Summary: The Sr. GRC Manager role focuses on leading cybersecurity governance, risk, and compliance initiatives within the organization. The position requires extensive experience in cybersecurity frameworks and risk management, particularly in the QSR/E-Commerce domain. The manager will collaborate with various teams to enhance security awareness and ensure compliance with regulations. Strong leadership and communication skills are essential for success in this role.
Key Responsibilities:
- Lead enterprise cybersecurity risk management, governance, and control programs.
- Define cybersecurity policies, standards, risk acceptance, and exception management processes.
- Manage third-party risk assessments, audit engagements, and compliance activities.
- Develop executive and board-level risk reporting.
- Partner with Security, IT, Legal, Compliance, and Procurement teams.
- Drive continuous improvement through risk assessments, control validation, incident reviews, and governance initiatives.
- Manage GRC budgets, resources, and team development.
Key Skills:
- 6-10 years of Cybersecurity Governance, Risk & Compliance (GRC) experience.
- QSR/E-Commerce domain experience is required.
- Strong knowledge of cybersecurity frameworks, risk management, and control governance.
- Experience with SOX IT application controls, third-party risk, audits, and compliance.
- Experience establishing security awareness and training programs.
- Excellent leadership, stakeholder management, communication, and decision-making skills.
Salary (Rate): £45
City: undetermined
Country: undetermined
Working Arrangements: remote
IR35 Status: undetermined
Seniority Level: undetermined
Industry: IT
Required Skills
- 6 10 years of Cybersecurity Governance, Risk & Compliance (GRC) experience.
- QSR/E-Commerce domain experience is required.
- Strong knowledge of cybersecurity frameworks, risk management, and control governance.
- Experience with SOX IT application controls, third-party risk, audits, and compliance.
- Experience establishing security awareness and training programs.
- Excellent leadership, stakeholder management, communication, and decision-making skills.
- Lead enterprise cybersecurity risk management, governance, and control programs.
- Define cybersecurity policies, standards, risk acceptance, and exception management processes.
- Manage third-party risk assessments, audit engagements, and compliance activities.
- Develop executive and board-level risk reporting.
- Partner with Security, IT, Legal, Compliance, and Procurement teams.
- Drive continuous improvement through risk assessments, control validation, incident reviews, and governance initiatives.
- Manage GRC budgets, resources, and team development.