CrawlJobs Logo

Information and Technology Governance & Risk Lead

United Kingdom, Milton Keynes · Job Posted February 20, 2026
Apply Position
Job Link Share

Job Description

Reporting to Head of I&T GRC, Governance and Risk Lead will be responsible for driving information and cyber security awareness, delivering security awareness training including phishing and facilitation of cyber scenario desktop simulations across central and manufacturing site teams. You will review, manage and where required prepare responses to internal and external customer enquiries in relation to information and cyber security arrangements. You will support IT, procurement, legal, data protection and digital security and business stakeholder in relation to supplier information and cyber security due diligence and requirements. As the successful candidate you will also lead risk-based party security assurance, management, and continuous improvement activities. In addition, facilitate and coordinate IT risk management risk register, tools, process, reporting and review. You will take responsibility for managing a subset of aspects of ISO 27001 related documentation and control activities. As the I&T Governance and Risk Lead you will have the responsibility of aspects of the I&T GRC scope, delegated and assigned by the Head of I&T GRC.

Job Responsibility

  • Drive information and cyber security awareness
  • Deliver security awareness training including phishing and facilitation of cyber scenario desktop simulations across central and manufacturing site teams
  • Review, manage and where required prepare responses to internal and external customer enquiries in relation to information and cyber security arrangements
  • Support IT, procurement, legal, data protection and digital security and business stakeholder in relation to supplier information and cyber security due diligence and requirements
  • Lead risk-based party security assurance, management, and continuous improvement activities
  • Facilitate and coordinate IT risk management risk register, tools, process, reporting and review
  • Manage a subset of aspects of ISO 27001 related documentation and control activities
  • Manage and continuously improve I&T and Security risks processes in accordance with company risk appetite and tolerance
  • Engage risk review and assurance activities across existing suppliers
  • Provide IT and business advice on aspects of security standards and regulations
  • Engage with I&T system owners to provide training in relation to information security, cyber resilience, phishing, and facilitation of cyber scenario desktop simulations

Requirements

  • Working knowledge of technology and security standards, controls and consequences across both IT and manufacturing environments in manufacturing or similar industries
  • Experience working with information security standards and frameworks such as and regulations such as ISO27001, NIST CSF, PCI DSS, NISD and NIS2
  • Proven analytical, problem-solving, planning, project delivery and supplier work packages management skills
  • Demonstrable experience of engaging across all levels of a company in relation to information and cyber security risks
  • Working towards or achieved professional certifications (ISO27001 lead, ISC2, CISM or CRISC) advantageous

What we offer

  • Competitive salary
  • Company bonus
  • Pension scheme
  • Life assurance
  • Income protection
  • 25 days holiday plus bank holidays
  • Electric Car / Bike to Work schemes

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Information and Technology Governance & Risk Lead

8 matching positions

Information and Technology Governance & Risk Lead

Reporting to Head of I&T GRC, Governance and Risk Lead will be responsible for d...
Location
Location
United Kingdom , Milton Keynes
Salary
Salary:
Not provided
dssmith.com Logo
DS Smith
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Working knowledge of technology and security standards, controls and consequences across both IT and manufacturing environments in manufacturing or similar industries
  • Experience working with information security standards and frameworks such as and regulations such as ISO27001, NIST CSF, PCI DSS, NISD and NIS2
  • Proven analytical, problem-solving, planning, project delivery and supplier work packages management skills
  • Demonstrable experience of engaging across all levels of a company in relation to information and cyber security risks
  • Working towards or achieved professional certifications (ISO27001 lead, ISC2, CISM or CRISC) advantageous
Job Responsibility
Job Responsibility
  • Driving information and cyber security awareness
  • Delivering security awareness training including phishing and facilitation of cyber scenario desktop simulations across central and manufacturing site teams
  • Reviewing, managing and where required preparing responses to internal and external customer enquiries in relation to information and cyber security arrangements
  • Supporting IT, procurement, legal, data protection and digital security and business stakeholder in relation to supplier information and cyber security due diligence and requirements
  • Leading risk-based party security assurance, management, and continuous improvement activities
  • Facilitating and coordinating IT risk management risk register, tools, process, reporting and review
  • Managing a subset of aspects of ISO 27001 related documentation and control activities
  • Managing and continuously improving I&T and Security risks processes in accordance with company risk appetite and tolerance
  • Engaging risk review and assurance activities across existing suppliers
  • Providing IT and business advice on aspects of security standards and regulations
What we offer
What we offer
  • Competitive salary
  • Company bonus
  • Pension scheme
  • Life assurance
  • Income protection
  • 25 days holiday plus bank holidays
  • Electric Car / Bike to Work schemes
  • Fulltime
Read More
Arrow Right

Director of Technology - Governance, Risk, and Compliance

We are seeking a Director of Technology - Governance, Risk, and Compliance to de...
Location
Location
United States , San Jose
Salary
Salary:
219000.00 - 290000.00 USD / Year
archer.com Logo
Archer Aviation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8 plus years of experience in Technical Governance, Risk, and Compliance, Risk Management, Audit, or Information Security
  • Minimum of 3 years in a director or senior manager role leading a GRC function or compliance program
  • Expert-level understanding of NIST CSF, SP 800-171, and CMMC Level 2 frameworks
  • Hands-on experience managing NIST CSF, 800-171 compliance programs or leading CMMC Level 2 assessments and certification initiatives
  • Strong knowledge of SOX Section 404 requirements, particularly IT General Controls (ITGC)
  • Deep understanding of ITAR and EAR export control regulations
  • Proficiency in risk management methodologies
  • Experience designing and operating control frameworks (ISO 27001, NIST CSF, SOC 2 Type II)
  • Strong communication skills to present complex compliance and risk concepts
  • Demonstrated ability to lead and mentor teams, manage budgets, and drive cross-functional initiatives
Job Responsibility
Job Responsibility
  • Develop and execute a comprehensive Cyber-focused Governance, Risk, and Compliance (GRC) strategy
  • Lead the design and implementation of System Security Plans (SSPs) and Plans of Action and Milestones (POA&Ms)
  • Establish and manage an enterprise-wide risk management program
  • Design and enforce a control framework
  • Conduct or coordinate regular compliance assessments and internal audits
  • Manage relationships with external auditors, assessors, and regulators
  • Develop and maintain comprehensive compliance documentation
  • Lead the design of third-party and vendor risk management processes
  • Drive compliance training and awareness programs across the organization
  • Stay current with emerging regulatory changes
  • Fulltime
Read More
Arrow Right

Information Security Governance, Risk and Compliance Specialist

The Information Security Governance, Risk and Compliance (GRC) Specialist is a s...
Location
Location
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree or equivalent in Information Technology or Computer Science degree or related field
  • Security certifications such as CISA, CRISC, COBIT, IIA or equivalent preferred
  • Certifications such as Lead audit/Implementer - ISO 27001, SOC TSP desirable
  • Seasoned experience in information security or related roles
  • Seasoned exposure to risk assessment, compliance, security awareness, or policy development is beneficial
  • Seasoned familiarity with information security frameworks and standards
  • Seasoned understanding of risk assessment methodologies, compliance, and policy development
  • Strong communication and interpersonal skills for effective collaboration
  • Strong attention to detail and ability to follow established processes
  • Seasoned project management skills for coordinating security initiatives
Job Responsibility
Job Responsibility
  • Assists in conducting risk assessments and vulnerability assessments
  • Contributes to the development and maintenance of security policies and procedures
  • Collaborates with internal stakeholders to ensure compliance with industry standards and regulations
  • Participates in security awareness and training initiatives
  • Supports incident response activities and investigations as required
  • Monitors and reports on security compliance metrics
  • Assists in the implementation of security controls and best practices
  • Stays updated with emerging security threats and trends
  • Performs any other related task as required
  • Fulltime
Read More
Arrow Right

Senior Information Security Governance, Risk and Compliance Specialist

The Senior Information Security Governance, Risk and Compliance (GRC) Specialist...
Location
Location
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree or equivalent in Information Technology or Computer Science degree or related field
  • Security certifications such as CISA, CRISC, COBIT, IIA or equivalent preferred
  • Certifications such as Lead audit/Implementer - ISO 27001, SOC TSP preferred
  • Advanced experience in information security, including GRC-related roles
  • Advanced experience in leading risk assessments, compliance efforts, security awareness initiatives, and policy management
  • Advanced understanding of information security frameworks and standards
  • Advanced proficiency in conducting risk assessments, analyzing security controls, and policy management
  • Excellent communication and interpersonal skills for collaborating with various stakeholders
  • Strong project management skills for handling security initiatives
  • Advanced familiarity with legal and compliance aspects related to information security
Job Responsibility
Job Responsibility
  • Leads risk assessments and gap analyses to identify vulnerabilities and recommends risk mitigation strategies
  • Develops and maintains security policies, standards, and procedures
  • Collaborates with legal and compliance teams to ensure adherence to regulatory requirements
  • Provides guidance and support to junior GRC team members
  • Assists in the creation and delivery of security awareness and training programs
  • Participates in security incident response activities as needed
  • Contributes to the continuous improvement of the information security program
  • Assists in policy management and refinement
  • Performs any other related task as required
  • Fulltime
Read More
Arrow Right

Lead Analyst, Business Continuity & Disaster Recovery (Governance, Risk and Compliance)

Own and drive Burlington’s enterprise Business Continuity and Disaster Recovery ...
Location
Location
United States , Edgewater Park
Salary
Salary:
95000.00 - 150000.00 USD / Year
Burlington
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Computer Science, Information Technology, or related field
  • 7+ years of experience in Business Continuity and Disaster Recovery (BCDR)
  • Experience supporting or governing an enterprise-scale BCDR program
  • Strong experience with BIA, RTO/RPO definition, and application tiering
  • Experience leading disaster recovery testing (tabletop and failover)
  • Experience working across business, infrastructure, and application teams
  • Experience in hybrid (on-prem and cloud) environments
  • Experience with BCDR/GRC tools (e.g., SharePoint, Power Automate, ServiceNow, Archer)
  • Experience developing executive-level reporting and communicating risk and resilience topics to leadership
Job Responsibility
Job Responsibility
  • Lead enterprise-wide BIA to identify and prioritize critical business processes
  • Define recovery priorities and RTO/RPO targets based on operational and financial impact
  • Maintain enterprise application inventory and ensure alignment with BCDR scope
  • Define and enforce application tiering, including required RTO, RPO, and testing expectations
  • Assess and tier new applications as part of onboarding and change processes
  • Define and enforce BCDR standards, templates, and requirements for Business Continuity Plans (BCPs) and Disaster Recovery Plans (DRPs)
  • Guide business and IT teams in developing and maintaining their plans
  • Review plans for completeness, accuracy, and executability
  • Provide input on disaster recovery design (e.g., failover approaches, redundancy, dependencies) to ensure alignment with recovery requirements
  • Validate through testing that recovery capabilities meet defined RTO/RPO targets
What we offer
What we offer
  • Competitive wages
  • Flexible hours
  • Associate discount
  • Medical, dental and vision coverage including life and disability insurance
  • Paid time off
  • Paid holidays
  • 401(k) plan
  • Training and development opportunities
  • Fulltime
Read More
Arrow Right

Svp wealth business risk and controls governance escalation and reporting

Individuals in Risk Assessment & Controls design are responsible for developing,...
Location
Location
United Arab Emirates , Dubai
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Minimum of 8-10 years of experience in Risk, Controls, compliance, audit, or other control-related functions in the financial services industry
  • Demonstrated experience with Escalation and governance protocols, regulatory inventory management and internal control programs
  • Strong understanding of relevant financial services regulations (e.g., AML, KYC, consumer protection, data privacy, prudential regulations) is highly valued
  • Exceptional analytical skills with the ability to interpret complex regulatory texts, assess their practical implications, and identify root causes of risk
Job Responsibility
Job Responsibility
  • Lead the strategic development and continuous enhancement of governance deck content and format for various senior management forums specific to the wealth management business
  • Define the key messages, data points, and insights required to effectively communicate the state of the wealth control environment, emerging risks, and control performance
  • Coordinate and collaborate extensively with various stakeholders across the Wealth business, including first line of defense control officers, operational risk, compliance, legal, finance, and technology teams, to gather relevant data and updates
  • Design and prepare visually compelling and executive-ready presentations that effectively convey complex risk and control information in a clear, concise, and impactful manner
  • Ensure all presentations adhere to established governance guidelines, branding standards, and regulatory expectations
  • Draft executive summaries, talking points, and accompanying documentation for presentations
  • Present governance decks to senior management forums and committees, articulating key findings, risks, control performance, and recommendations with confidence and clarity
  • Lead discussions, respond to challenging questions from senior leaders, and provide insightful perspectives on the wealth control landscape
  • Act as a subject matter expert during presentations, demonstrating a deep understanding of the wealth business and its control environment
  • Implement and maintain comprehensive escalation protocols for identifying, logging, assessing, reporting, and resolving risk events, control deficiencies, operational incidents, and compliance breaches within the wealth management business
  • Fulltime
Read More
Arrow Right

Privacy, Data Transfers and Records Management Risk and Strategy Lead

The Privacy, Data Transfers and Records Management Risk and Strategy Lead is pri...
Location
Location
United Kingdom , Belfast
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of relevant experience in management consulting, strategy consulting or risk management, including experience overseeing functional operations
  • Strong understanding and experience with governance programs and risk appetite frameworks
  • Demonstrated ability to execute strategic initiatives and drive business value
  • In-depth knowledge of risk and control frameworks
  • Communicates effectively, develops and delivers multi-mode communications that convey a clear understanding of the unique needs of different audiences
  • able to drive consensus, and influence relationships at all levels
  • Collaborates effectively by building partnerships and working well with others to meet shared objectives
  • Ability to gain confidence and trust of others through honesty, integrity and authenticity
  • Strong negotiation, influencing and stakeholder management skills across a variety of stakeholders at different levels
  • Optimizes work processes by balancing effective / efficient processes with a focus on continuous improvement. Demonstrates ability to balance between understanding the “big picture” while paying close attention to detail
Job Responsibility
Job Responsibility
  • Responsible for overseeing and coordinating 1LoD risk appetite activities for the IMPaCT Function
  • Responsible for overseeing the IMPaCT functions business execution activities, including financial management, communications and compliance with Citi risk and controls frameworks
  • Deliver the IMPaCT Functions enterprise risk appetite metic strategy (including metric production activities where required) and coordinate with multiple teams across the IMPaCT function to ensure effective processes
  • Influences and negotiates with senior leaders (across multiple functions)
  • Collaborate with Technology, Operations, Information Security, Risk management, Compliance and other organizations across Citi to develop and implement effective solutions and process delivery, including technology investment request optimization for IMPaCT technology solutions
  • Preparation of clear, accurate and timely reports and escalations on risks, risk mitigation measures and compliance activities
What we offer
What we offer
  • 27 days annual leave (plus bank holidays)
  • A discretional annual performance related bonus
  • Private Medical Care & Life Insurance
  • Employee Assistance Program
  • Pension Plan
  • Paid Parental Leave
  • Special discounts for employees, family, and friends
  • Access to an array of learning and development resources
  • Fulltime
Read More
Arrow Right

Security Governance and Risk Manager

Randstad Digital, a specialized division for IT profiles of Randstad Italia, is ...
Location
Location
Italy , Rome
Salary
Salary:
50000.00 - 65000.00 EUR / Year
https://www.randstad.com Logo
Randstad
Expiration Date
August 18, 2026
Flip Icon
Requirements
Requirements
  • Master's degree, preferably in Information Security, IT, or related STEM fields
  • Professional fluency in English (C1 level), well-established in both written and spoken communication
  • Minimum 7 years of experience in information security, with a strong focus on governance, risk, and compliance (GRC)
  • Proven experience in translating security frameworks into actionable policies, procedures, and controls
  • Deep understanding of major international standards and regulations such as NIS2, ISO 27001, NIST CSF, and IEC 62443
  • Strong knowledge of cloud security and modern enterprise platforms, with preferred experience in Azure and Microsoft Defender
  • Solid background in Security-by-Design practices within complex project frameworks and procurement processes
  • Familiarity with risk management frameworks, maturity programs, and security monitoring tools like SIEM, SOC, and ServiceNow
  • Relevant professional certifications such as CISSP, CISM, ISO 27001 Lead Implementer or Auditor are highly preferred
Job Responsibility
Job Responsibility
  • Support all group affiliates in implementing and maintaining approved security standards across IT, operational technology, cloud, and digital environments
  • Translate group security frameworks into clear policies, controls, and procedures, acting as a trusted advisor to senior leadership and local teams
  • Establish the group-wide security risk assessment cycle
  • Monitor affiliate security maturity
  • Support internal and external audit readiness
  • Actively participate in incident response procedures
What we offer
What we offer
  • Flexible working arrangements with a strong focus on well-being, corporate welfare, and work-life balance
  • Performance-based variable bonus of €6,000
  • Corporate canteen on-site
  • €10 meal vouchers for remote days
  • Comprehensive corporate welfare package including supplementary health insurance and wellness services
  • Fulltime
Read More
Arrow Right