000 - £75,000 per annum
Job Description:
The Opportunity
National enterprise scale business is seeking a highly capable Governance, Risk & Compliance (GRC) Lead to drive the evolution of their security and risk landscape during a period of significant transformation and investment. This is a rare chance to step into a senior, influential position—shaping the GRC strategy, building capability, and ensuring regulatory excellence across a complex and high-profile environment.
The Role
Working as the Right-hand to the Head of Information Security, you will:
Leadership & Ownership*Lead the entire GRC portfolio and shape a function that is still maturing.
*Manage a small but growing team, across multiple sites
Governance & ISMS*Own the ISMS and drive the organisation’s journey to ISO 27001 certification.
*Ensure ongoing Cyber Essentials and Cyber Essentials Plus compliance across the business.
*Develop, maintain and embed policies, processes and governance structures.
Risk Management*Stand up and mature the IT risk management framework across the business.
*Produce risk registers, KRIs, governance packs and executive-ready reporting.
*Oversee and enhance third-party risk assurance.
Regulatory & Framework Compliance*Support delivery of obligations under the Security & Resilience Bill and CAF.
*Provide guidance on NIS2 for international operations.
*Anticipate evolving regulatory requirements and prepare the organisation accordingly.
Incident Response Governance*Lead scenario planning, readiness and policy work on the GRC side of incident response.
*Work closely with the Security Operations Lead, who owns technical response.
The Person
With a strong background in GRC and ideally possessing an information security certification such as CISSP, CISM or CRISC, you will have:
*The ability to interpret and challenge technical controls
*Experience managing or maturing an ISMS and delivering ISO 27001 compliance.
*Solid IT risk management experience.
*Strong communication skills with senior stakeholders, including exec-level reporting.
Most importantly you will be:
*Practical, hands-on, comfortable shaping a function that is still developing.
*Able to influence, challenge and communicate with technical stakeholders.
*Detailed in documentation, audit readiness and governance reporting.
Exposure to public-sector aligned frameworks (CAF, NIS/NIS2), will be beneficial, though not essential.
National enterprise scale business is seeking a highly capable Governance, Risk & Compliance (GRC) Lead to drive the evolution of their security and risk landscape during a period of significant transformation and investment. This is a rare chance to step into a senior, influential position—shaping the GRC strategy, building capability, and ensuring regulatory excellence across a complex and high-profile environment.
The Role
Working as the Right-hand to the Head of Information Security, you will:
Leadership & Ownership*Lead the entire GRC portfolio and shape a function that is still maturing.
*Manage a small but growing team, across multiple sites
Governance & ISMS*Own the ISMS and drive the organisation’s journey to ISO 27001 certification.
*Ensure ongoing Cyber Essentials and Cyber Essentials Plus compliance across the business.
*Develop, maintain and embed policies, processes and governance structures.
Risk Management*Stand up and mature the IT risk management framework across the business.
*Produce risk registers, KRIs, governance packs and executive-ready reporting.
*Oversee and enhance third-party risk assurance.
Regulatory & Framework Compliance*Support delivery of obligations under the Security & Resilience Bill and CAF.
*Provide guidance on NIS2 for international operations.
*Anticipate evolving regulatory requirements and prepare the organisation accordingly.
Incident Response Governance*Lead scenario planning, readiness and policy work on the GRC side of incident response.
*Work closely with the Security Operations Lead, who owns technical response.
The Person
With a strong background in GRC and ideally possessing an information security certification such as CISSP, CISM or CRISC, you will have:
*The ability to interpret and challenge technical controls
*Experience managing or maturing an ISMS and delivering ISO 27001 compliance.
*Solid IT risk management experience.
*Strong communication skills with senior stakeholders, including exec-level reporting.
Most importantly you will be:
*Practical, hands-on, comfortable shaping a function that is still developing.
*Able to influence, challenge and communicate with technical stakeholders.
*Detailed in documentation, audit readiness and governance reporting.
Exposure to public-sector aligned frameworks (CAF, NIS/NIS2), will be beneficial, though not essential.
Job number 3543677
Increase your exposure to recruiters with ProJobs
Thousands of recruiters are looking for you in the Job Master profile database, increase your exposure 4 times with a ProJob subscription
You can cancel your subscription at any time.
metapel
Company Details:
Nigel Wright Group
Company size: 100–249 employees
Industry: Recruitment Consultancy
As the preferred talent partner for over 35 years, Nigel Wright Group has significant experience in connecting great people to great opportunities. We...