Senior GRC Manager

Role Purpose

This role is responsible for leading and maturing the organisation’s information and cyber security governance, risk, and compliance capabilities. The role ensures that security risks are effectively identified, assessed, and managed, while maintaining compliance with regulatory requirements, internal policies, and industry standards. The role drives the strategic direction of the GRC function, embeds risk-based decision-making across the organization, and provides leadership to the GRC team. The role acts as a key interface between information and cyber security, enterprise risk, compliance, audit, and legal. 

• Lead, coach, and develop the GRC manager and broader GRC team. 

• Lead the development, implementation and lifecycle management of the information and cyber security governance, risk, and compliance framework, including policies, standards, and procedures.  

• Translate organisational risk appetite and regulatory requirements into practical security governance processes. 

• Establish measurable GRC objectives aligned with organisational and CIO-level priorities. 

• Ensure effective governance forums, reporting, and decision making processes are in place. 

• Oversee the identification, assessment, prioritisation, and tracking of information and cyber security risks. 

• Lead regulatory compliance activities, e.g. ISO27001 or other relevant standards or frameworks, and coordinate audit and related remediation activities. 

• Oversee third-party risk and supplier security assurance processes 

• Produce exec level reporting on cyber risk posture, compliance status, and governance maturity. 

• Facilitate risk assessment for new technologies, projects, suppliers, and related business initiatives.  

• Foster a strong risk-aware culture through collaboration and upskilling.  

• Bachelor’s degree in Information Security, Cyber, IT, Risk Management or related field, relevant professional certifications preferred. 

• 5+ years experience in information and cyber security governance, risk management, or compliance roles 

• Proven experience managing  GRC teams 

• Strong understanding of security frameworks and regulatory requirements 

• Ability to translate complex technical risks into clear business language 

• Risk-based decision making 

• Strong stakeholder management and influencing skills 

• Calm, decisive, and methodical under pressure 

• Clear communicator with technical and non-technical stakeholders 

• Analytical thinking & problem solving