Back to jobs
Job Description
Role Overview As Governance, Risk Compliance (GRC) Manager, you will be leading all aspects of the development and implementation of comprehensive risk management and compliance strategies, working closely with senior leadership to align GRC initiatives with business objectives and lead a team of developing and experienced GRC professionals. Your leadership and expertise will be crucial in fostering a strong culture of compliance and risk-awareness across Sopra Steria. You will play a lead role in helping our clients understand their security challenges and then specify, plan and implement projects to improve their security posture. This is an opportunity to lead at the front line of cyber security delivering value to our client base.
Key Responsibilities Governance ISMS Ownership Work with BAU and project teams to ensure security artefacts (e.g., risk assessments, risk remediation plans, risk registers, RMADS, Security Operating Procedures et al) are authored and aligned to ISO 27005 or bespoke risk frameworks, as agreed with the customer. Provide security SME advice to internal account and external stakeholders. Support the maintenance, and continuous improvement the organisation’s ISMS in alignment with ISO 27001, ensuring compliance is sustained and evidenced. Own ISMS documentation, policies, and governance processes, ensuring version control, consistency, and stakeholder engagement. Develop and deliver information security awareness initiatives across all business areas, including senior leadership. Risk Management Lead security risk assessments, risk analysis, and risk treatment activities to support business decision making and regulatory compliance. Manage risk registers, ensure risks are monitored, escalated, and remediated according to defined governance processes. Support business units in understanding risk exposure, threat landscape changes, and security controls required to mitigate risks. Certification, Audit, and Compliance Support the account to demonstrate compliance where applicable to Security frameworks and principles (e.g., HMG SPF, NCSC, NIST, OWASP, ISF). Assist with the planning and execution of both internal and external audit programmes for ISO 27001 and other standards as required (e.g., ISO 14001, 45001). Ensure evidence collection, audit readiness, and corrective action plans are completed and verified. Manage and chair regulatory interactions (e.g., Security Working Groups and Risk Reviews), preparing reports, summaries, and compliance submissions. Brief senior management on compliance posture, emerging risks, and changes to standards or regulatory obligations. Supply Chain Security Management Ensure both internal and external compliance with Supply Chain Security requirements. Track and report progress on deliverables, milestones, metrics, and maturity improvements. Support supply chain partners with agreed audit cycles, risk priorities, and certification requirements. Resource Programme Management Plan and coordinate resources required for audits, compliance activities, training rollouts, and remediation workstreams. Track and report progress on deliverables, milestones, metrics, and maturity improvements. Support function heads in prioritising workload aligned with audit cycles, risk priorities, and certification requirements. Support the Security Clearance application and review process.
Key Responsibilities Governance ISMS Ownership Work with BAU and project teams to ensure security artefacts (e.g., risk assessments, risk remediation plans, risk registers, RMADS, Security Operating Procedures et al) are authored and aligned to ISO 27005 or bespoke risk frameworks, as agreed with the customer. Provide security SME advice to internal account and external stakeholders. Support the maintenance, and continuous improvement the organisation’s ISMS in alignment with ISO 27001, ensuring compliance is sustained and evidenced. Own ISMS documentation, policies, and governance processes, ensuring version control, consistency, and stakeholder engagement. Develop and deliver information security awareness initiatives across all business areas, including senior leadership. Risk Management Lead security risk assessments, risk analysis, and risk treatment activities to support business decision making and regulatory compliance. Manage risk registers, ensure risks are monitored, escalated, and remediated according to defined governance processes. Support business units in understanding risk exposure, threat landscape changes, and security controls required to mitigate risks. Certification, Audit, and Compliance Support the account to demonstrate compliance where applicable to Security frameworks and principles (e.g., HMG SPF, NCSC, NIST, OWASP, ISF). Assist with the planning and execution of both internal and external audit programmes for ISO 27001 and other standards as required (e.g., ISO 14001, 45001). Ensure evidence collection, audit readiness, and corrective action plans are completed and verified. Manage and chair regulatory interactions (e.g., Security Working Groups and Risk Reviews), preparing reports, summaries, and compliance submissions. Brief senior management on compliance posture, emerging risks, and changes to standards or regulatory obligations. Supply Chain Security Management Ensure both internal and external compliance with Supply Chain Security requirements. Track and report progress on deliverables, milestones, metrics, and maturity improvements. Support supply chain partners with agreed audit cycles, risk priorities, and certification requirements. Resource Programme Management Plan and coordinate resources required for audits, compliance activities, training rollouts, and remediation workstreams. Track and report progress on deliverables, milestones, metrics, and maturity improvements. Support function heads in prioritising workload aligned with audit cycles, risk priorities, and certification requirements. Support the Security Clearance application and review process.