Governance, Risk & Compliance Manager

Governance Risk and Compliance Manager Are you looking to lead cyber security governance at scale, influence senior stakeholders and help shape how organisations manage risk in complex, high‑assurance environments? As a Governance Risk and Compliance Manager within our ADS Cyber Security team, you will lead the development and delivery of GRC services across large and complex client engagements. You will work closely with senior leaders, customers and technical teams to align security, risk and compliance activity with business objectives, contractual commitments and regulatory requirements. You will be part of a collaborative, supportive team that values knowledge sharing, innovation and professional growth. This role offers the opportunity to work remotely across the UK, with occasional travel to client or Sopra Steria sites as required. We can offer great career progression opportunities, the ability to be based anywhere across the UK, benefits which you can flex to meet your needs, and training and development opportunities. What you’ll be doing: Leading the creation, review and maintenance of Secure By Design artefacts, CAATS and Security Risk Assessments. Producing DPIAs and DFCRs and generating RAINs to support effective risk management. Leading security activities for large client engagements, building trusted relationships and ensuring contractual and regulatory alignment. Driving compliance programmes against legal, regulatory, contractual and industry standards. Supporting SOC teams with onboarding services to SIEM platforms and working with ITSHC suppliers on CSM scoping. Leading complex assessments, audit programmes, bid responses and the development of security control roadmaps. What you’ll bring: Proven experience leading GRC teams and delivering large, complex client engagements. Strong ability to interpret technical designs and provide effective security governance and guidance. Experience leading consultancy engagements such as ISMS implementation, compliance audits and security strategy definition. Strong stakeholder management skills with the ability to communicate complex risk clearly at all levels. In‑depth understanding of JSP440, JSP453 and NIST frameworks. A recognised cyber or information security qualification such as CISSP, CISM, CCSP, ISO27001 Lead Auditor or CRISC. It would be great if you had: Experience with cloud security implementation. Knowledge of Identity and Access Management (IDAM). Exposure to Operational Technology (OT) environments. Understanding of security architecture principles. If you’re interested in this role but not sure if your skills and experience are exactly what we’re looking for, please do apply, we’d love to hear from you! Employment Type: Full-time, Permanent. Location: Remote working across the UK. Security Clearance Level: SC. Internal Recruiter: Rebecca. Salary: £75,000 – £90,000. Benefits: £5,400 car allowance, 25 days annual leave with the option to buy additional days, private medical, life assurance, pension, and generous flexible benefits fund. Although this role is advertised as full-time, we believe that flexibility at work can promote work/life balance, increase your motivation, reduce stress and improves performance and productivity. We support different ways of working and can offer a range of flexible working arrangements. So, if you’re interested and need to work flexibly, we encourage you to apply and talk to us about what might be possible. Loved reading about this job and want to know more about us? Sopra Steria’s Aerospace, Defence and Security business designs, develops and deploys digital solutions to Central Government clients. The work we do makes a real difference to the client’s goal of National Security, and we operate in a unique and privileged environment. We are given time for professional development activities, and we coach and mentor our colleagues, sharing knowledge and learning from each other. We foster a culture in which employees feel valued and supported and have pride in their work for the customer, delivering outstanding rates of customer satisfaction in the UK’s most complex safety‑ and security‑critical markets. Apply To This Job