Governance, Risk & Compliance Manager

Governance, Risk & Compliance (GRC) Manager

Are you looking for a role where you can lead cyber security governance in an environment where trust and assurance really matter?

You’ll be joining a collaborative and experienced security team within Sopra Steria’s Aerospace, Defence and Security business. As our Governance, Risk & Compliance Manager, you’ll play a key role in shaping how we manage information security risk and compliance for both our organisation and our clients. You’ll work closely with senior leaders, delivery teams and customers, helping to embed a strong culture of risk awareness while leading and developing a team of GRC professionals.

This is a hands-on leadership role where you’ll guide clients through complex security challenges, translate regulatory requirements into practical solutions, and support continuous improvement across governance, risk and compliance activities.
This role is offered on a hybrid basis. You’ll be aligned to either our London, Manchester or Gloucestershire offices and expected to attend the office for meetings, collaboration, training or customer activity as required, with flexibility for home working the rest of the time.

What you’ll be doing:

• Owning and continuously improving the Information Security Management System (ISMS) in line with ISO 27001, including policies, governance processes and documentation.
• Leading security risk assessments, risk treatment activities and the management of risk registers to support business and regulatory decision making.
• Providing subject matter expertise to internal teams, senior stakeholders and customers on governance, risk and compliance matters.
• Planning, supporting and overseeing internal and external audits, including ISO 27001 and other relevant standards, ensuring audit readiness and effective remediation.
• Supporting compliance with recognised security frameworks and principles, including HMG SPF, NCSC guidance, NIST, OWASP and ISF.
• Managing supply chain security activities, including assurance, audit cycles and risk prioritisation.

What you’ll bring:

• Proven experience managing an ISMS and leading ISO 27001 implementation and audit activities.
• Strong background in governance, risk management and security compliance within a regulated or defence-related environment.
• Experience engaging with senior stakeholders, regulators and external auditors.
• A solid understanding of information security best practice, risk management methodologies and relevant legislation.
• The ability to lead and support a small team while also working independently when required.
• A proactive approach to continuous improvement and professional development.
• Professional certifications such as CISSP, CISM or CRISC.

It would be great if you had:

• ISO 27001:2022 Lead Auditor or Lead Implementer certification.
• Experience working with NIST frameworks.
• ISO 14001 or ISO 45001 Internal Auditor certification.

If you’re interested in this role but not sure if your skills and experience are exactly what we’re looking for, please do apply, we’d love to hear from you!

Employment Type: Full-time, Permanent.
Location: London, Manchester or Gloucestershire – hybrid working.
Security Clearance Level: eDV.
Internal Recruiter: Rebecca.
Salary: £65,000 – £80,000 per annum.
Benefits: £5,400 car allowance, 25 days annual leave with the option to buy additional days, private medical, life assurance, pension, and generous flexible benefits fund.

Although this role is advertised as full-time, we believe that flexibility at work can promote work/life balance, increase your motivation, reduce stress and improves performance and productivity. We support different ways of working and can offer a range of flexible working arrangements. So, if you’re interested and need to work flexibly, we encourage you to apply and talk to us about what might be possible.

Loved reading about this job and want to know more about us?

Sopra Steria’s Aerospace, Defence and Security business designs, develops and deploys digital solutions to Central Government clients. The work we do makes a real difference to the client’s goal of National Security, and we operate in a unique and privileged environment. We are given time for professional development activities, and we coach and mentor our colleagues, sharing knowledge and learning from each other.