Senior Manager - GRC

identifi Global Resources
Peterborough, UK
18 Sep 2019
21 Sep 2019
Contract Type
Full Time
Senior Manager, Governance Risk & Compliance

Peterborough - £70k plus 10% Bonus


My client is an international food processing and retailing company with offices worldwide, a diversified group of companies which enjoy a high degree of autonomy.

Due to internal growth a new opportunity has arisen which will report directly into the Head of Security - Senior Manager, Governance Risk and Compliance.

As the successful candidate you will be responsible for the effective oversight of all Privacy and Information Security governance, risk and compliance matters as it relates to the provision of IT services to the group of companies.

This senior management role is a key part of ensuring that the security and privacy provisions deployed across the group are fit for purpose, based upon the risk that they present to the operation. This includes the ongoing monitoring in the effectiveness of the various people, process and technology controls that have been implemented in support of the Group policy and the relevant law /regulations which apply, whilst also ensuring high levels of quality and customer service to the

The Senior Manager, Governance Risk & Compliance will represent the Group at the Global Security Forum.

This role also carries a small number of direct reports to support the following Privacy and Information Security specific responsibilities.


  • To manage the oversight of all privacy related matters as it pertains to the continued operation of the as a data controller and data processor - including liaison, reporting and co-operation with Legal as necessary.
  • Provide guidance and advice to senior and operational level managers in relation to compliance with GDPR, including the management of an effective Business As Usual framework.
  • Integrated Management System
  • In conjunction with the wider security team (e.g. Security Architecture, Security Operations) ensure that a policy and standards framework is developed and maintained which meets the operational needs of the group, whilst also responding directly to Group level policy in terms of both information security and privacy objectives.
  • Working with the senior and operational level management team, support the ongoing adoption and embedding of the Integrated Management System to ensure that it is fit for purpose and accurately reflects the working environment/controls.
  • As part of the day to day operational and technical needs of the group and the Business Units which it supports, oversee the review and approval of all policy-based exception requests that are submitted.

Training & Awareness
  • To provide overarching management of the training and awareness programme, specifically in relation to information security and privacy related requirements.
  • Continue to develop and support the annual schedule of training and awareness activities covering all the mediums identified, including CBT, poster/email campaigns, online games, lunch and learns etc.
  • Ensure that the ongoing provision of a Learning Management System to support wider needs in terms of Computer Based Training (CBT) is managed and maintained.

Risk Management
  • Maintain and oversee the Risk Management Framework, ensuring that the key phases of planning, assessment, communication and ongoing governance continue to be embedded within the operational and delivery fabric of the SSC.
  • Ensure that appropriate metrics and management level reporting is maintained to support the ongoing review and governance of risk as it relates to the day to day operations and delivery activities.
  • Ensure that all policy exceptions are reviewed independently from a technical/management perspective and any associated residual risks are managed in accordance with the agreed schedule for governance.
  • Accordingly, make sure that any priority risks are escalated to the senior management team for attention and for action as necessary.

Supplier Assurance
  • Maintain and oversee the Supplier Assurance framework to ensure that all third-party supplier risks are identified and are being managed in accordance with the agreed processes and appropriate risk appetite.
  • As part of these responsibilities, ensure that the Approved Supplier List is being maintained within the group with regards to privacy and information security related considerations.
  • Working in conjunction with the senior and operational management team, ensure that appropriate terms and conditions of contract are in place and that provisions are being maintained by the supplier throughout the contract lifecycle.

Audit & Compliance
  • Working across internal senior management, operational and delivery teams, manage and maintain good working relationships with both internal and external audit parties in relation to all Information Security and Privacy matters.
  • Centrally manage audit activities on behalf of the group, co-ordinating all preparation, facilitation and response work in conjunction with the various operational and delivery team leads.
  • In addition, manage an ongoing internal programme of health-check activities to ensure that the key processes and other responsibilities are being managed routinely as expected.

Operational Assurance
  • Oversee the performance of regular operational assurance activities, including the review of access control for all Business Units within the Group domain, staff and any third-party suppliers, providing reports and handling escalations to management as required.
  • Lead regular security committee meetings for senior management to ensure that there is an appropriate forum for privacy and information security matters to be discussed in support of due governance.
  • Oversee the day to day fielding of queries across the GRC function in relation to privacy and information security matters. Work to ensure that where cross-departmental effort is required (e.g. Security Architecture, Security Operations etc.) this is co-ordinated in a timely manner.
  • As required, oversee the performance of security investigations in relation to non-technical issues.

Delivery Assurance
  • In conjunction with the PMO function, ensure that appropriate GRC resource is in place to oversee the governance review of projects, programmes and other small works activities to ensure that information security and privacy objectives are being met throughout the delivery lifecycle as necessary.

Position Requirements

The Candidate

The following experience, skills and personal characteristics will be key to success in the role:
  • General understanding of the security of IT systems, networks and applications with consideration for the risks and controls that are commonly associated with people, process and technology in a large global organisation.
  • Extensive experience of risk management principles as they relate to information security, applied within a large global organisation.
  • Good understanding of the role that GRC plays in the effective delivery of Supplier Assurance activities throughout the delivery and operational lifecycle, applied within a large global organisation.
  • Experience of overseeing routine compliance activities in support of legislative, contractual or industry standard objectives, including GDPR, ISO 27001, NIST CSF etc.
  • Experience of project delivery processes/methodologies and the role that GRC plays in ensuring that information security is built in to design and delivery activities.
  • Ability to establish effective working relationships across the local and wider IT/Business community with demonstrable examples of driving risk and security initiatives.
  • Strong understanding of the business impact of security tools, technologies and policies.
  • Previous experience of working with legal, audit and compliance teams.
  • Strong team building, leadership, motivation and communication skills.
  • Ability to prioritise and execute tasks in a fast-moving, service-oriented environment and make sound decisions, occasionally under pressure and/or emergency situations.

Formal Education & Certification
  • A minimum of seven years of IT experience, with at least five years in an Information Security role
  • An industry recognised accreditation/certification in information security or risk management (e.g. CISSP, CISM, CISA etc.).
  • Desirable - industry recognised qualification in European privacy matters (e.g. CIPP/E)
  • Desirable - College diploma or university degree in the field of computer science.

Personal Attributes
  • Ability to make sound and logical judgments.
  • Demonstrable leadership and personnel/project management skills.
  • Strong interpersonal, written, and oral communication skills.
  • Ability to prioritise and execute tasks in a high-pressure environment and make sound decisions in emergency situations.
  • Ability to present ideas in a user-friendly language.
  • Highly self-motivated and directed.
  • Proven analytical and problem-solving abilities.
  • Strong customer service orientation.

For further information please contact Sarah-Jane on 01908 886037 or

Similar jobs

Similar jobs