Technical GRC Specialist

This is a fully remote position, open to applicants in United Kingdom.

📋 Description

• Provide direct assistance in evaluating, enhancing, and sustaining technical security baselines in alignment with industry best practices (e.g., NIST, CIS, ISO).

• Ensure that configurations meet global regulatory requirements (e.g., HIPAA, GDPR).

• Utilize automated tools to oversee security and compliance status.

• Serve as the Governance, Risk, and Compliance (GRC) liaison with Infrastructure and Engineering teams to guarantee that hardening requirements are technically viable and effectively executed.

• Oversee and continually refine the organization’s Third-Party Risk Management program involving suppliers, vendors, and strategic partners.

• Manage comprehensive due diligence processes for both new and existing vendors, including inherent risk assessments, security/privacy evaluations, and ongoing monitoring.

• Examine vendor assurance documentation, such as ISO 27001 certifications, SOC 2 reports, penetration test summaries, policies, and compliance evidence.

• Identify, document, and communicate vendor-related risks, remediation actions, and approval recommendations.

• Maintain risk tiering and reassessment timelines for critical and high-risk vendors.

• Act as a reliable partner to internal stakeholders throughout vendor onboarding, renewals, and procurement decisions.

• Work directly with suppliers to address due diligence challenges and drive remediation efforts.

• Keep audit-ready documentation updated within GRC systems.

• Assist team members with global and contractual compliance initiatives, as well as internal and external audits.

• Contribute to enhancements in security and compliance policies, processes, and controls.

• Identify opportunities for automation, simplification, and enhancement of GRC tools.

⛳️ Requirements

• Minimum of 3 years’ experience in compliance, GRC, vendor risk management, information security, internal audit, or related fields.

• Demonstrated experience in cybersecurity and managing third-party/vendor due diligence programs.

• Solid understanding of commonly used assurance frameworks such as ISO 27001, SOC 2, NIST, or equivalent.

• Good working knowledge of UK GDPR and privacy considerations in supplier relationships.

• Familiarity with cloud/SaaS environments and common systems (e.g., identity providers, cloud platforms, collaboration tools).

• Experience in reviewing supplier security documentation and recognizing practical risks.

• Strong organizational skills with the capacity to independently manage multiple priorities.

• Excellent written and verbal communication abilities; proficient in English.

🏝️ Benefits

• Private health insurance

• Profit Interest Unit Appreciation Rights

• 25 days paid leave

• Pension

• Group life assurance

• Group income protection

• Flexible work environment

• A supportive, diverse workplace where we prioritize respect for each other and our clients

• A fun and collaborative team culture