Manager Governance Risk & Compliance (GRC) in London

We're on a mission to change the future of clinical research. At Perceptive, we help the biopharmaceutical industry bring medical treatments to the market, faster. Our mission is to change the world but to do this, we need people like you.

What can we offer you? Apart from job satisfaction, we can offer you:

• 25 days' holiday (with the option to buy more)
• Health Cash Plan
• Optional private health, dental insurance, and health screens
• Cycle to work scheme
• Generous pension scheme with up to 10% employer contribution
• Life assurance
• Season ticket loan

About the role

Job Purpose: The Manager, Governance Risk & Compliance (GRC) is responsible for developing, implementing and maintaining governance, risk and compliance frameworks within Perceptive's security function. Managing a small team, this role ensures adherence to ISO 27001 standards, manages internal and external audits and reviews contractual agreements (MSAs) for compliance with security and regulatory requirements.

Key Responsibilities:

• Governance & Framework Management: Maintain and enhance the organization's Information Security Management System (ISMS) aligned with ISO 27001. Develop and update security policies, standards, and procedures. Ensure compliance with regulatory and contractual obligations.
• Risk Management: Identify, assess, and monitor information security risks. Maintain risk registers and ensure mitigation plans are in place. Support business units in risk treatment and reporting.
• Compliance & Audits: Plan and execute internal audits for ISO 27001 and other relevant frameworks. Coordinate external certification audits and liaise with auditors. Track and manage audit findings and corrective actions.
• Contractual Reviews: Review Master Service Agreements (MSAs), Statements of Work (SOWs), and vendor contracts for security and compliance clauses. Collaborate with Legal and Procurement teams to ensure security requirements are embedded in agreements. Advise on third-party risk management processes.
• Training & Awareness: Conduct security awareness sessions related to governance and compliance. Provide guidance to stakeholders on compliance obligations. Manage Cyber awareness and phishing simulation platforms.
• Reporting & Metrics: Prepare regular compliance and risk reports for senior management. Monitor key performance indicators (KPIs) for GRC activities.

Functional Competencies (Technical knowledge/Skills): Ability to manage internal and external audits as they relate to cyber security. Excellent interpersonal, verbal and written communication skills. A flexible attitude with respect to work assignments and new learning. Ability to manage multiple and varied tasks with enthusiasm and prioritise workload with attention to detail. Ability to identify and implement process improvements. Ability to manage a globally distributed team, including motivating, developing and coordinating team members. Maintains an up-to-date awareness of trends, tools, technology, techniques and processes that affect cyber security GRC within the Life sciences domain.

Experience, Education, and Certifications: Proven experience of leading and mentoring colleagues. Experience of regulated environments (GxP, Financial, etc.). Professional certifications such as ISO 27001 Lead Implementer/Auditor, CISM, CRISC, or similar. Strong understanding of ISO 27001, risk management frameworks, and audit processes. Experience reviewing contracts and MSAs for security compliance. Background in IT security governance within a global organization. Knowledge and understanding of regulations and frameworks relating data protection and cyber security (GDPR, SOC 2, NIS2, etc.). Experience with GRC tools and platforms. Bachelor's degree or Engineering in IT/computer science/electronics. English: Fluent.

Come as you are. We're proud to be an Equal Employment Opportunity employer. We do not discriminate based upon race, religion, colour, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.