Governance, Risk & Compliance Manager

Are you looking for a role where you can shape risk and compliance strategy while making a real impact on national security?

You will join us as a Governance, Risk and Compliance (GRC) Manager, leading work that strengthens security for both our clients and our organisation. You will be at the forefront of embedding a positive culture of risk‑awareness and compliance, helping clients understand their security challenges and guiding them through projects that uplift and mature their security posture.

You will work within our Aerospace, Defence and Security business where we design, develop and deliver digital solutions that make a genuine difference to Central Government clients. We work in a unique environment where security is paramount. You will collaborate with supportive colleagues who share knowledge, mentor one another and take pride in the work delivered for our customers.

We can offer great career progression opportunities, the ability to be based anywhere across the UK, benefits which you can flex to meet your needs, and training and development opportunities.

What you’ll be doing

• Leading risk and assurance activity including core deliverables.
• Owning and driving security workstreams on large client engagements and maintaining strong stakeholder relationships.
• Conducting risk assessments for internal and third‑party systems and managing risks through to remediation.
• Leading complex assessments and programmes of risk and audit activity.
• Implementing compliance programmes aligned to regulatory, legal, industry and contractual requirements.
• Building security control roadmaps that align organisational plans with regulatory and contractual obligations.

What you’ll bring

• A successful track record in risk and assurance delivery within large client engagements.
• Strong stakeholder management and relationship‑building skills.
• Ability to understand complex issues and communicate clearly with both technical and non‑technical audiences.
• Experience leading consultancy engagements such as ISMS implementations, risk assessments and compliance audits.
• Strong project management skills with the ability to balance multiple priorities.
• A recognised cyber or information security qualification (for example CISSP, CISM, CCSP, ISO 27001 Lead Auditor or CRISC).

It would be great if you had

• Knowledge of HMG and NCSC security requirements.
• Experience in cloud security implementation.
• Experience in AI security governance.
• Understanding of Identity and Access Management.
• Knowledge of security architecture principles.

If you’re interested in this role but not sure if your skills and experience are exactly what we’re looking for, please do apply, we’d love to hear from you!

Employment Type: Full‑time, Permanent. Location: Remote. Security Clearance Level: SC and NPPV3. Internal Recruiter: Rebecca. Salary: £75,000–£85,000. Benefits: £5,400 car allowance, 25 days annual leave with the option to buy additional days, private medical, life assurance, pension and a generous flexible benefits fund.

Although this role is advertised as full‑time, we believe that flexibility at work can promote work/life balance, increase your motivation, reduce stress and improve performance and productivity. We support different ways of working and can offer a range of flexible working arrangements. So, if you’re interested and need to work flexibly, we encourage you to apply and talk to us about what might be possible.

Loved reading about this job and want to know more about us?

Sopra Steria’s Aerospace, Defence and Security business designs, develops and deploys digital solutions to Central Government clients. The work we do makes a real difference to the client’s goal of National Security, and we operate in a unique and privileged environment. We are given time for professional development activities, and we coach and mentor our colleagues, sharing knowledge and learning from each other. We foster a culture in which employees feel valued and supported and have pride in their work for the customer, delivering outstanding rates of customer satisfaction in the UK’s most complex safety‑ and security‑critical markets.