Governance, Risk & Compliance Manager in Manchester

Are you looking for a role where you can lead cyber security governance in an environment where trust and assurance really matter? You’ll be joining a collaborative and experienced security team within Sopra Steria’s Aerospace, Defence and Security business. As our Governance, Risk & Compliance Manager, you’ll play a key role in shaping how we manage information security risk and compliance for both our organisation and our clients. You’ll work closely with senior leaders, delivery teams and customers, helping to embed a strong culture of risk awareness while leading and developing a team of GRC professionals. This is a hands‑on leadership role where you’ll guide clients through complex security challenges, translate regulatory requirements into practical solutions, and support continuous improvement across governance, risk and compliance activities. This role is offered on a hybrid basis. You’ll be aligned to either our London, Manchester or Gloucestershire offices and expected to attend the office for meetings, collaboration, training or customer activity as required, with flexibility for home working the rest of the time.

What you’ll be doing:

• Owning and continuously improving the Information Security Management System (ISMS) in line with ISO 27001, including policies, governance processes and documentation.
• Leading security risk assessments, risk treatment activities and the management of risk registers to support business and regulatory decision making.
• Providing subject matter expertise to internal teams, senior stakeholders and customers on governance, risk and compliance matters.
• Planning, supporting and overseeing internal and external audits, including ISO 27001 and other relevant standards, ensuring audit readiness and effective remediation.
• Supporting compliance with recognised security frameworks and principles, including HMG SPF, NCSC guidance, NIST, OWASP and ISF.
• Managing supply chain security activities, including assurance, audit cycles and risk prioritisation.

What you’ll bring:

• Proven experience managing an ISMS and leading ISO 27001 implementation and audit activities.
• Strong background in governance, risk management and security compliance within a regulated or defence‑related environment.
• Experience engaging with senior stakeholders, regulators and external auditors.
• A solid understanding of information security best practice, risk management methodologies and relevant legislation.
• The ability to lead and support a small team while also working independently when required.
• A proactive approach to continuous improvement and professional development.
• Professional certifications such as CISSP, CISM or CRISC.

It would be great if you had:

• ISO 27001:2022 Lead Auditor or Lead Implementer certification.
• Experience working with NIST frameworks.
• ISO 14001 or ISO 45001 Internal Auditor certification.

If you’re interested in this role but not sure if your skills and experience are exactly what we’re looking for, please do apply, we’d love to hear from you!

Employment Type: Full-time, Permanent.

Location: London, Manchester or Gloucestershire – hybrid working.

Security Clearance Level: eDV.

Salary: £65,000 – £80,000 per annum.

Benefits: £5,400 car allowance, 25 days annual leave with the option to buy additional days, private medical, life assurance, pension, and generous flexible benefits fund.

Although this role is advertised as full‑time, we believe that flexibility at work can promote work/life balance, increase your motivation, reduce stress and improves performance and productivity. We support different ways of working and can offer a range of flexible working arrangements. So, if you’re interested and need to work flexibly, we encourage you to apply and talk to us about what might be possible.

Sopra Steria’s Aerospace, Defence and Security business designs, develops and deploys digital solutions to Central Government clients. The work we do makes a real difference to the client’s goal of National Security, and we operate in a unique and privileged environment. We are given time for professional development activities, and we coach and mentor our colleagues, sharing knowledge and learning from each other. We embrace difference as a source of creativity, innovation and competitive advantage and are striving to become a more diverse organisation. We welcome applications from people with a diverse variety of backgrounds and identities. We are committed to equality of opportunity for all and do not discriminate on the basis of race, religion, colour, gender, age, disability, sexual orientation or marital status. We have partnered with Vercida, the UK's largest diversity and inclusion focused careers site, where all our vacancies are available in an accessible format. If you require any adjustments to the recruitment process, to enable you to perform to the best of your ability, please let us know when completing your application. We participate in the Disability Confident scheme and are committed to offering an interview to any candidate with a disability, who meets the minimum criteria for the role. If you believe this could apply to you, please let us know when completing your application.