Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead third-party risk assessments and develop enterprise-wide awareness training.
- Company: Join a globally recognised financial services firm with a strong cyber programme.
- Benefits: Enjoy a competitive package, career progression, and a collaborative team culture.
- Why this job: Make a real impact on global security posture and influence cyber risk management.
- Qualifications: 6+ years in GRC within cybersecurity, ideally in financial services; strong communication skills required.
- Other info: Opportunity to mentor junior professionals and work with cutting-edge InfoSec tools.
The predicted salary is between 43200 - 72000 £ per year.
We're partnering with a leading global financial services firm to appoint a Governance, Risk, and Compliance (GRC) Lead into their high-performing Information Security function.
This is an exciting opportunity to join a fast-paced, globally recognised institution with a mature cyber programme and significant investment in its security posture. As a trusted search partner, we’re looking for an experienced and strategic GRC professional who can bring deep subject matter expertise across third-party risk, regulatory compliance, audit readiness, and awareness training. You’ll play a pivotal role in helping the firm navigate the evolving threat landscape while maintaining compliance with complex global regulations.
The Opportunity
- Leading third-party risk assessments and driving continuous improvement of vendor governance processes.
- Owning client due diligence responses, ensuring the business meets external compliance and assurance requirements.
- Developing and delivering enterprise-wide awareness training, phishing simulations, and educational campaigns.
- Advising technical teams and stakeholders on controls around access management, incident handling, BCP, SDLC, and data protection.
- Supporting audits and regulatory engagements, including evidence gathering and remediation tracking.
- Facilitating a governance programme around risk acceptances and policy exceptions.
- Mentoring junior GRC professionals and driving internal knowledge sharing.
What We’re Looking For
- 6+ years of experience in GRC within cybersecurity, ideally in financial services or highly regulated environments.
- Proven capability in third-party risk management, client due diligence, and compliance frameworks (NIST, ISO 27001, DORA, etc.).
- Experience in managing audits and regulatory engagements across multiple jurisdictions.
- Excellent communication skills – able to translate complex technical concepts to non-technical stakeholders.
- A collaborative, proactive approach with the ability to thrive in a global, fast-moving organisation.
- Bonus points if you hold certifications such as CISA, CRISC, CISM, CISSP or equivalent.
Tools You Might Use
- Familiarity with platforms such as InfoSec training solutions (e.g., Ninjio)
- Third-party risk platforms (e.g., Venminder, CyberGRX, Upguard)
- Microsoft O365 suite
Why Apply?
This is a high-impact role offering direct visibility with senior stakeholders, the chance to shape security posture across a global organisation, and real opportunities for career progression. You’ll be supported by a collaborative team culture, continuous learning, and the ability to influence how cyber risk is managed across a major financial institution.
Contact Detail:
Marlin Selection Ltd Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Governance Risk and Compliance Lead (GRC) - Cyber
✨Tip Number 1
Network with professionals in the cybersecurity and GRC fields, especially those working in financial services. Attend industry events or webinars to connect with potential colleagues and learn about the latest trends and challenges in the sector.
✨Tip Number 2
Familiarise yourself with the specific compliance frameworks mentioned in the job description, such as NIST and ISO 27001. Being able to discuss these frameworks confidently during interviews will demonstrate your expertise and readiness for the role.
✨Tip Number 3
Prepare to showcase your experience in third-party risk management and client due diligence. Think of specific examples where you successfully managed these processes and be ready to discuss them in detail during your conversations with us.
✨Tip Number 4
Brush up on your communication skills, particularly in translating complex technical concepts into layman's terms. This is crucial for the role, so practice explaining your past projects to someone without a technical background to ensure clarity.
We think you need these skills to ace Governance Risk and Compliance Lead (GRC) - Cyber
Some tips for your application 🫡
Tailor Your CV: Make sure your CV highlights relevant experience in Governance, Risk, and Compliance (GRC) within cybersecurity. Emphasise your familiarity with compliance frameworks like NIST and ISO 27001, as well as any certifications you hold.
Craft a Compelling Cover Letter: In your cover letter, express your passion for cybersecurity and your understanding of the financial services sector. Mention specific examples of how you've successfully managed third-party risk or led compliance initiatives in previous roles.
Showcase Communication Skills: Since excellent communication skills are crucial for this role, consider including examples in your application that demonstrate your ability to translate complex technical concepts to non-technical stakeholders.
Highlight Leadership Experience: If you have experience mentoring junior professionals or leading teams, make sure to include this in your application. This will show your capability to drive internal knowledge sharing and support the development of others in the GRC field.
How to prepare for a job interview at Marlin Selection Ltd
✨Showcase Your GRC Expertise
Be prepared to discuss your experience in Governance, Risk, and Compliance, particularly within cybersecurity. Highlight specific frameworks you've worked with, such as NIST or ISO 27001, and provide examples of how you've successfully managed third-party risk and compliance.
✨Communicate Clearly with Non-Technical Stakeholders
Since the role requires translating complex technical concepts to non-technical stakeholders, practice explaining your past projects in simple terms. Use analogies or relatable examples to demonstrate your ability to communicate effectively across different levels of the organisation.
✨Demonstrate a Proactive Approach
Prepare to share instances where you took the initiative to improve processes or address potential risks before they became issues. This will showcase your proactive mindset, which is essential in a fast-paced environment like the one described in the job profile.
✨Prepare for Scenario-Based Questions
Expect scenario-based questions that assess your problem-solving skills in real-world situations. Think about challenges you've faced in previous roles, particularly around audits or regulatory engagements, and be ready to discuss how you navigated those situations.
