IT GRC Specialist

IT GRC Specialist

City of London / Hybrid

Up to £85K + bonus and excellent benefits

A well-established and highly regarded financial services organisation in the City of London is looking for an experienced, IT GRC Specialist to take on a broad, senior-level role spanning risk, controls, and governance across a complex global IT environment.

This is a substantive position, not a support role. You'll own BAU risk management activities, lead periodic risk assessments, drive control framework development, and act as the primary bridge between first-line IT and second-line functions including Information Security and Operational Risk. The organisation operates across multiple geographies with outsourced IT infrastructure partners, so you'll need to be comfortable navigating that kind of complexity from day one.

What you'll be doing

Governance

• Lead the development and continuous improvement of IT risk and control governance methodologies
• Provide change governance oversight across IT programmes and transformation initiatives
• Produce senior stakeholder reporting on risk posture, control effectiveness, and key themes
• Maintain repeatable BAU governance documentation including methodologies, processes, and guidelines

Risk

• Own and deliver BAU IT risk management, from identification and assessment through to tracking and closure
• Lead periodic risk assessments across critical applications, infrastructure, cloud environments, and operational risk
• Embed risk management into change processes for new and evolving systems
• Coordinate second-line risk reviews and manage responses to findings and recommendations

Compliance

• Support the design and implementation of IT controls, ensuring they are clearly defined, measurable, and auditable
• Drive control effectiveness and maturity assessments, identifying gaps and improvement opportunities
• Coordinate control attestations and self-assessments across Group IT
• Ensure alignment with internal policies, regulatory requirements (including DORA), and audit expectations

What we're looking for

• Significant experience in IT GRC, risk management, or information security governance
• Strong grounding in IT and information security risk frameworks, particularly ISO 27001 and NIST
• Practical experience in IT controls management, including design, documentation, assessment, testing, and attestation
• Familiarity with L1 to L3 control frameworks and experience building or enhancing control methodologies
• Experience working alongside second-line functions and managing audit and review cycles
• Ability to translate technical risk into clear, business-relevant language for senior audiences
• Confidence engaging with, and constructively challenging, stakeholders at all levels
• Background in regulated, complex, or outsourced IT environments is a strong advantage
• CRISC, CISSP, or similar certifications are desirable; French or German language skills are a bonus

Why this role

• A senior, visible position with real ownership, not just support responsibilities
• Exposure to enterprise-scale governance across a globally recognised financial institution
• Collaborative culture with genuine scope to shape and mature the IT GRC function
• Hybrid working with modern City offices