Head of Risk & Compliance
Would you like to be a part of a company completely revolutionizing the way the technological industry works and is transforming the way people write through their own innovative platform?
Our clients platform has already won awards and become successful very fast. After series funding, they have now expanded globally.
Our customers’ complex security needs make Governance, Risk, and Compliance (GRC) essential to our ongoing success.
Certifications:
-
ISO27001, ISO27017, ISO 27018, Cyber Essentials Plus, SOC 2 Type 1
-
Adherence to NCSC CAF and NIST CSF practices
-
GDPR and CCPA compliant data protection
Role Overview: We are looking for a seasoned GRC professional to enhance and sustain our clients compliance framework. If you have a background in audit and operational compliance, we would love to connect with you and have a further chat about this opportunity.
Key Responsibilities:
-
Develop and sustain the GRC framework.
-
Ensure adherence to current standards (ISO 27001, ISO 27017, ISO 27018, Cyber Essentials Plus, SOC 2, GDPR, CCPA, CSA STAR) and implement new ones (ISO 42001, ISO 9001, NIST (Apply online only)).
-
Establish and enforce compliance policies and procedures.
-
Identify, assess, and mitigate risks.
-
Perform regular audits and assessments.
-
Work with cross-functional teams to embed GRC practices.
-
Keep abreast of industry best practices and regulatory changes.
-
Train and guide employees on GRC matters.
-
Communicate GRC status to stakeholders.
-
Manage relationships with auditors and regulatory bodies.
Requirements:
-
Minimum 5 years of relevant experience
-
Strong knowledge of regulations and standards (ISO 27001, SOC 2, etc.)
-
Proven track record in accreditation audits and GRC framework development
-
Excellent risk management, analytical, and problem-solving skills
-
Ability to influence cross-functional teams
-
Exceptional communication and presentation skills
-
Experience with auditors and regulatory bodies
Bonus Points For:
-
Experience in the software/SaaS industry
-
Familiarity with compliance automation tools (Vanta, Drata)
-
Relevant professional qualifications (CRISC, CISA, CISM)
Benefits: