Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead the design and operation of GRC strategy, ensuring compliance and risk management.
- Company: Join a leading organisation focused on governance, risk, and compliance in the telecom sector.
- Benefits: Competitive salary, professional development, and opportunities for career advancement.
- Why this job: Make a significant impact on security governance and risk management in a dynamic environment.
- Qualifications: Extensive experience with UK Telecom Security Act, PCI DSS, ISO/IEC 27001, and NIS 2.
- Other info: Lead a high-performing team and influence cross-functional stakeholders.
The predicted salary is between 72000 - 108000 ÂŁ per year.
The Lead Governance, Risk & Compliance (GRC) Manager is responsible for establishing, operating, and continuously improving the organisation’s enterprise-wide compliance, risk, and security governance frameworks. This senior leadership role requires deep expertise across regulatory, industry, and cybersecurity standards—specifically the UK Telecom Security Act, PCI DSS, ISO/IEC 27001, and NIS 2. You will act as the organisation’s authoritative subject‑matter expert, ensuring end‑to‑end compliance, overseeing risk posture, and enabling secure and resilient operations through structured governance and proactive risk management.
Responsibilities
- Governance & Compliance Leadership
- Lead the design and operation of the organisation’s GRC strategy, ensuring alignment with business objectives and regulatory obligations.
- Serve as the principal authority on:
- Telecoms Security Act (TSA) & Code of Practice
- Payment Card Industry Data Security Standard (PCI DSS)
- ISO/IEC 27001 Information Security Management System (ISMS)
- NIS 2 Directive requirements & associated national legislation
- Maintain and continuously improve compliance roadmaps, policies, and controls across the enterprise.
- Oversee the governance framework, ensuring effective risk ownership, reporting, and leadership engagement.
- Lead the enterprise risk management (ERM) programme, ensuring risks are identified, assessed, prioritised, and treated effectively.
- Own the corporate risk register and report regularly to senior leadership, audit committees, and regulatory stakeholders.
- Design and implement risk assessment methodologies to support security, operational, and regulatory decision making.
- Drive internal and external audit cycles (TSA compliance, PCI assessments, ISO 27001 audits, NIS 2 evaluations).
- Oversee testing of security controls, including assurance reviews, control maturity assessments, and continuous compliance monitoring.
- Ensure remediation actions are managed through to completion and embedded into business processes.
- Support business units during their contact with regulatory bodies and national CSIRTs/competent authorities for NIS 2.
- Prepare and deliver accurate regulatory submissions, compliance evidence, incident notifications, and executive reporting.
- Develop, own, and maintain enterprise information security policies and standards.
- Ensure policies reflect current legal, regulatory, and industry practices, and are adopted consistently across the organisation.
- Foster a strong risk‑aware culture through training, awareness, and stakeholder engagement.
- Lead a high‑performing GRC team and influence stakeholders across engineering, operations, legal, procurement, and product functions.
- Provide expert guidance on secure‑by‑design initiatives, and supplier risk management.
- Support major programmes and transformation initiatives ensuring compliance and risk considerations are integrated from inception.
Skills
- Extensive experience working with:
- UK Telecom Security Act & Code of Practice (TSA/SRF)
- PCI DSS v4.0 including SAQ/ROC, segmentation, and control validation
- ISO/IEC 27001:2022 and associated 27000‑series standards
- NIS 2 Directive, cybersecurity measures, governance requirements, and incident reporting obligations
- NCSC Cyber Assessment Framework
Lead GRC Manager employer: Lebara Media Services Private Ltd
Contact Detail:
Lebara Media Services Private Ltd Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Lead GRC Manager
✨Tip Number 1
Network like a pro! Attend industry events, webinars, and meetups to connect with professionals in the GRC space. You never know who might have the inside scoop on job openings or can refer you directly to hiring managers.
✨Tip Number 2
Showcase your expertise! Create a personal brand by sharing insights on platforms like LinkedIn. Post articles or comment on relevant topics related to the UK Telecom Security Act or PCI DSS to get noticed by potential employers.
✨Tip Number 3
Prepare for interviews by brushing up on your knowledge of compliance frameworks and risk management strategies. Be ready to discuss how you've successfully led GRC initiatives in the past and how you can bring that experience to the table.
✨Tip Number 4
Don't forget to apply through our website! We make it easy for you to find roles that match your skills and interests. Plus, applying directly shows your enthusiasm for joining our team!
We think you need these skills to ace Lead GRC Manager
Some tips for your application 🫡
Tailor Your CV: Make sure your CV is tailored to the Lead GRC Manager role. Highlight your experience with the UK Telecom Security Act, PCI DSS, and ISO/IEC 27001. We want to see how your skills align with our needs!
Craft a Compelling Cover Letter: Your cover letter is your chance to shine! Use it to explain why you're the perfect fit for this senior leadership role. Share specific examples of how you've led governance and compliance initiatives in the past.
Showcase Your Expertise: Don’t hold back on showcasing your deep expertise in risk management frameworks and security assurance. We’re looking for someone who can be our authoritative subject-matter expert, so let that shine through in your application!
Apply Through Our Website: We encourage you to apply directly through our website. It’s the best way for us to receive your application and ensures you don’t miss any important updates from our team!
How to prepare for a job interview at Lebara Media Services Private Ltd
✨Know Your Regulations Inside Out
Make sure you’re well-versed in the UK Telecom Security Act, PCI DSS, ISO/IEC 27001, and NIS 2. Prepare specific examples of how you've applied these regulations in your previous roles, as this will demonstrate your expertise and readiness for the Lead GRC Manager position.
✨Showcase Your Risk Management Skills
Be ready to discuss your experience with enterprise risk management programmes. Think about how you've identified, assessed, and treated risks in past roles, and be prepared to share methodologies you've implemented to support decision-making.
✨Prepare for Cross-Functional Scenarios
Since this role involves influencing various stakeholders, prepare examples of how you've successfully collaborated with teams across engineering, operations, and legal functions. Highlight your ability to lead initiatives that integrate compliance and risk considerations from the start.
✨Demonstrate Leadership and Team Development
As a senior leader, it’s crucial to show how you’ve developed high-performing teams. Be ready to discuss your coaching style and how you’ve fostered a strong risk-aware culture within your team or organisation.
