GRC - Cyber Assurance and Risk Lead

Social network you want to login/join with:GRC - Cyber Assurance and Risk Lead, London

col-narrow-leftClient:

NTT DATALocation:

London, United KingdomJob Category:

Other-EU work permit required:

Yescol-narrow-rightJob Reference:

ce9f3718c6c4Job Views:

45Posted:

12.08.2025Expiry Date:

26.09.2025col-wideJob Description:

Job DescriptionThe team you''ll be working with:As a strategic and leadership role you will be instrumental in shaping and driving security and risk programs to align with internal business objectives as well as industry good practice (including Secure by Design aligned to UK Government principles) and regulatory requirements (including GovAssure and NCSC Cyber Assurance Framework).What you''ll be doing:Develop and execute GRC strategies that align with business objectives and inform appropriate supporting business processesDrive pragmatic and creative solutions to GRC challenges, applying agile methodologies to adapt to new regulations, compliance requirements and business changeAdvise on and foster continuous improvement and effectiveness of GRC processes, driving improved management information to better allow appropriate prioritisation and risk based decisionsLead initiatives that build a culture of accountability and responsibility across engagementsEnhance governance processes and advise on how best to evidence alignment with regulatory requirements (such as NCSC CAF) and industry good practice (including Secure by Design)Providing security expertise across security standards and accreditations, measure and control the effectiveness of the security controls framework and maintain the Information Security Management System.Deriving and delivering documented Information Security Management Plans which incorporate Regulatory, Legal and Compliance in relation to applicable security policies. Standards and guidelinesAssiting with the identification of identified risks and emerging cyber security vulnerabilities and threats. The subsequent analysis to quantify and lead risk mitigation plansWork with Service Management to ensure that partners and suppliers adhere to agreed standards, policies and verify/evidence appropriate compliance and security KPIsWork closely with 1st, 2nd and 3rd lines of defence on all matters relating to cyber security, information assurance, cyber risk, data privacy including regulatory and compliance considerationsLead the development and enhancement of governance, risk and compliance aligned to policy, standards an industry good practiceEnsure that continuous assessment, identification, analysis and reporting of useful metrics to enable informed risk based decisions to be takenDevelops and maintains Information Security Management practice and process to ensure certification to required industry standards (e.g., ISO 27001) within relevant geographic boundaries.Performs focused information risk assessments of existing or new services and technologies, alongside the Operational/Service Management team and technology subject matter experts.As required, will extend the assessment of existing and proposed services to third party suppliers, including the facilitation of IT Security checks during the supplier onboarding and contract lifecycle to ensure coherent approach to risk managementMaintains strong working relationships with individuals and groups involved in managing information risk across the in-scope services and aligned suppliers / 3rd partiesChairs and co-ordinates Security Working Groups (SWG) and actively participates in supporting/governing forumsWhat experience you''ll bring:Requires extensive knowledge of GRC frameworks, regulatory compliance obligations and a proactive approach to risk managementMinimum of 10 years’ experience in a Governance, Risk and Compliance role, with at least 5 years in a leadership or managerial positionRelevant certifications such as CISSP, CISM, CCSP, CISA, CRISC or equivalent experienceExpertise and practical knowledge and understanding of industry security frameworks and guidance such as NIST 800-53, NCSC CAF GovAssure, NIST CSF, DORA and NCSC guidelinesGood knowledge and understanding of Cyber Security domains, including; network and cloud security, security operations, vulnerability management, Third Party supplier Risk Management, application security, physical security.Good knowledge of networking (switching, routing, firewalls)A good understanding of security testing and vulnerability management is important (including pen testing/ITHC, CVSS/CVE)Experience working with security standards such as ISO 27001, 27002, 27017, 27108 etcDESIRABLE SKILLS AND EXPERIENCEThrive as a consultant seeking the variety and challenge of engaging with different clients and variety of technologies and solution typesProposes security requirements for new systems or changes to existing systems without close supervisionExecute technical management tasks in respect to ongoing client projects.Hands on technical background with technologies and systems.SECURITY CLEARANCEPlease note that candidates must hold or be able to gain UK SC level Security Clearance or higher.Who we are:We’re a business with a global reach that empowers local teams, and we undertake hugely exciting work that is genuinely changing the world. Our advanced portfolio of consulting, applications, business process, cloud, and infrastructure services will allow you to achieve great things by working with brilliant colleagues, and clients, on exciting projects.Our inclusive work environment prioritises mutual respect, accountability, andcontinuous learning for all our people. This approach fosters collaboration, well-being,growth, and agility, leading to a more diverse, innovative, and competitiveorganisation. We are also proud to share that we have a range of Inclusion Networks such as: the Women’s Business Network,Cultural and Ethnicity Network, LGBTQ+ and Allies Network, Neurodiversity Network and the Parent Network.For more information on Diversity, Equity and Inclusion please click here:Creating Inclusion Together at NTT DATA UK | NTT DATAwhat we''ll offer you:We offer a range of tailored benefits that support your physical, emotional, and financial wellbeing. Our Learning and Development team ensure that there are continuous growth and development opportunities for our people. We also offer the opportunity to have flexible work options.We are an equal opportunities employer. We believe in the fair treatment of all our employees and commit to promoting equity and diversity in our employment practices. We are also a Disability Confident Committed Employer - we want to see every candidate performing at their best throughout the job application and interview process, if you require any reasonable adjustments during the recruitment process, please let us know and we look forward to hearing from you.Back to search Email to a friend Apply nowApply

Job DescriptionThe team you''ll be working with:As a strategic and leadership role you will be instrumental in shaping and driving security and risk programs to align with internal business objectives as well as industry good practice (including Secure by Design aligned to UK Government principles) and regulatory requirements (including GovAssure and NCSC Cyber Assurance Framework).What you''ll be doing:Develop and execute GRC strategies that align with business objectives and inform appropriate supporting business processesDrive pragmatic and creative solutions to GRC challenges, applying agile methodologies to adapt to new regulations, compliance requirements and business changeAdvise on and foster continuous improvement and effectiveness of GRC processes, driving improved management information to better allow appropriate prioritisation and risk based decisionsLead initiatives that build a culture of accountability and responsibility across engagementsEnhance governance processes and advise on how best to evidence alignment with regulatory requirements (such as NCSC CAF) and industry good practice (including Secure by Design)Providing security expertise across security standards and accreditations, measure and control the effectiveness of the security controls framework and maintain the Information Security Management System.Deriving and delivering documented Information Security Management Plans which incorporate Regulatory, Legal and Compliance in relation to applicable security policies. Standards and guidelinesAssiting with the identification of identified risks and emerging cyber security vulnerabilities and threats. The subsequent analysis to quantify and lead risk mitigation plansWork with Service Management to ensure that partners and suppliers adhere to agreed standards, policies and verify/evidence appropriate compliance and security KPIsWork closely with 1st, 2nd and 3rd lines of defence on all matters relating to cyber security, information assurance, cyber risk, data privacy including regulatory and compliance considerationsLead the development and enhancement of governance, risk and compliance aligned to policy, standards an industry good practiceEnsure that continuous assessment, identification, analysis and reporting of useful metrics to enable informed risk based decisions to be takenDevelops and maintains Information Security Management practice and process to ensure certification to required industry standards (e.g., ISO 27001) within relevant geographic boundaries.Performs focused information risk assessments of existing or new services and technologies, alongside the Operational/Service Management team and technology subject matter experts.As required, will extend the assessment of existing and proposed services to third party suppliers, including the facilitation of IT Security checks during the supplier onboarding and contract lifecycle to ensure coherent approach to risk managementMaintains strong working relationships with individuals and groups involved in managing information risk across the in-scope services and aligned suppliers / 3rd partiesChairs and co-ordinates Security Working Groups (SWG) and actively participates in supporting/governing forumsWhat experience you''ll bring:Requires extensive knowledge of GRC frameworks, regulatory compliance obligations and a proactive approach to risk managementMinimum of 10 years’ experience in a Governance, Risk and Compliance role, with at least 5 years in a leadership or managerial positionRelevant certifications such as CISSP, CISM, CCSP, CISA, CRISC or equivalent experienceExpertise and practical knowledge and understanding of industry security frameworks and guidance such as NIST 800-53, NCSC CAF GovAssure, NIST CSF, DORA and NCSC guidelinesGood knowledge and understanding of Cyber Security domains, including; network and cloud security, security operations, vulnerability management, Third Party supplier Risk Management, application security, physical security.Good knowledge of networking (switching, routing, firewalls)A good understanding of security testing and vulnerability management is important (including pen testing/ITHC, CVSS/CVE)Experience working with security standards such as ISO 27001, 27002, 27017, 27108 etcDESIRABLE SKILLS AND EXPERIENCEThrive as a consultant seeking the variety and challenge of engaging with different clients and variety of technologies and solution typesProposes security requirements for new systems or changes to existing systems without close supervisionExecute technical management tasks in respect to ongoing client projects.Hands on technical background with technologies and systems.SECURITY CLEARANCEPlease note that candidates must hold or be able to gain UK SC level Security Clearance or higher.Who we are:We’re a business with a global reach that empowers local teams, and we undertake hugely exciting work that is genuinely changing the world. Our advanced portfolio of consulting, applications, business process, cloud, and infrastructure services will allow you to achieve great things by working with brilliant colleagues, and clients, on exciting projects.Our inclusive work environment prioritises mutual respect, accountability, andcontinuous learning for all our people. This approach fosters collaboration, well-being,growth, and agility, leading to a more diverse, innovative, and competitiveorganisation. We are also proud to share that we have a range of Inclusion Networks such as: the Women’s Business Network,Cultural and Ethnicity Network, LGBTQ+ and Allies Network, Neurodiversity Network and the Parent Network.For more information on Diversity, Equity and Inclusion please click here:Creating Inclusion Together at NTT DATA UK | NTT DATAwhat we''ll offer you:We offer a range of tailored benefits that support your physical, emotional, and financial wellbeing. Our Learning and Development team ensure that there are continuous growth and development opportunities for our people. We also offer the opportunity to have flexible work options.We are an equal opportunities employer. We believe in the fair treatment of all our employees and commit to promoting equity and diversity in our employment practices. We are also a Disability Confident Committed Employer - we want to see every candidate performing at their best throughout the job application and interview process, if you require any reasonable adjustments during the recruitment process, please let us know and we look forward to hearing from you.Back to search Email to a friend Apply nowApply

Listen to the story of Employee VoiceAlejandro HernandezAgile Coach/Digital Strategy Consultant for the Banking Sector ChileRead moreGiuseppe CucinielloInternational Business Development and commercial planning ItalyRead moreIanca Caroline Nascimento LinharesAgility Trainee BrazilRead moreApply Back to search ..... full job details .....