Technology Governance Lead - GRC

Technology Governance Lead (Risk, Compliance & Security)

London Hybrid

Up to £80,000 plus excellent bens

We are looking for a Technology Governance Lead to drive a proactive, secure-by-default, and compliant-by-design culture across our technology organisation. Reporting to the Head of IT Transformation, this role will take ownership of technology risk, cyber governance, security oversight, and compliance assurance across platforms, delivery teams, and third-party services. This is a strategic and hands-on leadership role focused on improving governance maturity, strengthening resilience, enhancing audit outcomes, and ensuring technology risks are clearly understood, managed, and communicated across the business. The successful candidate will work closely with Engineering, Infrastructure, Product, Data, Security, and senior stakeholders to embed pragmatic governance practices that support delivery while maintaining strong control.

Role & Responsibilities

Technology Risk & Security Oversight

Own and manage the organisation’s technology risk landscape across applications, infrastructure, data, and third parties

Maintain visibility of cyber risks, vulnerabilities, remediation activity, and emerging threats

Ensure risks are identified, assessed, mitigated, and reported consistently

Provide regular risk and governance reporting to senior leadership and governance forumsGovernance & Compliance

Embed security, risk, and compliance controls into technology delivery processes

Define and maintain governance standards, policies, and control frameworks

Ensure technology changes align with internal policies and regulatory expectations

Drive consistent governance practices across all technology teamsCyber Security & Resilience

Oversee cyber security remediation activities and control improvements

Ensure effective monitoring, incident management, and response processes are in place

Support disaster recovery, resilience, and business continuity readiness

Track and drive resolution of security vulnerabilities and audit findingsAudit & Assurance

Lead technology assurance activities including audits, internal reviews, and control testing

Improve audit readiness through strong evidence management and documentation

Act as the primary point of contact for technology risk, compliance, and audit matters

Translate technical risks into clear business-level communication for senior stakeholdersContinuous Improvement & Culture

Promote a proactive risk and security culture across the organisation

Embed accountability for governance, risk, and compliance across delivery teams

Continuously improve governance processes to reduce friction while maintaining strong control

Support awareness and education around technology risk and security best practiceSkills & Experience

Essential Skills

Strong experience in technology governance, risk management, cyber security, or IT compliance

Proven ability to implement and operate governance frameworks and control environments

Experience managing technology risk across infrastructure, applications, cloud services, and third parties

Strong understanding of cyber security principles, vulnerability management, and operational resilience

Experience leading audits, assurance activities, and remediation programmes

Ability to communicate complex technical risks clearly to senior business stakeholders

Strong stakeholder management and influencing skills across technical and non-technical teams

Good understanding of security and governance frameworks such as ISO 27001, NIST, COBIT, or similar

Desirable

Relevant certifications such as CISSP, CISM, CRISC, ISO 27001 Lead Implementer/Auditor, or similar

Experience supporting cloud governance and modern technology environments

Exposure to enterprise transformation or technology change programmes