GRC Risk Manager

GRC Risk Manager

A Global Organisation requires a Contract GRC Risk Manager with specific expertise with ServiceNow IRM to lead enterprise and third-party Security Risk management by driving assessments, controls and translating technical risks into actionable business decisions across complex, global environments.

• Day Rate: £600-£700pd
• IR35 Status: Inside
• Duration: 3 months initially
• Travel: 2 days a week in Hertfordshire

This GRC Risk Manager will have the following previous experience:

• Design, operate, and continuously improve an enterprise information security risk management capability using ServiceNow IRM, applying both qualitative and quantitative techniques to enable confident, risk-based decision-making.
• Own third-party cyber risk oversight end to end: lead structured supplier assessments, review security and contractual obligations, and drive continuous monitoring across a complex global vendor ecosystem.
• Lead post-incident risk analysis by identifying root causes, uncovering systemic weaknesses, and ensuring insights are Embedded into controls, remediation plans, and the risk register.
• Define and mature security metrics, including Key Risk Indicators and Key Control Indicators, to evaluate control effectiveness across critical assets, suppliers, and environments, using data and dashboards to inform action.