Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead compliance with European regulations and manage third-party risk in cyber security.
- Company: Join a forward-thinking company focused on operational resilience and regulatory alignment.
- Benefits: Enjoy flexible working options, professional development opportunities, and a supportive team culture.
- Why this job: Make a real impact in cyber security while working with cutting-edge technology and frameworks.
- Qualifications: 5+ years in GRC roles; knowledge of GDPR, DORA, and third-party risk management required.
- Other info: Certifications like CRISC or CISSP are preferred but equivalent experience is also valued.
The predicted salary is between 54000 - 84000 £ per year.
As a GRC Lead, you will ensure alignment with European regulations (GDPR, DORA, PSD2 SCA, CSSF) and global standards (PCI DSS, SWIFT CSP). This role requires technical knowledge, strategic thinking, and expertise in managing third-party risk, outsourcing compliance, and identity governance to safeguard operational resilience.
What you will be doing:
- Regulatory & Technical Compliance: Support compliance with GDPR and complementary regulations like DORA (Digital Operational Resilience Act), ensuring alignment in areas such as incident reporting and data protection. Translate requirements from PSD2 SCA, PCI DSS, and SWIFT CSP into technical security controls. Maintain IT security governance frameworks (ISO 27001, NIST CSF, CIS Controls). Manage and maintain Security Policies and procedures.
- Third-Party Risk & Outsourcing Management: Design and implement third-party risk management programs to assess vendors, cloud providers, and outsourced services. Ensure compliance with DORA’s outsourcing requirements, including due diligence, contract oversight, and continuity planning.
- Audit & Assurance: Participate in internal/external audits (ISO 27001, SOC 2) and regulatory examinations, focusing on third-party and outsourcing compliance. Remediate gaps in processes or documentation.
- Risk Management: Maintain the enterprise risk register, prioritising risks tied to third-party dependencies, outsourcing, and ICT disruptions. Quantify risks using methodologies.
- Technical Compliance & Security: Advise on vulnerability management, endpoint security (EDR/XDR), and cloud compliance. Good understanding of IAM (Identity and Access Management) strategies, including role-based access control (RBAC) and privileged access management (PAM). Conduct periodic user access reviews to ensure compliance with least privilege principles and regulatory requirements. Security awareness management experience.
What we are looking for:
- Experience: 5+ years in GRC roles; financial services or banking experience is a strong plus.
- Regulatory Knowledge: Understanding of GDPR, DORA, PCI DSS, and outsourcing/third-party risk requirements.
- Technical Skills: Hands-on experience with ISO 27001 implementation and third-party risk tools. Proficiency in IAM (Identity and Access Management) solutions and conducting user access reviews. Familiarity with cloud technology and IT infrastructure.
- Framework Expertise: Strong knowledge of NIST frameworks (CSF, 800-53) and CIS Controls.
- Certifications: CRISC, CISSP, CISM, or CISA preferred (equivalent experience considered).
Lead Cyber Security Engineer employer: TN United Kingdom
Contact Detail:
TN United Kingdom Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Lead Cyber Security Engineer
✨Tip Number 1
Familiarise yourself with the specific regulations mentioned in the job description, such as GDPR and DORA. Understanding these regulations deeply will not only help you in interviews but also demonstrate your commitment to compliance and security.
✨Tip Number 2
Network with professionals in the GRC field, especially those with experience in financial services or banking. Attend relevant webinars or conferences to make connections and gain insights that could give you an edge in your application.
✨Tip Number 3
Stay updated on the latest trends and tools in third-party risk management and IAM solutions. Being knowledgeable about current technologies and methodologies will show that you are proactive and well-prepared for the role.
✨Tip Number 4
Prepare to discuss your hands-on experience with ISO 27001 implementation and any third-party risk tools you've used. Be ready to provide examples of how you've successfully managed compliance and security in previous roles.
We think you need these skills to ace Lead Cyber Security Engineer
Some tips for your application 🫡
Tailor Your CV: Make sure your CV highlights relevant experience in GRC roles, particularly in financial services or banking. Emphasise your understanding of GDPR, DORA, and other regulations mentioned in the job description.
Craft a Strong Cover Letter: In your cover letter, explain how your technical skills and regulatory knowledge align with the requirements of the role. Use specific examples from your past experience to demonstrate your expertise in third-party risk management and compliance.
Highlight Certifications: If you have certifications like CRISC, CISSP, CISM, or CISA, make sure to mention them prominently in your application. These qualifications are preferred and can set you apart from other candidates.
Showcase Technical Skills: Detail your hands-on experience with ISO 27001 implementation and any third-party risk tools you have used. Mention your familiarity with IAM solutions and cloud technology, as these are crucial for the role.
How to prepare for a job interview at TN United Kingdom
✨Showcase Your Regulatory Knowledge
Make sure to highlight your understanding of key regulations like GDPR, DORA, and PCI DSS during the interview. Be prepared to discuss how you've applied these regulations in previous roles, as this will demonstrate your expertise and relevance to the position.
✨Demonstrate Technical Proficiency
Since the role requires hands-on experience with ISO 27001 and third-party risk tools, be ready to provide specific examples of how you've implemented these frameworks. Discuss any technical challenges you faced and how you overcame them to show your problem-solving skills.
✨Prepare for Scenario-Based Questions
Expect scenario-based questions that assess your ability to manage third-party risks and compliance issues. Think of real-life situations where you had to design risk management programmes or conduct audits, and be ready to explain your thought process and outcomes.
✨Highlight Your Leadership Experience
As a Lead Cyber Security Engineer, showcasing your leadership skills is crucial. Share experiences where you led teams or projects, particularly in regulatory compliance or risk management, to illustrate your capability to guide others and drive initiatives forward.
