Head of Risk and Compliance (Security & Governance Focus)
The Role
Our client is a leading name in workforce and project management software, dedicated to delivering secure, compliant, and resilient solutions. They are seeking a Head of Risk and Compliance to lead their security, risk, and compliance strategy—ensuring the highest standards of data protection, regulatory compliance, and risk management. This is a critical leadership role, shaping security policies, mitigating cyber threats, and driving a strong security culture across the organization.
Key Responsibilities
* Security Leadership – Define and drive the company's risk and compliance strategy, ensuring alignment with global security frameworks (ISO 27001, SOC 2, NIST, etc.)
* Regulatory Compliance – Stay ahead of evolving regulations (GDPR, CCPA, etc.), updating policies and enforcing best practices to maintain compliance
* Security Risk Management – Own and oversee security risk assessments, incident response strategies, and business resilience planning
* Certifications & Audits – Manage and expand security certifications, ensuring continuous compliance with regulatory and business needs
* Third-Party Risk Management – Lead the vendor assessment program, strengthening due diligence and reducing supply chain security risks
* Security Awareness & Education – Implement security awareness programs, lead company-wide phishing simulations, and provide targeted training for key teams
* Customer Trust & Assurance – Act as a key security representative for top-tier customers, managing security inquiries and building confidence in the company’s security posture
Desired Skills and Qualifications
* Significant experience in information security governance, risk, and compliance roles, with at least 2+ years leading teams in organizations of 1,000-5,000 employees
* Deep understanding of security standards, risk frameworks, and regulatory requirements (ISO 27001, SOC 2, NIST, GDPR, CCPA, etc.)
* Hands-on experience with security risk management, including phishing exercises, security training programs, and compliance monitoring
* Proven track record in incident response, security governance, and business continuity planning
* Excellent communication skills, able to articulate security risks and solutions to both technical and non-technical audiences, including senior executives and customers
* Strong leadership and decision-making ability, with experience influencing security culture and best practices at a company-wide level
* This is a fantastic opportunity for a security-focused GRC leader to make a real impact in a high-growth technology company. If you are passionate about security, compliance, and risk management at scale, we’d love to hear from you!
The Package
* Basic salary of £120,000-£150,000 (based on experience and suitability)
* Private healthcare
* Hybrid working
* Bonus
* Share options