Technical GRC Specialist

We are looking for an experienced software-as-a-service (SaaS) security practitioner to join our growing Governance, Risk & Compliance (GRC) team. This role will primarily take ownership of our security hardening standards and our Third-Party Risk Management (TPRM), focusing on proactive improvements in cybersecurity, ensuring audit readiness, and scaling GRC processes through automation.

Requirements

• 3+ years' experience in compliance, GRC, vendor risk management, information security, internal audit or related fields
• Proven experience in cybersecurity and managing third-party/vendor due diligence programmes
• Strong understanding of common assurance frameworks such as ISO 27001, SOC 2, NIST or equivalent
• Good working knowledge of UK GDPR / privacy considerations in supplier relationships
• Familiarity with cloud/SaaS environments and common systems (e.g. identity providers, cloud platforms, collaboration tools)
• Experience reviewing supplier security documentation and identifying practical risks
• Strong organisational skills with the ability to manage multiple priorities independently
• Excellent written and verbal communication skills; proficient in English

Benefits

• Private health insurance
• Profit Interest Unit Appreciation Rights
• 25 days paid leave
• Pension
• Group life assurance
• Group income protection
• Flexible work environment
• A supportive, diverse workplace where we prioritize respect for each other and our clients
• A fun and collaborative team culture