Interim Group Security GRC Manager

View full description

Requirements:

• Extensive experience in ISO27001 ISMS implementation and governance.
• Strong knowledge of DORA (Digital Operational Resilience Act) and its implications for financial services.
• Ideally, prior experience in EU financial services security governance, risk, and compliance (GRC).
• Expertise in developing and managing security compliance metrics (KPIs/KRIs).
• Experience working with first and second lines of defence in security, IT, and risk functions.
• Strong background in running governance forums and managing regulatory compliance frameworks.
• Excellent stakeholder management skills and the ability to communicate effectively at all levels.
• Willingness to travel for business purposes.

Responsibilities:

• Design, implement, and operationalize an ISO27001-based ISMS for the group.
• Ensure alignment with DORA regulations and national security compliance requirements across multiple EU jurisdictions.
• Develop and embed a compliance monitoring and measurement framework, including KPIs, KRIs, and SLA alignment between group and local entities.
• Collaborate with first line of defence security and IT teams to build operational security processes and technologies.
• Report on the effectiveness of ISMS controls and compliance directly to the CISO.
• Work closely with risk management, business continuity, and data protection teams as part of the second line of defence.
• Lead security governance forums and ensure proper security risk reporting mechanisms are in place.