Cyber Security Management & Governance Specialist (GRC)

As a Cyber Security Management & Governance Specialist (GRC), you will help clients build, run, and continuously improve their cyber security governance. You will shape policies and controls, manage risk, support audits and compliance, and drive security improvements across people, process, and technology - often in environments with complex IAM and cloud estates., * Own and improve cyber security governance frameworks across client environments (policies, standards, procedures, control libraries).

• Run security risk assessments and maintain risk registers; define treatment plans and track remediation progress.
• Map controls to recognised frameworks (e.g., ISO 27001, NIST CSF, CIS, SOC 2) and support certification/audit readiness.
• Lead or support internal/external audits, evidence gathering, and corrective action plans.
• Drive IAM governance: access reviews, Joiner/Mover/Leaver processes, privileged access governance, role-based access principles.
• Support third-party/supplier security reviews and contractual security requirements.
• Create security metrics/KPIs and reporting for stakeholders (exec-ready and operational views).
• Deliver workshops with client stakeholders, translating technical risk into clear business impact and practical actions.
• Collaborate with technical delivery teams (SOC, IAM engineers, cloud/network) to ensure governance aligns to how systems actually operate.

• Strong working knowledge of security frameworks (ISO 27001/27002, NIST, CIS, etc.) and audit evidence requirements.
• Ability to write clear, professional documentation (policies, standards, risk assessments, audit packs).
• Strong stakeholder management: confident with clients, delivery teams, and senior decision-makers.
• Practical mindset - able to turn governance into real-world, implementable controls.

Desirable:

• Experience with IAM / PAM governance (e.g., CyberArk, Okta, Entra ID/Azure AD, SailPoint or similar).
• Knowledge of UK/EU privacy and regulatory expectations (e.g., GDPR), and security in cloud environments (Azure/AWS).
• Certifications such as ISO 27001 Lead Implementer/Lead Auditor, CISSP, CISM, CRISC, CCSK (or working towards).

• Competitive salary aligned to experience and responsibilities
• Flexible working (hybrid/remote options depending on client needs)
• Training and certification support
• Opportunity to work on varied client engagements across sectors and geographies
• Collaborative team culture with international delivery exposure

Schedule

• Monday to Friday
• Hybrid working (client/site visits may be required occasionally)

Job Types: Full-time, Permanent

Pay: £37,000.00-£38,000.00 per year

Infosec K2K stands as an unrivalled IT leader in offering state-of-the-art technology services since its inception in 2020. Over the years, we have evolved as the most trusted, reliable and robust digital transformation partner for all digital needs of organisations- big or small. We work closely with global clients to help them stay updated on digital fronts, meet the rapidly changing business needs, optimise network performance and deliver best-in-class technology experience.