GRC Lead

About the Role

We are seeking an experienced Governance, Risk, and Compliance (GRC) Lead to oversee and enhance our organization’s security governance, risk management, and compliance frameworks. The successful candidate will work closely with leadership, business units, and technical teams to ensure effective risk mitigation, regulatory compliance, and continuous improvement of security posture.

Key Responsibilities:

• Lead the design, implementation, and continuous improvement of the organization’s GRC framework.
• Develop, maintain, and enforce information security, risk, and compliance policies, standards, and procedures.
• Manage risk assessments, audits, and compliance reviews across business and technical domains.
• Ensure compliance with relevant standards, regulations, and frameworks (e.g., ISO 27001, NIST, GDPR, PCI-DSS, HIPAA, local regulatory requirements).
• Oversee third-party/vendor risk management programs.
• Support security awareness and training initiatives across the organization.
• Partner with IT, legal, and business stakeholders to align security and compliance objectives with business strategy.
• Track and report on compliance metrics, risk posture, and audit findings to senior leadership.
• Lead internal and external audit engagements, ensuring timely remediation of identified issues.

Qualifications & Experience:

• Bachelor’s degree in Information Security, Computer Science, Risk Management, or related field (Master’s preferred).
• 7+ years of experience in information security, risk management, or compliance, with at least 3 years in a leadership or management role.
• Strong knowledge of GRC frameworks, regulatory requirements, and industry standards.
• Relevant certifications such as CISM, CRISC, CISA, ISO 27001 Lead Implementer/Lead Auditor, CISSP (preferred).
• Excellent leadership, communication, and stakeholder management skills.

Salt is acting as an Employment Agency in relation to this vacancy.