Cyber Security GRC Lead

Cyber Security GRC Lead

Cyber Security Governance, Risk and Compliance Lead

Who we are...

GlobalData is a specialist information services business on a mission to help our clients decode the future, make better decisions and reach more customers. Using our unique data, expert analysis and innovative solutions we deliver intelligence on the world's largest industries for companies, government organisations and industry professionals.

We began our journey in 2016, by combining a diverse range of specialist information services companies, with decades of trusted customer relationships and deep sector specialisms. Today, we operate as a single company and one fully integrated platform, with more than 3,500 colleagues worldwide, across 20+ industries, delivering value for over 5,000 customers.

Why join GlobalData?

GlobalData is at a pivotal point in its growth journey. Following multiple acquisitions and having recently received transformational investment we need curious, ambitious, courageous people to support us in achieving our vision of becoming the world's trusted source of strategic industry intelligence.

Our big ambitions mean that life at GlobalData is fast paced, entrepreneurial and rewarding. We recognise the collective power of our people, and it's the collaboration of our teams that have shaped our success and will continue to do so in the future.

The role...

We are looking for a Cyber Security Governance Risk and Compliance Lead to join the corporate team at GlobalData. This is a newly created role, reporting into the Chief Information & Security Officer. The Cyber Security GRC Lead will be responsible for implementing ISO 27001 and gaining certification.

What you'll be doing...

• Governance: Develop and maintain cyber security policies, provides and governance framework in line with ISO 27001. Ensure alignment with organisational goals and strategic objectives.
• Risk Management: Lead and implement the risk management process, including risk identification, assessment and mitigation. Perform regular risk assessments to ensure appropriate risk mitigation strategies are in place, in alignment with an evolving threat landscape and business growth.
• Compliance: Establish a compliance programme and conduct internal audits to assess the operational effectiveness of existing controls and ensure adherence to company policy.
• Stakeholder Engagement: Collaborate with key stakeholders across the business, including IT, legal, sales and HR, to ensure effective integration of policies.
• Continuous Improvement: Drive continuous improvement initiatives to enhance and mature the company's security posture, while densifying new tools, technologies and best practices.

• Bachelor's degree in Cyber Security, Information Technology, or a related field (or equivalent work experience)
• 5-7 years of experience in cyber security, with a focus on Governance Risk and Compliance. Experience at an enterprise, global company desirable.
• Relevant certifications such as CISA, CRISC, CISM or equivalent is highly preferred.
• Proven experience in implementing and/or maintaining ISO 27001 certification is highly preferred. Knowledge and expertise with other risk and compliance frameworks, such as NIST, is also acceptable.
• Strong experience in risk management, including risk assessments and remediation strategies.
• Extensive experience in leading or managing audits, compliance assessments, and certifications.
• Familiarity with cyber security technologies, tools, and methodologies.
• Excellent communication skills, with the ability to present complex concepts to non-technical stakeholders.