Cyber GRC Manager

About the role

We are looking for a skilled and proactive Cyber GRC (Governance, Risk and Compliance) Manager to strengthen cyber governance, risk and compliance across the Society. You'll take ownership of developing, maintaining and evolving our GRC framework, ensuring it aligns with business strategy, regulatory requirements and industry best practices.

In this role, you'll lead cyber risk identification, assessment and mitigation, maintain the cyber risk register, and provide clear, actionable reporting to senior leaders and governance panels. You'll support compliance with legislation such as data protection, PCI‑DSS and sector‑specific obligations, and strengthen policies, standards and controls across cyber security, IT governance, business continuity and disaster recovery.

You'll plan and deliver risk‑based IT audits across on‑premise and cloud systems, conduct application control reviews for core IT systems, track remediation progress and confirm closure of risks. You'll also support external audits, provide cyber and IT subject‑matter expertise, and help ensure audit and cyber priorities are aligned with the Senior Cyber Security Manager and Cyber Operations Manager.

Collaboration is central to this role—you'll act as a trusted advisor to colleagues across the business, translating technical cyber risks into clear business‑level insight for ELT and governance panels, while building strong cross‑Society relationships that balance independence with partnership.

If you're passionate about cyber governance, risk management and improving organisational resilience, this is a role where you can make a tangible impact.

You’ll be an experienced Cyber GRC professional with a strong background in cyber governance, IT audit or risk management, and a proven ability to assess, manage and reduce technology risk. You’ll have solid knowledge of frameworks and standards such as ISO 27001, NIST CSF or COBIT, and experience translating technical risks into clear business insight.

You’ll also bring:

• Excellent analytical and problem‑solving skills, with meticulous attention to detail and accuracy.
• Strong interpersonal and communication skills, capable of networking effectively with stakeholders at all levels.
• A collaborative mindset, with experience working across IT, Risk and Compliance functions to embed best practice.
• A proactive approach to learning, keeping up to date with emerging threats, tools, standards and industry best practices.
• Strong organisational and time‑management skills, able to manage multiple priorities and deliver high‑quality outcomes.
• Professional certifications such as CISA, CISM, CRISC, CISSP, or ISO 27001 Lead Auditor.

You’ll thrive in a collaborative, purpose‑driven environment, supporting teams across the business to strengthen governance, improve cyber resilience and ensure effective risk management across the Society.

In addition to working for a successful co‑operative business, we offer our colleagues fantastic benefits, including:

• 30 days annual leave (including bank holidays) (pro‑rata)
• Pension scheme (with up to 12% employer contributions)
• Generous colleague discount rates across our family of businesses
• Annual discretionary colleague bonuses to reward you for your hard work

We are an "Investors in People – Platinum" employer, meaning that we have been recognised as one of the country's top employers, offering progression opportunities to all our colleagues. We’ll give you the opportunity to build the skills necessary to further progress your career and help to open up future opportunities, helping to shape your career for the better.