Role Overview

My client are seeking a Cyber GRC Specialist to play a pivotal role in strengthening our organisation’s cybersecurity governance, risk management, and compliance (GRC) framework. This position is ideal for someone who enjoys structure, process, and driving adoption of effective ways of working across diverse teams.

You’ll act as a key enabler of the Cyber GRC strategy — managing day-to-day operational elements such as risk tracking, compliance activities, reporting, and governance processes — allowing senior leadership to focus on strategic direction and programme evolution.

Please note this is a contract / B2B position.

Key Responsibilities

Governance & Ways of Working

• Support the development, maintenance, and continuous improvement of the Cyber GRC framework and related policies, standards, and procedures.
• Drive adoption of consistent and efficient ways of working across cyber risk and compliance teams.
• Coordinate governance forums, including preparation of materials, tracking of actions, and reporting on progress to senior stakeholders.
• Ensure alignment between Cyber, IT, and Enterprise Risk functions on governance processes and risk posture.

Risk Management

• Maintain and enhance cyber risk registers, ensuring risks are identified, assessed, mitigated, and reported in line with organisational frameworks.
• Support the execution of risk assessments, control testing, and remediation activities.
• Track and report on risk treatment plans and key risk indicators (KRIs).
• Contribute to maturing risk management methodologies, ensuring they are pragmatic and embedded across functions.

Compliance & Assurance

• Coordinate compliance assessments and evidence gathering for frameworks such as ISO 27001, NIST, CIS Controls, and other regulatory requirements.
• Manage audit preparation activities and track remediation plans from internal and external audits.
• Maintain documentation and artefacts that demonstrate compliance with cybersecurity and data protection standards.

Operational Enablement

• Own the operational cadence of GRC activities — scheduling, documentation, follow-ups, and dashboards.
• Manage GRC toolsets (e.g., ServiceNow GRC, Archer, OneTrust, or similar), ensuring data integrity and usability for reporting.
• Support the creation and delivery of reports and dashboards for management and executive committees.
• Identify and implement process improvements to enhance the efficiency and effectiveness of GRC operations.

Collaboration & Stakeholder Management

• Work closely with internal teams including IT, Legal, Data Privacy, and Enterprise Risk to ensure alignment on risk and compliance activities.
• Serve as a trusted point of contact for operational GRC queries, escalating strategic or complex matters where required.
• Support the broader cyber transformation journey by fostering a culture of compliance, risk awareness, and accountability.

Skills & Experience

Essential:

• Proven experience in a GRC, cyber risk, or compliance role within a complex organisation.
• Strong understanding of cyber risk management principles and frameworks (ISO 27001, NIST CSF, etc.).
• Excellent organisational skills and attention to detail, with the ability to manage multiple workstreams simultaneously.
• Proactive and structured approach to managing governance processes and operational delivery.
• Strong stakeholder management and communication skills — able to engage both technical and non-technical audiences.

Please apply for immediate consideration.