Governance Risk & Compliance Manager

Sword Group

  • Aberdeen
  • Permanent
  • Full-time
  • 1 month ago
  • Apply easily
Sword is a leading provider of business technology solutions within the Energy, Public and Finance Sectors, driving transformational change within our clients. We use proven technology, specialist teams and domain expertise to build solid technical foundations across platforms, data, and business applications. We have a passion for using technology to solve business problems, working in partnership with our clients to help in achieving their goals.Sword is excited to announce that it is looking for an experienced Governance Risk & Compliance Manager to join the security team. Reporting directly to the CISO you will be responsible for the implementation and delivery of Sword’s Governance, Risk & Compliance program.The Governance Risk & Compliance Manager is primarily an operational role and will be required to operate with high levels of autonomy, effectively managing regulatory requirements, implementing risk management strategies, and promoting a culture of compliance based on continuous improvements.Security Governance – Develop and refine security policies, frameworks, and procedures, maintaining alignment and accreditation ISO 27001 and Cyber Essentials Plus.
  • Risk Management – Conduct ongoing security risk assessments across vendors, projects, and internal teams, identifying areas of concern and driving remediation efforts
  • Legal, Regulatory, and Contractual Requirements – Ensure Sword remains compliant with relevant legal, contractual, and regulatory obligations, keeping pace with evolving regulations in all areas where Sword operates
  • Third-Party & Supply Chain Security – Assess and manage security risks related to suppliers and partners, ensuring robust security measures are maintained
  • Certification Management – Oversee and drive Sword’s certification in both Cyber Essentials Plus and ISO 27001 including management of the ISMS
  • Business Resilience – Refine and mature the Sword business continuity and disaster recovery plans including regular testing and exercising
  • Audit & Compliance – Ongoing audit and compliance of Sword policies and procedures against relevant contractual and regulatory obligations
  • Data Protection – Central coordination of GDPR compliance across Sword including standardising processes and procedures with Data Protection Officers
  • Security Culture – Drive improvements in the internal security culture through ongoing awareness, training and communications on policies, processes, and procedures
  • Continuous Improvement – Deliver the risk & compliance program through a series of continuous and incremental improvements
RequirementsHere’s what the role looks like:You should have direct experience, or strong working knowledge, of the following:
  • Developing, implementing, and maintaining GRC frameworks aligned with industry standards and organisational goals
  • Cyber Security Frameworks (NIST), regulations such as the General Data Protection Regulations (GDPR) and Network Information Systems (NIS2), and industry standards such as ISO 27001
  • Ability to identify, assess, and mitigate risks across business processes and technical environments
  • Experience managing audits and compliance reporting, including designing effective controls, developing audit plans, interfacing with auditors, and responding to findings
  • Technical proficiency with GRC tools and platforms, including compliance monitoring technologies and data analysis (e.g., advanced Excel skills)
  • Analytical and problem-solving skills to interpret complex regulations, resolve compliance issues, and provide strategic advice to leadership
  • Excellent communication skills, both written and verbal, including the ability to convey complex regulatory and risk issues in understandable terms to stakeholders across the business
  • Significant experience in a similar role preferably in an international organisation
Qualifications and Personal Skills
  • Major industry certification such as CISA, CRISC, ISO 27001, etc.
  • Experience in relevant Governance, Risk, and Compliance frameworks and technologies
  • Takes ownership and accountability with an ability to self-manage tasks and activities to consistently deliver results
  • Dedicated and proactive learner who keeps up to date with security regulations and is continuously improving and refining skills
  • Excellent communication, negotiation and influencing skills – able to influence operational effectiveness across an organisation to achieve results
BenefitsAt Sword, our core values and culture are based on caring about our people, investing in training and career development and building inclusive teams where we are all encouraged to contribute to achieve success.We offer comprehensive benefits designed to support your professional development and enhance your overall quality of life.In addition to a Competitive Salary, here's what you can expect as part of our benefits package:Personalised Career Development: We create a development plan customised to your goals and aspirations, with a range of learning and development opportunities within a culture that encourages growth.Flexible working: Flexible work arrangements to support your work-life balance. We can’t promise to always be able to meet every request, however are keen to discuss your individual preferences to make it work where we can.A Fantastic Benefits Package: This includes generous annual leave allowance, enhanced family friendly benefits, pension scheme, access to private health, well-being, and insurance schemes, an employee assistance programme, discounted cash plan and more…..At Sword we are dedicated to fostering a diverse and inclusive workplace and are proud to be an equal opportunities employer, ensuring that all applicants receive fair and equal consideration for employment, regardless of whether they meet every requirement. If you don’t tick all the boxes but feel you have some of the relevant skills and experience we’re looking for, please do consider applying and highlight your transferable skills and experience. We embrace diversity in all its forms, valuing individuals regardless of age, disability, gender identity or reassignment, marital or civil partner status, pregnancy or maternity status, race, colour, nationality, ethnic or national origin, religion or belief, sex or sexual orientation. Your perspective and potential are important to us.If we can do anything to help make the hiring process more accessible, please let our talent acquisition team know when you apply so we can support any adjustments.

Sword Group