GRC Lead (Security & Compliance)
other jobs Astrii Group
Added before 2 Days
- England,London,City of London
- Part Time, Contract
- Salary negotiable
Job Description:
The RoleWe are looking for a proactive, detail-oriented GRC Lead to serve as the dedicated compliance lead for a portfolio of clients. You won’t just be "checking boxes"—you will be the architect of their security posture, ensuring they remain audit-ready, compliant, and secure in an ever-evolving regulatory landscape.
You will act as the bridge between technical controls and business objectives, managing everything from automated compliance platforms like Vanta to custom-built internal frameworks.
The Commitment & Scalability
*Expected Commitment: Initially roughly 3-5 days per month.
*The Long Game: This role is designed to evolve into a permanent position as our client base grows. It is fully compatible with other engagements until we scale toward full-time.
*Flexibility: Your schedule is your own as the role is remote-first with flexible hours. However, due to the nature of the role, remote client meetings on weekdays should be expected.
Key Responsibilities*Compliance Lifecycle Management: Lead and maintain compliance programs across multiple frameworks, specifically SOC 2, ISO 27001, GDPR, and Cyber Essentials.
*Audit Readiness & Execution: Manage observation periods with precision. You’ll be the primary point of contact for auditors, ensuring all evidence is collected, vetted, and presented to keep audits running smoothly and successfully.
*Platform Mastery: Drive compliance using Vanta, while remaining adaptable enough to manage custom platforms or manual frameworks depending on the client’s unique tech stack.
*Operational Excellence: Stay ahead of the curve by ensuring all periodic tasks (access reviews, policy updates, risk assessments) are completed on time.
*Vendor & Risk Management: Own the third-party risk lifecycle by reviewing and vetting new vendors and responding to incoming security questionnaires from our clients’ customers.
*Client Success & Education: Act as a trusted advisor to client stakeholders. You will be responsible for keeping client employees informed on security best practices and ensuring the overall satisfaction of the leadership teams you support.
What You Bring to the Table*Multi-Framework Expertise: Proven experience managing SOC 2 and ISO 27001 is essential. Familiarity with GDPR and Cyber Essentials is highly preferred.
*The "Vanta" Edge: Deep experience with automated compliance tooling (Vanta, Drata, etc.) but the mental flexibility to work outside of them when necessary.
*Jurisdictional Agility: A solid understanding of global security standards and the ability to quickly get up to speed on new jurisdictions or niche domains.
*Communication Skills: You can translate "compliance-speak" into plain English for client employees and hold your own in technical discussions with external auditors.
*Project Management Prowess: You thrive when juggling multiple clients and deadlines, never letting a control lapse or an evidence request go unanswered.
Why Join Us?*Variety: No two days are the same. You’ll work with startups, scale-ups, and established enterprises across various industries.
*Autonomy: We trust your expertise. You’ll have the freedom to manage your clients’ compliance journeys as you see fit.
*Growth: Stay at the forefront of GRC tech and global regulatory trends.
You will act as the bridge between technical controls and business objectives, managing everything from automated compliance platforms like Vanta to custom-built internal frameworks.
The Commitment & Scalability
*Expected Commitment: Initially roughly 3-5 days per month.
*The Long Game: This role is designed to evolve into a permanent position as our client base grows. It is fully compatible with other engagements until we scale toward full-time.
*Flexibility: Your schedule is your own as the role is remote-first with flexible hours. However, due to the nature of the role, remote client meetings on weekdays should be expected.
Key Responsibilities*Compliance Lifecycle Management: Lead and maintain compliance programs across multiple frameworks, specifically SOC 2, ISO 27001, GDPR, and Cyber Essentials.
*Audit Readiness & Execution: Manage observation periods with precision. You’ll be the primary point of contact for auditors, ensuring all evidence is collected, vetted, and presented to keep audits running smoothly and successfully.
*Platform Mastery: Drive compliance using Vanta, while remaining adaptable enough to manage custom platforms or manual frameworks depending on the client’s unique tech stack.
*Operational Excellence: Stay ahead of the curve by ensuring all periodic tasks (access reviews, policy updates, risk assessments) are completed on time.
*Vendor & Risk Management: Own the third-party risk lifecycle by reviewing and vetting new vendors and responding to incoming security questionnaires from our clients’ customers.
*Client Success & Education: Act as a trusted advisor to client stakeholders. You will be responsible for keeping client employees informed on security best practices and ensuring the overall satisfaction of the leadership teams you support.
What You Bring to the Table*Multi-Framework Expertise: Proven experience managing SOC 2 and ISO 27001 is essential. Familiarity with GDPR and Cyber Essentials is highly preferred.
*The "Vanta" Edge: Deep experience with automated compliance tooling (Vanta, Drata, etc.) but the mental flexibility to work outside of them when necessary.
*Jurisdictional Agility: A solid understanding of global security standards and the ability to quickly get up to speed on new jurisdictions or niche domains.
*Communication Skills: You can translate "compliance-speak" into plain English for client employees and hold your own in technical discussions with external auditors.
*Project Management Prowess: You thrive when juggling multiple clients and deadlines, never letting a control lapse or an evidence request go unanswered.
Why Join Us?*Variety: No two days are the same. You’ll work with startups, scale-ups, and established enterprises across various industries.
*Autonomy: We trust your expertise. You’ll have the freedom to manage your clients’ compliance journeys as you see fit.
*Growth: Stay at the forefront of GRC tech and global regulatory trends.
Job number 3462627
Increase your exposure to recruiters with ProJobs
Thousands of recruiters are looking for you in the Job Master profile database, increase your exposure 4 times with a ProJob subscription
You can cancel your subscription at any time.
metapel
Company Details:
Astrii Group
Company size: 1–4 employees
Industry: IT & Telecoms
We function as the dedicated compliance and security department for our clients, taking full ownership of their security posture so they can focus on ...