This range is provided by James Adams. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.
Base pay range
Direct message the job poster from James Adams
Overview
Head of Cyber GRC
I've partnered with a FTSE 100 organisation in their search for a Head of Cyber (GRC). This is a brand new role, and it plays a big part of their continued focus on security, compliance, and risk maturity.
This is a senior role reporting directly to the CIO, with accountability for regulatory compliance, audit readiness, and embedding a strong security and risk culture across the organisation.
The role
You’ll take ownership of IT security compliance and GRC strategy, ensuring alignment with business objectives and global regulatory requirements.
Key responsibilities include:
- Defining and leading the enterprise IT GRC strategy, aligned to ISO 27001 and wider regulatory frameworks
- Overseeing IT risk management across systems, operations, and third parties
- Ensuring compliance with GDPR, SOX, NIS2, ISO 27001 and managing internal/external audits
- Developing and maintaining security policies, procedures, tools, and processes
- Driving risk assessments across internal environments and the supply chain
- Promoting a strong culture of GRC awareness through training and stakeholder engagement
- Providing clear reporting to senior leadership and the board
- Leading and developing a team of direct reports
- Supporting critical incident and response activities when required
What we're looking for
- Significant experience in IT security, governance, risk and compliance, including senior leadership exposure
- Strong understanding of global regulatory requirements and industry standards (GDPR, ISO 27001, NIST, etc.)
- Experience operating in large, complex or highly regulated environments
- Excellent stakeholder management and communication skills
- Ability to balance strategic leadership with operational execution
West Midlands (3 days a week)