Job Description
You might be part of a large cyber team, where your role is an inch wide but a mile deep, and you're looking to broaden your impact.
Or maybe you're a one-person band, running the entire security function solo, and you're ready to work with a slightly bigger team.
Perhaps you don’t have enough support in your current role, and you're tired of banging your head against the wall.
What if you could be closer to the Executive Leadership Team—where security isn’t just an afterthought, but a function that’s valued and celebrated?
A professional services company is looking for a experienced Cyber GRC & Assurance Manager to further elevate its already mature and highly regarded security assurance function. Their security program is established and respected across the company, supported by the type of executive buy-in that’s often hard to find. This role is focused on refining and enhancing an already successful initiative; it's not about rebuilding. You’ll oversee the GRC and Assurance portfolio, ensuring the program remains audit-ready, continuously improving, and aligned with client security needs. Reporting directly to the CISO, you’ll also serve as 2IC when needed, playing a central role in security governance, risk management, and compliance.
While they're not a regulated entity, it works with clients who are, making security a crucial business enabler and differentiator. Improving the customer experience, both inside and outside the organization, is a core focus, and the security program plays a vital role in maintaining client trust and satisfaction.
In this role, you’ll work across a range of compliance frameworks, including ISO 27001, CPS 234, NIST, ASD Essential 8, and SOC 2 Type 2. This role offers variety, touching multiple areas such as leading client security audits, responding to inquiries, and reviewing Cyber Security contracts to ensure alignment with client expectations. Additionally, you’ll oversee the Cyber Trust Centre Portal, ensuring a proactive and robust client assurance program.
Supply chain security will be another key area of focus, where you’ll enhance vendor risk assessments and third-party security, ensuring consistency and best practices across the firm’s network of partners and vendors.
You’ll also provide high-level reporting on Cyber Security performance, ensuring senior leadership is kept informed—this includes tracking and reporting on key risk indicators and cyber risk registers.
If that's not enough, you’ll also lead Cyber Security awareness and training programs, collaborating with internal teams to ensure employees understand and follow security best practices.
You’ll be well-supported in this role, managing one direct report (a Security Analyst) and collaborating with internal teams and external consultants to support governance, risk, and compliance initiatives. You won't be alone.
We are looking for someone with a technical background, who has managed a team and brings experience in Cyber GRC, with hands-on expertise in managing assurance programs.