Interim Group Security GRC Manager

Extensive experience in ISO27001 ISMS implementation and governance. Strong knowledge of DORA (Digital Operational Resilience Act) and its implications for financial services. Ideally, prior experience in EU financial services security governance, risk, and compliance (GRC). Expertise in developing and managing security compliance metrics (KPIs/KRIs). Experience working with first and second lines of defence in security, IT, and risk functions. Strong background in running governance forums and managing regulatory compliance frameworks. Excellent stakeholder management skills and the ability to communicate effectively at all levels. Willingness to travel for business purposes.

Design, implement, and operationalize an ISO27001-based ISMS for the group. Ensure alignment with DORA regulations and national security compliance requirements across multiple EU jurisdictions. Develop and embed a compliance monitoring and measurement framework, including KPIs, KRIs, and SLA alignment between group and local entities. Collaborate with first line of defence security and IT teams to build operational security processes and technologies. Report on the effectiveness of ISMS controls and compliance directly to the CISO. Work closely with risk management, business continuity, and data protection teams as part of the second line of defence. Lead security governance forums and ensure proper security risk reporting mechanisms are in place.