×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

Lead GRC Manager

Job in Greater London, London, Greater London, W1B, England, UK
Listing for: Lebara Media Services Private Ltd
Full Time position
Listed on 2026-02-01
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Job Description & How to Apply Below
Location: Greater London

The Lead Governance, Risk & Compliance (GRC) Manager is responsible for establishing, operating, and continuously improving the organisation’s enterprise-wide compliance, risk, and security governance frameworks. This senior leadership role requires deep expertise across regulatory, industry, and cybersecurity standards—specifically the UK Telecom Security Act, PCI DSS, ISO/IEC 27001, and NIS 2. You will act as the organisation’s authoritative subject‑matter expert, ensuring end‑to‑end compliance, overseeing risk posture, and enabling secure and resilient operations through structured governance and proactive risk management.

Responsibilities
  • Governance & Compliance Leadership
    • Lead the design and operation of the organisation’s GRC strategy, ensuring alignment with business objectives and regulatory obligations.
    • Serve as the principal authority on:
      • Telecoms Security Act (TSA) & Code of Practice
      • Payment Card Industry Data Security Standard (PCI DSS)
      • ISO/IEC 27001 Information Security Management System (ISMS)
      • NIS 2 Directive requirements & associated national legislation
    • Maintain and continuously improve compliance roadmaps, policies, and controls across the enterprise.
    • Oversee the governance framework, ensuring effective risk ownership, reporting, and leadership engagement.
  • Risk Management
    • Lead the enterprise risk management (ERM) programme, ensuring risks are identified, assessed, prioritised, and treated effectively.
    • Own the corporate risk register and report regularly to senior leadership, audit committees, and regulatory stakeholders.
    • Design and implement risk assessment methodologies to support security, operational, and regulatory decision making.
  • Security Assurance & Control Oversight
    • Drive internal and external audit cycles (TSA compliance, PCI assessments, ISO 27001 audits, NIS 2 evaluations).
    • Oversee testing of security controls, including assurance reviews, control maturity assessments, and continuous compliance monitoring.
    • Ensure remediation actions are managed through to completion and embedded into business processes.
  • Regulatory Engagement & Reporting
    • Support business units during their contact with regulatory bodies and national CSIRTs/competent authorities for NIS 2.
    • Prepare and deliver accurate regulatory submissions, compliance evidence, incident notifications, and executive reporting.
  • Policy, Standards & Framework Development
    • Develop, own, and maintain enterprise information security policies and standards.
    • Ensure policies reflect current legal, regulatory, and industry practices, and are adopted consistently across the organisation.
    • Foster a strong risk‑aware culture through training, awareness, and stakeholder engagement.
  • Cross‑Functional Leadership
    • Lead a high‑performing GRC team and influence stakeholders across engineering, operations, legal, procurement, and product functions.
    • Provide expert guidance on secure‑by‑design initiatives, and supplier risk management.
    • Support major programmes and transformation initiatives ensuring compliance and risk considerations are integrated from inception.
Skills
  • Extensive experience working with:
    • UK Telecom Security Act & Code of Practice (TSA/SRF)
    • PCI DSS v4.0 including SAQ/ROC, segmentation, and control validation
    • ISO/IEC 27001:2022 and associated 27000‑series standards
    • NIS 2 Directive, cybersecurity measures, governance requirements, and incident reporting obligations
    • NCSC Cyber Assessment Framework
  • Strong understanding of risk management frameworks (NIST, ISO 27005, ISO 31000, COSO).
  • Experience managing audits, external assessors, and regulatory reviews.
  • Solid knowledge of threat landscapes and operational security best practices.
  • Solid grounding in information security principles, controls, and assurance practices.
  • Experience overseeing technical and non‑technical security controls.
  • Ability to shape long‑term GRC strategy aligned to business objectives.
  • Strong understanding of network security, telecoms architecture and cloud platforms.
  • Experience with security tooling and GRC platforms such as Onetrust.
  • Proven ability to lead, coach, and develop a high‑performing GRC team.
  • Skilled at influencing cross‑functional stakeholders without direct authority.
#J-18808-Ljbffr
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search