Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead third-party risk assessments and develop enterprise-wide awareness training.
- Company: Join a globally recognised financial services firm with a strong cyber programme.
- Benefits: Enjoy a competitive package, career progression, and a collaborative team culture.
- Why this job: Shape security posture and influence cyber risk management in a fast-paced environment.
- Qualifications: 6+ years in GRC within cybersecurity; experience in compliance frameworks and audits.
- Other info: Opportunity for mentorship and continuous learning in a dynamic InfoSec team.
The predicted salary is between 43200 - 72000 £ per year.
We're partnering with a leading global financial services firm to appoint a Governance, Risk, and Compliance (GRC) Lead into their high-performing Information Security function. This is an exciting opportunity to join a fast-paced, globally recognised institution with a mature cyber programme and significant investment in its security posture.
As a trusted search partner, we’re looking for an experienced and strategic GRC professional who can bring deep subject matter expertise across third-party risk, regulatory compliance, audit readiness, and awareness training. You’ll play a pivotal role in helping the firm navigate the evolving threat landscape while maintaining compliance with complex global regulations.
The Opportunity
- Leading third-party risk assessments and driving continuous improvement of vendor governance processes.
- Owning client due diligence responses, ensuring the business meets external compliance and assurance requirements.
- Developing and delivering enterprise-wide awareness training, phishing simulations, and educational campaigns.
- Advising technical teams and stakeholders on controls around access management, incident handling, BCP, SDLC, and data protection.
- Supporting audits and regulatory engagements, including evidence gathering and remediation tracking.
- Facilitating a governance programme around risk acceptances and policy exceptions.
- Mentoring junior GRC professionals and driving internal knowledge sharing.
What We’re Looking For
- 6+ years of experience in GRC within cybersecurity, ideally in financial services or highly regulated environments.
- Proven capability in third-party risk management, client due diligence, and compliance frameworks (NIST, ISO 27001, DORA, etc.).
- Experience in managing audits and regulatory engagements across multiple jurisdictions.
- Excellent communication skills – able to translate complex technical concepts to non-technical stakeholders.
- A collaborative, proactive approach with the ability to thrive in a global, fast-moving organisation.
- Bonus points if you hold certifications such as CISA, CRISC, CISM, CISSP or equivalent.
Tools You Might Use
- Familiarity with platforms such as: Ticketing systems (e.g., Provance), InfoSec training solutions (e.g., Ninjio), Third-party risk platforms (e.g., Venminder, CyberGRX, Upguard), Microsoft O365 suite.
Why Apply?
This is a high-impact role offering direct visibility with senior stakeholders, the chance to shape security posture across a global organisation, and real opportunities for career progression. You’ll be supported by a collaborative team culture, continuous learning, and the ability to influence how cyber risk is managed across a major financial institution.
If you would like to discuss this role in confidence reach out to Javed Hussain 0208 142 3930.
Governance Risk and Compliance Lead (GRC) - Cyber employer: Marlin Selection Recruitment
Contact Detail:
Marlin Selection Recruitment Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Governance Risk and Compliance Lead (GRC) - Cyber
✨Tip Number 1
Network with professionals in the cybersecurity and GRC fields, especially those working in financial services. Attend industry events or webinars to connect with potential colleagues and learn about the latest trends and challenges in the sector.
✨Tip Number 2
Familiarise yourself with the specific compliance frameworks mentioned in the job description, such as NIST and ISO 27001. Being able to discuss these frameworks confidently during interviews will demonstrate your expertise and readiness for the role.
✨Tip Number 3
Prepare to showcase your experience in third-party risk management and client due diligence. Think of specific examples where you've successfully navigated these areas, as this will be crucial in demonstrating your fit for the position.
✨Tip Number 4
Brush up on your communication skills, particularly in translating complex technical concepts into layman's terms. This is essential for advising non-technical stakeholders, so practice explaining key GRC topics in a simple and engaging way.
We think you need these skills to ace Governance Risk and Compliance Lead (GRC) - Cyber
Some tips for your application 🫡
Tailor Your CV: Make sure your CV highlights relevant experience in Governance, Risk, and Compliance (GRC) within cybersecurity. Emphasise your expertise in third-party risk management and compliance frameworks like NIST and ISO 27001.
Craft a Compelling Cover Letter: Write a cover letter that showcases your strategic approach to GRC. Mention specific examples of how you've led risk assessments or improved vendor governance processes in previous roles.
Highlight Communication Skills: Since excellent communication is key for this role, provide examples in your application of how you've successfully translated complex technical concepts to non-technical stakeholders.
Showcase Continuous Learning: Mention any relevant certifications you hold, such as CISA or CISSP, and express your commitment to continuous learning and professional development in the field of cybersecurity.
How to prepare for a job interview at Marlin Selection Recruitment
✨Showcase Your GRC Expertise
Be prepared to discuss your experience in Governance, Risk, and Compliance, particularly within cybersecurity. Highlight specific projects or initiatives you've led, especially those related to third-party risk management and compliance frameworks like NIST or ISO 27001.
✨Communicate Clearly with Non-Technical Stakeholders
Since the role requires translating complex technical concepts to non-technical stakeholders, practice explaining your past experiences in simple terms. Use examples that demonstrate your ability to bridge the gap between technical teams and business objectives.
✨Demonstrate Continuous Improvement Mindset
Discuss how you've driven continuous improvement in vendor governance processes or compliance measures in previous roles. Be ready to share specific outcomes or metrics that showcase your impact on enhancing security posture.
✨Prepare for Scenario-Based Questions
Expect scenario-based questions that assess your problem-solving skills in real-world situations. Think about challenges you've faced in audits or regulatory engagements and how you navigated them, as this will show your strategic thinking and adaptability.
