Information Governance Analyst

GRC Lead

B2C SaaS | Cheshire (Hybrid)

We are working with a fast-growing B2C SaaS organisation that is investing in cyber security maturity and establishing a dedicated Governance, Risk, and Compliance (GRC) function.

The GRC Lead will report into the Head of Cyber Security and take ownership of governance and assurance activities across the business. This is a senior role with responsibility for shaping cyber risk management, embedding robust frameworks, and leading a small GRC team.

Key Responsibilities

• Lead and develop the GRC function, providing direction across governance, risk, and compliance activities.

• Own cyber risk management, including risk assessments, reporting, and remediation tracking.

• Oversee cyber resilience, information governance, and supplier assurance activities.

• Develop, maintain, and review cyber security policies, standards, and procedures.

• Manage security framework assessments (e.g. ISO 27001, NIST) and support audit readiness.

• Partner with technical and non-technical stakeholders to embed security and compliance across the organisation.

Essential Experience

• Background in one or more of: cyber risk management, information governance, supplier assurance, cyber resilience, or security framework assessments.

• Proven experience managing and developing teams.

• Strong stakeholder engagement and communication skills.

• Demonstrable experience writing and maintaining policies and procedures.

• Solid understanding of enterprise IT environments.

Desirable

• Experience with Microsoft Purview.

• Exposure to Azure Recovery Services / Azure Site Recovery.

• Asset management experience.

• Ability to develop and deliver cyber security awareness or training.

Location

• Cheshire – hybrid working