Quick Summary
Overview
The Lead Governance, Risk & Compliance (GRC) Manager is responsible for establishing, operating, and continuously improving the organisation’s enterprise-wide compliance, risk, and security governance frameworks.
Technical Tools
cybersecuritysecurity-best-practices
The Lead Governance, Risk & Compliance (GRC) Manager is responsible for establishing, operating, and continuously improving the organisation’s enterprise-wide compliance, risk, and security governance frameworks. This senior leadership role requires deep expertise across regulatory, industry, and cybersecurity standards— specifically the UK Telecom Security Act, PCI DSS, ISO/IEC 27001, and NIS 2. You will act as the organisation’s authoritative subject-matter expert, ensuring end to end
compliance, overseeing risk posture, and enabling secure and resilient operations through structured governance and proactive risk management.
Responsibilities:
Governance & Compliance Leadership
· Lead the design and operation of the organisation’s GRC strategy, ensuring alignment with business objectives and regulatory obligations.
· Serve as the principal authority on:
o Telecoms Security Act (TSA) & Code of Practice
o Payment Card Industry Data Security Standard (PCI DSS)
o ISO/IEC 27001 Information Security Management System (ISMS)
o NIS 2 Directive requirements & associated national legislation
· Maintain and continuously improve compliance roadmaps, policies, and controls across the enterprise.
· Oversee the governance framework, ensuring effective risk ownership,reporting, and leadership engagement.
Risk Management
· Lead the enterprise risk management (ERM) programme, ensuring risks are identified, assessed, prioritised, and treated effectively.
· Own the corporate risk register and report regularly to senior leadership, audit committees, and regulatory stakeholders.
· Design and implement risk assessment methodologies to support security, operational, and regulatory decision making.
Security Assurance & Control Oversight
· Drive internal and external audit cycles (TSA compliance, PCI assessments, ISO 27001 audits, NIS 2 evaluations).
· Oversee testing of security controls, including assurance reviews, control maturity assessments, and continuous compliance monitoring.
· Ensure remediation actions are managed through to completion and embedded into business processes.
compliance, overseeing risk posture, and enabling secure and resilient operations through structured governance and proactive risk management.
Responsibilities:
Governance & Compliance Leadership
· Lead the design and operation of the organisation’s GRC strategy, ensuring alignment with business objectives and regulatory obligations.
· Serve as the principal authority on:
o Telecoms Security Act (TSA) & Code of Practice
o Payment Card Industry Data Security Standard (PCI DSS)
o ISO/IEC 27001 Information Security Management System (ISMS)
o NIS 2 Directive requirements & associated national legislation
· Maintain and continuously improve compliance roadmaps, policies, and controls across the enterprise.
· Oversee the governance framework, ensuring effective risk ownership,reporting, and leadership engagement.
Risk Management
· Lead the enterprise risk management (ERM) programme, ensuring risks are identified, assessed, prioritised, and treated effectively.
· Own the corporate risk register and report regularly to senior leadership, audit committees, and regulatory stakeholders.
· Design and implement risk assessment methodologies to support security, operational, and regulatory decision making.
Security Assurance & Control Oversight
· Drive internal and external audit cycles (TSA compliance, PCI assessments, ISO 27001 audits, NIS 2 evaluations).
· Oversee testing of security controls, including assurance reviews, control maturity assessments, and continuous compliance monitoring.
· Ensure remediation actions are managed through to completion and embedded into business processes.
Regulatory Engagement & Reporting
· Support business units during their contact with regulatory bodies and national CSIRTs/competent authorities for NIS 2
· Prepare and deliver accurate regulatory submissions, compliance evidence, incident notifications, and executive reporting
· Support business units during their contact with regulatory bodies and national CSIRTs/competent authorities for NIS 2
· Prepare and deliver accurate regulatory submissions, compliance evidence, incident notifications, and executive reporting
Policy, Standards & Framework Development
· Develop, own, and maintain enterprise information security policies and standards
· Ensure policies reflect current legal, regulatory, and industry practices, and are adopted consistently across the organisation · Foster a strong risk-aware culture through training, awareness, and stakeholder engagement
Cross-Functional Leadership
· Lead a high-performing GRC team and influence stakeholders across engineering, operations, legal, procurement, and product functions
· Provide expert guidance on secure-by-design initiatives, and supplier risk management.
· Support major programmes and transformation initiatives ensuring compliance and risk considerations are integrated from inception
Skills:
· Extensive experience working with:
o UK Telecom Security Act & Code of Practice (TSA/SRF)
o PCI DSS v4.0 including SAQ/ROC, segmentation, and control validation
o ISO/IEC 27001:2022 and associated 27000-series standards
o NIS 2 Directive, cybersecurity measures, governance requirements, and incident reporting obligations
o NCSC Cyber Assessment Framework
· Strong understanding of risk management frameworks (NIST, ISO 27005, ISO 31000, COSO)
· Experience managing audits, external assessors, and regulatory reviews
· Solid knowledge of threat landscapes requirements and operational security best practices.
· Solid grounding in information security principles, controls, and assurance practices.
· Experience overseeing technical and non-technical security controls
· Ability to shape long-term GRC strategy aligned to business objectives
· Strong understanding of network security, telecoms architecture and cloud platforms
· Experience with security tooling and GRC platforms such as Onetrust
· Proven ability to lead, coach, and develop a high-performing GRC team.
· Skilled at influencing cross-functional stakeholders without direct authority
· Develop, own, and maintain enterprise information security policies and standards
· Ensure policies reflect current legal, regulatory, and industry practices, and are adopted consistently across the organisation · Foster a strong risk-aware culture through training, awareness, and stakeholder engagement
Cross-Functional Leadership
· Lead a high-performing GRC team and influence stakeholders across engineering, operations, legal, procurement, and product functions
· Provide expert guidance on secure-by-design initiatives, and supplier risk management.
· Support major programmes and transformation initiatives ensuring compliance and risk considerations are integrated from inception
Skills:
· Extensive experience working with:
o UK Telecom Security Act & Code of Practice (TSA/SRF)
o PCI DSS v4.0 including SAQ/ROC, segmentation, and control validation
o ISO/IEC 27001:2022 and associated 27000-series standards
o NIS 2 Directive, cybersecurity measures, governance requirements, and incident reporting obligations
o NCSC Cyber Assessment Framework
· Strong understanding of risk management frameworks (NIST, ISO 27005, ISO 31000, COSO)
· Experience managing audits, external assessors, and regulatory reviews
· Solid knowledge of threat landscapes requirements and operational security best practices.
· Solid grounding in information security principles, controls, and assurance practices.
· Experience overseeing technical and non-technical security controls
· Ability to shape long-term GRC strategy aligned to business objectives
· Strong understanding of network security, telecoms architecture and cloud platforms
· Experience with security tooling and GRC platforms such as Onetrust
· Proven ability to lead, coach, and develop a high-performing GRC team.
· Skilled at influencing cross-functional stakeholders without direct authority
Location & Eligibility
Where is the job
London, United Kingdom
On-site at the office
Who can apply
GB
Listing Details
- First seen
- May 6, 2026
- Last seen
- May 8, 2026
Posting Health
- Days active
- 0
- Repost count
- 0
- Trust Level
- 51%
- Scored at
- May 6, 2026
Signal breakdown
freshnesssource trustcontent trustemployer trust
External application · ~5 min on lebara's site
Please let lebara know you found this job on Jobera.
4 other jobs at lebara
View all →Explore open roles at lebara.
Similar Grc Manager jobs
View all →
Browse Similar Jobs
Manager6.6kAssistant Manager5.8kTeam Member5.4kEngineer4.1kDirector3.4kAssistant3.1kAssociate3kConsultant2.8kTechnician2.7kCoordinator2.2kSupervisor2.2kData Collector2.2kFitness & Wellness2.1kTeam Leader1.8kAnalyst1.8kRestaurant General Manager1.8kPart Time1.6kCrew Member1.6kBehavioral Health1.4kFull1.3k
Newsletter
Stay ahead of the market
Get the latest job openings, salary trends, and hiring insights delivered to your inbox every week.
A
B
C
D
No spam. Unsubscribe at any time.