GRC Manager

Job Description

FULLY REMOTE GRC Manager (Governance Risk and Compliance Manager)My client is looking for an enthusiastic GRC Manager / Governance Risk and Compliance Manager to join the company to help move it to its next stage of evolution.As a pivotal role in the company, the GRC manager will liaise with key stakeholders within Operations, Security and our executive team to help guide and attain the accreditations and compliances.The ideal candidate will have a successful track record of managing and implementing global control and compliance programs, overseeing the management, training and development of controls and compliance.The following are responsibilities of the Governance Risk and Compliance Manager role:

• Assisting the development and maintenance of an audit plan, communicating this with key stakeholders and within the wider business;
• Working with our Security team to schedule and coordinate internal and external audits, communicated well in advance within the business, with requirements clearly defined;
• Liaise with external auditors to agree audit plans and ensure maintenance of the certification of standards held;
• Liaise with IT, Operations and Security to ensure vulnerability scans and penetration tests are conducted within agreed timelines
• Review vulnerability, penetration test and incident management reports
• Documenting security breaches, post-incident and lessons learned activities for continual improvement.
• Liaise with IT, Operations and Security to ensure required controls are being maintained effectively to meet regulatory and standard requirements;
• Managing risks of the business and ensuring all business risks are controlled to reduce potential loss to business.
• Work with cross-functional stakeholders to understand the risks, establish and document governance and compliance processes across our organization.
• Updating and owning information security continuity of the business and schedule test plans accordingly.
• Working with our Client team to respond to customers assessment requests and to build out a database of answers within the GRC and DevSecOps space to improve response times to audit requests
• Being proactive in liaising with internal and external stakeholders on matters which relate to new or existing work and ensure changes in policies/ procedures are aligned to company Information Security and Quality Management systems and standards;
• Analyse Information Security and Quality Management performance by liaising closely with all teams and customers, proactively addressing any issues, mitigating potential risks, identifying, and recommending changes;
• Identifying and communicating regular threat updates impacting the business and technology landscape;
• Provide subject matter expert / quality reviews on Company documents and projects (i.e. tenders) as required

Governance Risk and Compliance Manager Requirements:

• Sound knowledge and understanding of Information Security Standards and Quality, specifically SOC 2, CCPA, GDPR and ISO 27001
• Certified internal auditor, with experience of auditing various sectors;
• Professional information security qualifications will be required (e.g. ISO 27001 LA, CISA, CISM).
• Relevant technical understanding of legislation around GDPR, UK Data Protection Act and relevant legal and regulatory requirements of the industries and jurisdictions within which the company operates;
• Experience of providing guidance and advice to clients and stakeholders in order to promote a consistent approach;
• An eye for detail for improving customer satisfaction and improving client relations by direct interactions and taking corrective actions accordingly;