Governance, Risk & Compliance (GRC) Lead

Job Description Governance, Risk & Compliance (GRC) LeadNewcastle upon Tyne - onsiteSalary: 75,000 plus bonusThe OpportunityNational enterprise scale business is seeking a highly capable Governance, Risk & Compliance (GRC) Lead to drive the evolution of their security and risk landscape during a period of significant transformation and investment. This is a rare chance to step into a senior, influential positionshaping the GRC strategy, building capability, and ensuring regulatory excellence across a complex and highprofile environment.The RoleWorking as the Right-hand to the Head of Information Security, you will:Leadership & OwnershipLead the entire GRC portfolio and shape a function that is still maturing.Manage a small but growing team, across multiple sitesGovernance & ISMSOwn the ISMS and drive the organisations journey to ISO 27001 certification.Ensure ongoing Cyber Essentials and Cyber Essentials Plus compliance across the business.Develop, maintain and embed policies, processes and governance structures.Risk ManagementStand up and mature the IT risk management framework across the business.Produce risk registers, KRIs, governance packs and executiveready reporting.Oversee and enhance thirdparty risk assurance.Regulatory & Framework ComplianceSupport delivery of obligations under the Security & Resilience Bill and CAF.Provide guidance on NIS2 for international operations.Anticipate evolving regulatory requirements and prepare the organisation accordingly.Incident Response GovernanceLead scenario planning, readiness and policy work on the GRC side of incident response.Work closely with the Security Operations Lead, who owns technical response.The PersonWith a strong background in GRC and ideally possessing an information security certification such as CISSP, CISM or CRISC, you will have:The ability to interpret and challenge technical controlsExperience managing or maturing an ISMS and delivering ISO 27001 compliance.Solid IT risk management experience.Strong communication skills with senior stakeholders, including exec-level reporting.Most importantly you will be:Practical, hands-on, comfortable shaping a function that is still developing.Able to influence, challenge and communicate with technical stakeholders.Detailed in documentation, audit readiness and governance reporting.Exposure to public-sector aligned frameworks (CAF, NIS/NIS2), will be beneficial, though not essential.

Created: 2026-03-20