Manager, Governance, Risk and Compliance

The Manager, Governance, Risk & Compliance (GRC) leads information security risk management and client assurance activities across multiple client accounts and regions. This role is accountable for overseeing audits, assessments, and remediation programmes while managing and developing a team of GRC Specialists. The Manager serves as a trusted advisor to internal leaders and client stakeholders, ensuring regulatory, contractual, and client security requirements are met through strong governance, proactive risk management, and clear executive reporting.

Key Responsibilities

Risk Management & Governance

• Provide leadership oversight of information security and compliance risk assessments across client programmes and internal functions.
• Govern core GRC artefacts, including risk registers, control frameworks, exceptions, and risk acceptances.
• Translate regulatory, contractual, and client security requirements into scalable, auditable control expectations.
• Advise senior stakeholders on risk prioritization, materiality, and risk‑business trade‑offs.
• Complete all assigned, mandatory training within the timeframe provided
• Conduct and/or participate in regularly scheduled 1:1 meetings with direct manager and/or direct reports 

Client Assurance

• Act as the senior escalation point for client security audits, assessments, and due diligence activities.
• Oversee end‑to‑end delivery of client assurance engagements, ensuring quality, consistency, and on‑time completion.
• Review and approve complex or high‑risk client assurance responses and evidence submissions.
• Ensure effective governance of client‑driven findings through remediation tracking and executive escalation.

Audit, Monitoring & Remediation

• Lead responses to internal and external audits, maintaining audit readiness and consistent narratives.
• Establish and oversee proactive monitoring to identify control failures, emerging risks, and compliance gaps.
• Provide leadership oversight for security incidents and investigations, ensuring effective root cause analysis and remediation.
• Drive systemic improvements to controls, processes, and governance models to prevent recurring issues.

People Leadership & Stakeholder Engagement

• Lead, coach, and develop a team of GRC Specialists through performance management, mentoring, and capability building.
• Produce clear, executive‑level risk reporting on posture, trends, and remediation status.
• Partner with Client Security leadership, IT, Operations, Privacy, Legal, and other stakeholders to ensure aligned priorities and timely execution.

Qualifications

Required

• 8–10 years of experience in information security, governance, risk, compliance, audit, or client assurance.
• Demonstrated experience leading audits, security assessments, and remediation programmes.
• Strong knowledge of common security and compliance frameworks (e.g., ISO/IEC 27001, NIST, SOC 2, PCI DSS).
• Proven ability to communicate complex risk topics to executive and non‑technical audiences.
• Experience managing competing priorities across multiple clients, regions, or regulatory environments.
• Prior people‑management or team‑leadership experience.

Preferred

• Bachelor’s degree in Information Security, Risk Management, Business, or a related field (or equivalent experience).
• Professional certifications such as CISSP, CISM, CISA, CRISC, HCISPP, or IAPP credentials.
• Experience with GRC tools, audit platforms, or evidence management systems.