Compliance & Risk Specialist
About the Role:
* Lead and coordinate organisational Governance, Risk & Compliance (GRC) activities.
Key Responsibilities:
* Develop, implement and maintain a comprehensive GRC framework to manage enterprise risk and ensure regulatory compliance.
* Establish and update policies, standards, procedures and technologies that align with business objectives.
* Collaborate with stakeholders to define security requirements for projects and serve as a subject matter expert on security matters.
* Support audit processes, collecting evidence and tracking remediation efforts.
* Conduct regular governance reviews, controls assessments and compliance checks.
Third-Party & Supplier Risk Management:
* Maintain and improve the third-party risk governance framework.
* Coordinate onsite audits with business owners and suppliers.
* Evaluate vendor security and IT risks by reviewing security questionnaires, DPIAs and compliance documents.
* Manage day-to-day supplier risk activities and support ongoing monitoring efforts.
Cybersecurity & IT Risk Management:
* Perform technical and procedural assessments of systems and processes, including full reporting and remediation tracking.
* Define IT and Cyber Security controls for new transformation initiatives.
* Assist in managing the IT risk register, including exposure analysis and risk mitigation activities.
* Oversee incident reporting for IT risk and GDPR-related notifications.
Security Awareness & Operational Support:
* Manage phishing awareness campaigns, employee training and corrective actions.
* Support internal communications, security announcements and awareness initiatives.
* Participate in security incident response activities with the Information Security team.
* Provide GRC advice to business units, supporting data protection and compliance projects.
* Generate regular reporting, dashboards and management information.
* Maintain Security & Privacy policies and procedures.
Requirements:
* Strong understanding of security and data protection regulations, directives and standards.
* Experience with IT controls, risk assessments and data protection obligations.
* Familiarity with frameworks such as NIS, AI governance, GDPR, ISO 27001, PCI DSS, NIST or similar.
* Excellent analytical, diagnostic and problem-solving skills.
* Able to effectively manage stakeholder relationships and engage with regulatory bodies.