Compliance & Security Manager (GRC)
Permanent
Remote (UK-based)
ISO 27001 Lead Implementer or Lead Auditor certification — essential
An opportunity to take real ownership of security and compliance at a fast-growing tech company. Our client, a leading software business with an ambitious global growth trajectory, is looking for a Security & Compliance / GRC Manager to become the go-to expert across information security, data protection and regulatory compliance.
This isn't a tick-box compliance role. You'll shape how the business protects its customers' data, navigates complex commercial negotiations, and scales its compliance programme as it enters new markets and meets new regulatory demands.
What the successful Security & Compliance Analyst will do:
- Own and maintain security and compliance documentation including policies, procedures, and support materials across information security and compliance programmes
- Take full ownership of ISO 27001 certification — driving continuous improvement and leading preparation for internal and external audits
- Manage the internal Data Protection compliance programme, ensuring adherence to UK GDPR, EU GDPR, CCPA and other applicable global regulations
- Partner with commercial teams to navigate complex security and compliance negotiations, removing deal blockers and standardising processes
- Own third-party supplier risk management, identifying and mitigating vendor risk across the supply chain
- Contribute to the implementation of additional frameworks and standards such as NIST, FedRAMP and others as the business scales internationally
- Identify opportunities to streamline onboarding, security reviews and compliance workflows through smarter documentation and process design
What we are looking for in the successful Security & Compliance Analyst:
- Proven experience in a GRC or info-sec role within a technology company
- ISO 27001 Lead Implementer or Lead Auditor certification — essential
- In-depth, hands-on knowledge of ISO 27001 implementation and ongoing certification management
- A strong track record of managing global data protection compliance including GDPR and CCPA
- Familiarity with general compliance obligations such as Modern Slavery, AML and Anti-Bribery
- Understanding of AWS cloud infrastructure and application security principles
- A technical mindset with the ability to thrive in a fast-moving, ever-evolving environment
- Excellent communication skills and a genuine passion for delivering a great customer experience
Great to have:
- Degree in Computer Science, Information Security, Cybersecurity, Data Protection, Information Governance or Risk
- Recognised qualifications such as CISSP or CompTIA Security+
- Exposure to frameworks including NIST, HIPAA, FedRAMP or DORA
- Knowledge of DevOps or DevSecOps practices
- Prior experience of a scale-up or growth-stage SaaS company
**Please note**
- Due to the security clearance requirements for this role, applicants must be eligible for [SC/DV] clearance. Eligibility criteria mean that candidates must have been a UK resident for a minimum of 5 years and hold the right to work in the UK.
Rewards & Benefits:
- Remote-first role with flexibility across the UK
- Long Term Incentive scheme eligibility
- Personal development budget of c£1.5k per year for courses and certifications
- Top-spec hardware provided
- BUPA healthcare, life insurance and critical illness cover
- Discounted gym membership & broader range of health and wellbeing benefits
Keywords: Security & Compliance Manager, GRC Manager ,Security & Compliance Analyst, GRC Analyst, Information Security Analyst, ISO 27001, Data Protection, GDPR, CCPA, UK GDPR, EU GDPR, GRC, Risk & Compliance, Third Party Risk, Supplier Risk, FedRAMP, NIST, HIPAA, DORA, AWS, Cloud Security, DevOps, Application Security, DevSecOps, Compliance Manager, Data Protection Officer, Privacy, Cybersecurity, Information Governance
