Security GRC Manager at Crown Agents Bank

The Security GRC (Governance, Risk & Compliance) Manager will take the lead in developing, implementing, and continuously improving our global security governance, risk, and compliance programs. You’ll play a critical role in maintaining and achieving key security certifications, driving regulatory compliance across multiple regions, and enabling a strong security culture across the business. 

You’ll be joining a small, high-performing, and collaborative security team where your ideas, initiative, and hands-on mindset will make a real impact. If you’re an experienced GRC professional with a passion for innovation, a data-driven approach, and a proven track record in tech environments—this is the role for you. 

Responsibilities:

• Security Frameworks: Lead the management and continuous improvement of security frameworks such as ISO/IEC 27001, NIST CSF, and others as required. 

• Certifications & Audits: Oversee and drive certification and re-certification efforts for Cyber Essentials Plus, SOC 2 Type 2, and other relevant regional or industry-specific standards across EMEA, Americas and Asia. 

• Compliance & Regulation: Analyse global laws and regulatory requirements to ensure the business meets applicable security compliance obligations (e.g., EU GDPR, DORA, etc.). 

• Risk Management: Own and manage the security risk management program, including advanced risk assessments, vendor risk reviews, and mitigation planning. 

• Security Incidents: Collaborate with cross-functional teams on security incident coordination, response, root cause analysis, and continuous improvement efforts. 

• Stakeholder Reporting: Provide clear, data-driven reporting to senior stakeholders on GRC metrics, risks, controls, and compliance posture. 

• Awareness & Training: Design and deliver user training programs and security awareness initiatives to foster a strong security-first culture. 

• Customer Trust: Respond to customer assurance questionnaires, support sales and legal teams with RFPs and security-related queries.