At a Glance
- Tasks: Lead Cyber Governance, Risk and Compliance initiatives to enhance security across the Group.
- Company: Benefact Group, a charity-owned financial services company with a mission to make a difference.
- Benefits: Competitive salary, hybrid working, generous bonuses, and extensive health benefits.
- Other info: Inclusive culture with opportunities for personal and professional development.
- Why this job: Join a supportive team and influence cyber security in a rapidly growing organisation.
- Qualifications: Experience in Cyber GRC leadership and strong stakeholder management skills required.
The predicted salary is between 60000 - 75000 £ per year.
Working hours: 35 hours per week, Monday to Friday
Duration: Permanent
Location: Gloucester
Job Ref: 205074
About the role
Benefact Group are looking for a Group Cyber Governance, Risk and Compliance Manager to join our Gloucester office. Reporting to the Head of Group Cyber Security, the Cyber Security Governance, Risk and Compliance (GRC) Manager will lead the development and delivery of Cyber GRC capabilities across the Group. The role is accountable for designing, implementing and embedding pragmatic governance, risk and compliance processes, controls and supporting tooling within Group Technology and across wider Group functions, enabling teams to deliver secure, compliant outcomes at pace. The role provides expert advice, coordinates assurance activity and drives remediation to strengthen Cyber resilience, supporting effective decision‑making for senior management and Boards / Committees.
Why join us?
Join a collaborative and inclusive culture that’s committed to making a difference and building a more sustainable future. Ranked amongst the UK's 15 Best Big Companies to Work For in 2025, we offer fantastic career and development opportunities within a rapidly growing, innovative Group — where all profits go to charity and good causes.
What you'll be doing
- Cyber GRC operating model — Own the Cyber GRC roadmap and establish consistent ways of working, taxonomy, methodologies, tooling and reporting across Group Technology.
- Risk and control oversight — Manage the Cyber Risk Register, support risk owners, and deliver clear, business‑focused cyber risk reporting and dashboards.
- Governance and policy leadership — Maintain the Cyber governance framework, lead key governance forums, embed requirements into change processes, and represent Technology in internal/ external governance.
- Regulatory and assurance management — Lead Cyber/ Technology compliance, deliver the control assurance plan, and manage regulatory, audit and assurance engagements end‑to‑end.
- Third‑party assurance and leadership — Oversee cyber due diligence for suppliers, manage third‑party reviews, and build/ lead a high‑performing Cyber GRC team with strong senior stakeholder relationships.
What you'll need to have
- Cyber GRC leadership — Experience leading Cyber GRC, risk management and control assurance in UK‑regulated financial services or similarly complex regulated environments.
- Senior stakeholder influence — Proven ability to influence senior leaders and drive adoption of governance and controls through pragmatic guidance and clear decision pathways.
- Regulatory and framework expertise — Strong knowledge of FCA/ PRA/ EU expectations, operational resilience, third‑party risk, and recognised cyber frameworks (ISO 27001/ 27005, NIST), including control design, testing and remediation.
- Audit and compliance delivery — Demonstrated success leading regulatory and audit examinations, owning evidence and responses, and driving sustainable remediation closure.
- Leadership and communication — Line or matrix leadership experience, relevant certifications (CISSP, CISM, CRISC etc.), and strong written communication with the ability to produce concise, decision‑ready board‑level reporting.
What we offer
- A competitive salary - let's discuss it
- Hybrid working
- Group Personal Pension - up to 12% employer contribution
- Generous annual bonus scheme: on‑target bonus between 7.5% and 30%
- 28 days annual leave plus bank holidays, and a holiday buy and sell scheme
- An array of health and wellbeing benefits, including private healthcare, income protection and life assurance
- £200 annual personal grant to a charity of your choice
- Encouraged to take at least one volunteering day per year
- Employee Assistance Programme
- Full study support to gain professional qualifications
- Access to virtual GP
- Enhanced maternity and paternity pay
Hear from the hiring manager
This is an exciting opportunity to join a growing, high performing and supportive team and to lead the development and delivery of a critical area of specialist operations. This is a first line role that will be directly involved in the delivery of cyber security, and the right candidate will be empowered to closely influence the wider cyber security function across the Group.
About us
Benefact Group is a unique international financial services Group made up of over 30 businesses. We are owned by a charity and have been the 3rd largest UK corporate donor over a decade, having given away £250 million since 2014. We have ambitious plans to become the UK’s number one corporate donor, with strategic objectives in place to double the Group’s size. We believe it’s essential to attract, empower, grow and reward talented people, offering fantastic opportunities for career and personal development. Our giving ethos, 135-year history and the diversity of what we do, has enabled us to build a culture of kindness, great ambition, and of passionate people driven to do better and be better. At Benefact Group, we are committed to creating an inclusive culture and building an environment where each and every one of us feels valued and respected. We are a community made up of people with a range of different backgrounds, abilities, perspectives, beliefs and interests and we value the strength this brings to us as a Group. We welcome applications from everyone. If you need any additional support during the recruitment process, then please let us know.
Group Cyber Governance, Risk and Compliance Man... Benefact Group · Gloucester · employer: Benefact Group plc
Benefact Group is an exceptional employer, offering a collaborative and inclusive culture that prioritises making a positive impact while providing ample career development opportunities. Located in Gloucester, employees benefit from a competitive salary, hybrid working options, generous annual leave, and a commitment to personal growth through study support and volunteering initiatives, all within a rapidly growing organisation dedicated to charitable giving.
StudySmarter Expert Advice🤫
We think this is how you could land Group Cyber Governance, Risk and Compliance Man... Benefact Group · Gloucester ·
✨Tip Number 1
Network like a pro! Reach out to people in the industry, attend events, and connect with current employees at Benefact Group. A friendly chat can sometimes lead to opportunities that aren’t even advertised!
✨Tip Number 2
Prepare for interviews by researching the company culture and values. Benefact Group is all about making a difference, so think about how your skills align with their mission and be ready to share examples.
✨Tip Number 3
Showcase your expertise! Bring along any relevant certifications or projects that highlight your experience in Cyber GRC. This will help you stand out and demonstrate your commitment to the field.
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets noticed. Plus, it shows you’re genuinely interested in joining the Benefact Group family.
We think you need these skills to ace Group Cyber Governance, Risk and Compliance Man... Benefact Group · Gloucester ·
Some tips for your application 🫡
Tailor Your CV:Make sure your CV is tailored to the role of Cyber GRC Manager. Highlight your experience in cyber governance, risk management, and compliance, especially in regulated environments. We want to see how your skills align with what we’re looking for!
Craft a Compelling Cover Letter:Your cover letter is your chance to shine! Use it to explain why you’re passionate about cyber security and how your background makes you a perfect fit for our team. Don’t forget to mention your understanding of FCA/PRA expectations and relevant frameworks.
Showcase Your Leadership Skills:We’re looking for someone who can influence senior stakeholders and lead a high-performing team. Make sure to include examples of your leadership experience and how you’ve driven governance and controls in previous roles.
Apply Through Our Website:We encourage you to apply directly through our website. It’s the best way to ensure your application gets the attention it deserves. Plus, you’ll find all the details you need about the role and our company culture there!
How to prepare for a job interview at Benefact Group plc
✨Know Your Cyber GRC Inside Out
Make sure you’re well-versed in Cyber Governance, Risk and Compliance principles. Brush up on relevant frameworks like ISO 27001 and NIST, and be ready to discuss how you've applied these in previous roles. This will show your expertise and readiness for the position.
✨Prepare for Scenario-Based Questions
Expect questions that ask you to demonstrate your problem-solving skills in real-world situations. Think of examples where you’ve managed cyber risks or led compliance initiatives. Use the STAR method (Situation, Task, Action, Result) to structure your answers clearly.
✨Showcase Your Stakeholder Management Skills
Since this role involves influencing senior leaders, prepare to discuss how you’ve successfully communicated complex information to non-technical stakeholders. Highlight any experiences where you’ve driven adoption of governance and controls through effective communication.
✨Demonstrate Your Leadership Style
Be ready to talk about your leadership experience, especially in a matrix environment. Share specific examples of how you’ve built high-performing teams and fostered collaboration. This will help the interviewers see how you can lead the Cyber GRC team effectively.
