Senior Manager: Governance, Risk and Compliance

Some of Your Responsibilities & Core Duties will be:

• Lead, manage, and develop the GRC team, including hiring, coaching, performance management, and succession planning. Champion a culture where governance, risk and compliance are seen as business enablers, not blockers. 
• Manage our control framework, covering ISO 27001, 22301, 9001, 14001, SOC2 Type 2, PCI DSS & CE+. 
• Implement and manage ISO 42001 within the integrated management system, ensuring alignment with organisational objectives. 
• Partner with our Cyber Security, IT, Product and Engineering Teams to ensure that information security governance and policies remain effective, aligned with risk appetite, and embedded into day-to-day operations. 
• Own and mature the Vendor Risk Management (VRM) framework, including vendor criticality tiers, onboarding, due diligence, and ongoing monitoring. 
• Manage and test Business Continuity Plans (BCPs) across critical business services, locations, and supporting technology.
• Own the enterprise risk management framework, methodology, and tools. 
• Lead regular Information Security and AI Risk Board meetings, ensuring clear risk ownership, documented decisions, and timely follow-up on agreed actions. 
• Use KPIs to monitor GRC process performance, drive continuous improvement, and evidence the value and maturity of the GRC function. 
• Support the creation, enhancement, and maintenance of technical and procedural documentation (policies, standards, guidelines, and work instructions).

The Experience and Key Skills you will have:

• At least 5+ years’ experience in the capacity of a GRC Manager/Senior GRC Analyst or a Lead Auditor is required.
• Certification in ISO 27001 and/or recognised IT governance and security certification such as CRISC, CISA, CISSP, etc.
• Experience implementing or managing Governance, Risk and Compliance (GRC) systems.
• Hands-on experience as an Internal Security Assessor for PCI DSS and leading or heavily supporting PCI DSS certification or assessments.
• Experience with NIS 2, AI governance / AI compliance, and other emerging regulatory frameworks, or clear capability to rapidly build this expertise.
• Demonstrated ability to assess and design internal controls for information security in enterprise or high-growth SaaS environments, including cloud-native architectures.
• Understanding of fundamental information security concepts and technology and have previous exposure to cloud technologies and cloud security.  
• Superb English communication skills with the ability to interact effectively with multi-disciplinary teams.

The Interview Process:

• Online interview with the Senior Talent Partner.
• First stage video interview with the CISO and the Head of Cyber.
• Final stage video interview with the Chief Technology Officer and the CISO.