We're partnering with a leading global financial services firm to appoint a Governance, Risk, and Compliance (GRC) Lead into their high-performing Information Security function.
GRC Lead – Cybersecurity (Financial Services)
London | Competitive Package
We're partnering with a leading global financial services firm to appoint a Governance, Risk, and Compliance (GRC) Lead into their high-performing Information Security function. This is an exciting opportunity to join a fast-paced, globally recognised institution with a mature cyber programme and significant investment in its security posture.
As a trusted search partner, we’re looking for an experienced and strategic GRC professional who can bring deep subject matter expertise across third-party risk, regulatory compliance, audit readiness, and awareness training. You’ll play a pivotal role in helping the firm navigate the evolving threat landscape while maintaining compliance with complex global regulations.
The Opportunity
Sitting within a dynamic global InfoSec team, you’ll be responsible for:
- Leading third-party risk assessments and driving continuous improvement of vendor governance processes.
- Owning client due diligence responses, ensuring the business meets external compliance and assurance requirements.
- Developing and delivering enterprise-wide awareness training, phishing simulations, and educational campaigns.
- Advising technical teams and stakeholders on controls around access management, incident handling, BCP, SDLC, and data protection.
- Supporting audits and regulatory engagements, including evidence gathering and remediation tracking.
- Facilitating a governance programme around risk acceptances and policy exceptions.
- Mentoring junior GRC professionals and driving internal knowledge sharing.
What We’re Looking For
We’re keen to speak with individuals who bring:
- 6+ years of experience in GRC within cybersecurity, ideally in financial services or highly regulated environments.
- Proven capability in third-party risk management, client due diligence, and compliance frameworks (NIST, ISO 27001, DORA, etc.).
- Experience in managing audits and regulatory engagements across multiple jurisdictions.
- Excellent communication skills – able to translate complex technical concepts to non-technical stakeholders.
- A collaborative, proactive approach with the ability to thrive in a global, fast-moving organisation.
- Bonus points if you hold certifications such as CISA, CRISC, CISM, CISSP or equivalent.
Tools You Might Use
Familiarity with platforms such as:
- Ticketing systems (e.g., Provance)
- InfoSec training solutions (e.g., Ninjio)
- Third-party risk platforms (e.g., Venminder, CyberGRX, Upguard)
- Microsoft O365 suite
Why Apply?
This is a high-impact role offering direct visibility with senior stakeholders, the chance to shape security posture across a global organisation, and real opportunities for career progression. You’ll be supported by a collaborative team culture, continuous learning, and the ability to influence how cyber risk is managed across a major financial institution.
If you would like to discuss this role in confidence reach out to Javed Hussain 0208 142 3930 / javed.hussain@marlinselection.com