At a Glance
- Tasks: Identify and manage security risks while ensuring compliance with industry standards.
- Company: Dynamic organisation in London focused on governance and risk management.
- Benefits: Competitive salary, benefits package, and opportunities for professional growth.
- Other info: Collaborative culture with opportunities to engage with senior stakeholders.
- Why this job: Join a key team shaping security practices and making a real impact.
- Qualifications: Experience in governance, risk management, or compliance in IT or regulated environments.
The predicted salary is between 55000 - 60000 £ per year.
We are recruiting for a client in London for a GRC OFFICER (with OT and IT experience) Reporting into Head of IT and Security. £55,000-60,000pa (including benefits). Role ensures that security/operational risks are effectively identified, assessed and monitored, and that the organisation maintains compliance with relevant legislation, industry standards and internal policies. This position operates as a key member of the second line of defence, working closely with business units, technical teams and senior stakeholders to embed robust governance and risk practices.
Essential Skills & Experience
- Demonstrable experience in governance, risk management or compliance within an IT/ technology, operational, regulated or critical services environment.
- Strong understanding of risk management methodologies and compliance frameworks (e.g., ISO 27001, NIST CSF, NIS, CAF).
- Excellent written and verbal communication skills with proven stakeholder engagement capability.
- Ability to interpret and translate regulatory requirements into practical processes and controls.
- Strong organisational skills with the ability to manage multiple workstreams effectively.
Desirable Skills & Experience
- Experience working in regulated sectors (e.g., transport, utilities, financial services, health, government, technology).
- Exposure to operational technology (OT) or industrial control systems (ICS) risk and compliance.
- Experience in developing policies, standards and governance reporting.
- Relevant certifications such as ISO 27001 Lead Implementer/Lead Auditor, CISMP, CRISC, CISM, or similar.
Areas of focus:
Risk Management
- Implement and maintain the organisation's risk management framework, including risk identification, assessment, treatment planning and monitoring.
- Facilitate risk assessments across business units and support the development of risk mitigation strategies.
- Monitor and report on risk trends, control effectiveness and emerging threats.
Compliance
- Support the organisation's compliance programme, ensuring adherence to relevant laws, regulations and standards (e.g., ISO 27001, NIS Regulations, GDPR, sector‐specific obligations).
- Maintain compliance registers, audit evidence repositories and documentation to demonstrate ongoing compliance.
- Monitor changes in regulatory and industry requirements and assess their impact on the organisation.
- Coordinate internal and external audits, including evidence collection and management of findings.
Governance & Policy Support
- Contribute to the development, review and implementation of policies, standards and governance processes.
- Produce clear, accurate reports for senior leadership, committees and governance bodies.
- Support the establishment and continuous improvement of governance controls and assurance mechanisms.
- Hold accountability across all technology departments for the governance and assurance of change management, including oversight of changes to systems, data pipelines, AI models, prompts, and configurations, ensuring that appropriate approval, risk assessment, testing, documentation, and audit evidence are maintained prior to implementation.
Awareness & Engagement
- Assist in the design and delivery of awareness, engagement and training activities related to security, compliance and risk.
- Communicate complex requirements to both technical and non-technical stakeholders in a practical and business relevant manner.
Qualifications
- Degree in Information Security, Risk Management, Business, Law or a related discipline; or equivalent professional experience.
- Professional qualifications in information security, risk or compliance are beneficial but not essential.
Personal Attributes
- Detail‐oriented and methodical, with strong analytical skills.
- Proactive and able to work independently while engaging collaboratively across teams.
- Able to simplify complex subjects into accessible and actionable guidance.
- Confident engaging with stakeholders at all levels, including senior leaders.
For more information please apply asap.
Governance, Risk & Compliance (GRC) (with OT and IT experience) in London employer: Edward Mann
Join a forward-thinking organisation in London that prioritises governance, risk, and compliance while fostering a collaborative work culture. With a competitive salary of £55,000-60,000 and a focus on employee development, this role offers the opportunity to engage with senior stakeholders and contribute to meaningful risk management practices. Enjoy a supportive environment that values your expertise in both IT and operational technology, ensuring you thrive in your career while making a significant impact.
StudySmarter Expert Advice🤫
We think this is how you could land Governance, Risk & Compliance (GRC) (with OT and IT experience) in London
✨Tip Number 1
Network like a pro! Reach out to your connections in the GRC field, especially those who have experience with OT and IT. A friendly chat can lead to insider info about job openings that aren't even advertised yet.
✨Tip Number 2
Prepare for interviews by brushing up on your knowledge of compliance frameworks like ISO 27001 and NIST CSF. We want you to be able to discuss how you've applied these in real-world scenarios, so think of examples that showcase your skills.
✨Tip Number 3
Don’t forget to tailor your approach! When you apply through our website, make sure your application highlights your experience in risk management and compliance. Show them you understand their needs and how you can help meet them.
✨Tip Number 4
Follow up after interviews! A quick thank-you email can set you apart from other candidates. Use this opportunity to reiterate your enthusiasm for the role and mention something specific from the interview that resonated with you.
We think you need these skills to ace Governance, Risk & Compliance (GRC) (with OT and IT experience) in London
Some tips for your application 🫡
Tailor Your CV:Make sure your CV is tailored to the GRC role. Highlight your experience in governance, risk management, and compliance, especially within IT or operational environments. We want to see how your skills match what we're looking for!
Craft a Compelling Cover Letter:Your cover letter is your chance to shine! Use it to explain why you're the perfect fit for this role. Mention specific experiences that relate to the job description and show us your passion for GRC.
Showcase Your Communication Skills:Since excellent communication is key for this role, make sure your application reflects that. Use clear and concise language, and don’t shy away from demonstrating how you've engaged with stakeholders in the past.
Apply Through Our Website:We encourage you to apply through our website for a smoother process. It helps us keep track of your application and ensures you get all the updates directly from us. Don’t miss out on this opportunity!
How to prepare for a job interview at Edward Mann
✨Know Your Frameworks
Make sure you brush up on key compliance frameworks like ISO 27001 and NIST CSF. Be ready to discuss how you've applied these in past roles, especially in risk management and compliance contexts.
✨Showcase Your Communication Skills
Since this role involves engaging with various stakeholders, practice explaining complex regulatory requirements in simple terms. Use examples from your experience to demonstrate your ability to communicate effectively with both technical and non-technical audiences.
✨Prepare for Scenario Questions
Expect scenario-based questions that assess your problem-solving skills in risk management. Think of specific situations where you identified risks or implemented compliance measures, and be ready to walk the interviewer through your thought process.
✨Demonstrate Your Organisational Skills
This role requires managing multiple workstreams, so come prepared with examples of how you've successfully juggled various projects. Highlight your methods for prioritising tasks and ensuring nothing falls through the cracks.
