GRC Implementor Permanent opportunity offering CIRCA £75 000 Onsite 3 days a week in Helensburgh, with 2 days remote. SC or DV clearance required. Working with a prestigious maritime defence organisation, ensuring their operations adhere to the highest standards of governance, risk management, and compliance by implementing secure by design principles. ABOUT THE ROLE Working closely with system owners and project delivery teams to review technical business cases, ensuring that security and risk management considerations are addressed from the outset. You will play a key role in guiding the implementation and governance of information security, compliance and Risk frameworks across multiple security teams, particularly in alignment with MoD standards and NIST. Your responsibilities will include assessing project requirements, developing Information Security Management Systems (ISMS), and producing documentation aligned to MOD requirements, including NIST Special Publication 800-37. WHAT WILL YOU DO? Governance: Establish, implement and maintain a secure by design framework across the organisation to ensure compliance with internal policies and external regulations. Risk Management: Identify, assess, and mitigate risks that could impact the organisations operations and objectives. Compliance: Ensure adherence to legal and regulatory requirements, including data protection, cybersecurity, and operational standards. Policy Development: Develop and implement policies and procedures to support principles and governance/ compliance efforts. Secure by Design: Assess, implement and advocate secure by design principles to ensure that security is integrated into all stages of system development and operations. Utilise the secure by design framework to guide risk management and compliance activities. Training and Awareness: Conduct training sessions and awareness programs to educate personnel on secure by design principals Audit and Reporting: Conduct regular audits and prepare reports on compliance status and risk management activities. Collaboration: Advise and guide stakeholders, system owners and delivery teams to ensure that security measures are integrated seamlessly into technical architecture programmes. WHAT EXPERIENCE YOU WILL NEED TO BE SUCCESFUL? Current or Active Security Clearance Proven experience in Information Security and practical GRC implementation experience Expertise in secure by design principles with practical experience of implementing the NIST 800-37 framework. Background in Defence Hands-on experience with ISMS policy drafting/implementation. Ability to work collaboratively and advise on compliance to various Security Teams, senior stakeholders to communicate the changes and polices required. Strong understanding of risk management processes, including risk assessment and mitigation documentation. For immediate consideration and more information, apply today.