Technology Governance Lead - GRC

Technology Governance Lead (Risk, Compliance & Security)

London Hybrid
Up to £80,000 plus excellent bens

We are looking for a Technology Governance Lead to drive a proactive, secure-by-default, and compliant-by-design culture across our technology organisation. Reporting to the Head of IT Transformation, this role will take ownership of technology risk, cyber governance, security oversight, and compliance assurance across platforms, delivery teams, and third-party services. This is a strategic and hands-on leadership role focused on improving governance maturity, strengthening resilience, enhancing audit outcomes, and ensuring technology risks are clearly understood, managed, and communicated across the business. The successful candidate will work closely with Engineering, Infrastructure, Product, Data, Security, and senior stakeholders to embed pragmatic governance practices that support delivery while maintaining strong control.

Role & Responsibilities

Technology Risk & Security Oversight

• Own and manage the organisation’s technology risk landscape across applications, infrastructure, data, and third parties
• Maintain visibility of cyber risks, vulnerabilities, remediation activity, and emerging threats
• Ensure risks are identified, assessed, mitigated, and reported consistently
• Provide regular risk and governance reporting to senior leadership and governance forums

Governance & Compliance

• Embed security, risk, and compliance controls into technology delivery processes
• Define and maintain governance standards, policies, and control frameworks
• Ensure technology changes align with internal policies and regulatory expectations
• Drive consistent governance practices across all technology teams

Cyber Security & Resilience

• Oversee cyber security remediation activities and control improvements
• Ensure effective monitoring, incident management, and response processes are in place
• Support disaster recovery, resilience, and business continuity readiness
• Track and drive resolution of security vulnerabilities and audit findings

Audit & Assurance

• Lead technology assurance activities including audits, internal reviews, and control testing
• Improve audit readiness through strong evidence management and documentation
• Act as the primary point of contact for technology risk, compliance, and audit matters
• Translate technical risks into clear business-level communication for senior stakeholders

Continuous Improvement & Culture

• Promote a proactive risk and security culture across the organisation
• Embed accountability for governance, risk, and compliance across delivery teams
• Continuously improve governance processes to reduce friction while maintaining strong control
• Support awareness and education around technology risk and security best practice

Skills & Experience
Essential Skills

• Strong experience in technology governance, risk management, cyber security, or IT compliance
• Proven ability to implement and operate governance frameworks and control environments
• Experience managing technology risk across infrastructure, applications, cloud services, and third parties
• Strong understanding of cyber security principles, vulnerability management, and operational resilience
• Experience leading audits, assurance activities, and remediation programmes
• Ability to communicate complex technical risks clearly to senior business stakeholders
• Strong stakeholder management and influencing skills across technical and non-technical teams
• Good understanding of security and governance frameworks such as ISO 27001, NIST, COBIT, or similar

Desirable

• Relevant certifications such as CISSP, CISM, CRISC, ISO 27001 Lead Implementer/Auditor, or similar
• Experience supporting cloud governance and modern technology environments
• Exposure to enterprise transformation or technology change programmes