Head of Cyber Security Governance and Compliance Job in London

4648 IT & Software Developer jobs in the UK

Company Size

<50

Company Type

Services

Exp Level

Senior

Job Type

Full-Time

Language

English

Visa sponsorship

Requirements

Must:

- 7+ years experience in governance, risk, and compliance within a large, complex organization. - Strong knowledge of cyber security frameworks (ISO 27001, NIST, CIS Controls). - Expertise in regulatory compliance (GDPR, NIS2, SOX). - Excellent leadership, communication, and influencing skills. - Professional certifications such as CISSP, CISM, CRISC. - Proven experience developing and implementing enterprise-wide cyber risk management processes. - Excellent collaboration skills with cross-functional teams. - Strong relationship-building and communication skills, with a personable and credible approach. - Desirable: Experience in a federated business model. - Desirable: Familiarity with risk quantification tools and methodologies. - Desirable: Ability to drive cultural change and embed security awareness. - Desirable: Experience building a strong relationship with internal audit. - Desirable: Experience implementing an effective third-party security risk management service.

Technologies

Support

Security

Responsibilities

- Define and maintain the cyber security governance framework, policies, and standards. - Lead the liaison with divisional GRC roles, supporting the development and maintenance of the GRC operating model and framework. - Ensure alignment with the Cyber Standard and global regulatory requirements (e.g., NIS2, GDPR). - Provide direction on cyber security tooling relating to governance and assurance objectives. - Collaborate with the Technical Assurance team to define and implement metrics and reporting standards for divisions. - Chair governance forums and provide regular reporting to senior leadership and audit committees. - Plan, coordinate, and facilitate Security Working Group (SWG) meetings. - Assist in the preparation of board papers and materials for annual reporting and Group level risk management. - Develop and implement enterprise-wide cyber risk management processes. - Lead risk quantification initiatives and develop metrics to measure and communicate risk reduction. - Provide assurance that cyber risks are identified, assessed, and mitigated across all divisions. - Maintain and update risk registers, ensuring Group risks are accurately captured, assessed, and managed. - Conduct and oversee risk assessments at Group level in support of all divisions and business units. - Track and manage deviations from policy, including documentation and approval of exceptions. - Conduct horizon scanning for regulatory changes and emerging cyber security requirements. - Build and lead the non-automated second line assurance capability to monitor compliance with the Groups cyber standard. - Oversee readiness for internal audits and external regulatory reviews, liaising with audit bodies to support audit activities. - Report monthly on GRC and assurance activities to senior management and divisional stakeholders. - Develop the strategy for third-party cyber security and manage cyber security third-party risk and assurance. - Lead the Group Cyber Security GRC function and provide strategic direction on GRC initiatives. - Act as a trusted advisor to the CISO and senior stakeholders on governance and compliance matters. - Collaborate with divisional GRC functions, legal, finance, and operational teams for integrated risk management. - Build and maintain trusted relationships with senior stakeholders, ensuring positive engagement and communication.

Description

We are excited to present an opportunity to join our Group Cyber Security team during a significant phase of investment and transformation. Our team is dedicated to managing cyber risk effectively within our highly federated business model. As the Head of Cyber Security Governance, Risk & Compliance (GRC), you will play a pivotal role in shaping our strategy, ensuring that we not only meet but exceed regulatory expectations while embedding security into our organizational culture. We offer a dynamic work environment where you can collaborate with various stakeholders to influence the cyber resilience of our global operations.

Something wrong or incorrect with this job? Tell us in the chat 💬 on the right ➡️

IT & Software developer jobs in the UKSecurity Engineer jobs in the UKSecurity Engineer jobs London

You can find Cyber Security Engineer salaries in the UK here.

How many Cyber Security Engineer jobs are in the UK?

Currently, there are 4648 Security openings. Check also: IAM jobs, SAML jobs, Cisco jobs, Splunk jobs - all with salary brackets.

Is the UK a good place for Cyber Security Engineers?

The UK is one of the best countries to work as a Cyber Security Engineer. It has a vibrant startup community, growing tech hubs and, most important: lots of interesting jobs for people who work in tech.

Which companies are hiring for Cyber Security Engineer jobs in the UK?

SwapTix, Collect Solutions Ltd, Arctic Shores, Roke Manor Research Limited, NFU Mutual, Government Communications Headquarters (GCHQ), Metropolitan Police among others, are currently hiring for Security roles in the UK.

The company with most openings is Experis as they are hiring for 107 different Cyber Security Engineer jobs in the UK. They are probably quite committed to find good Cyber Security Engineers.