Governance, Risk & Compliance (GRC) Lead

The GRC Lead is responsible for establishing, implementing, and maturing an enterprise-wide Governance, Risk & Compliance program. The role will directly address high‑priority risks—including disaster recovery readiness, identity governance, cyber supplier risk, and compliance obligations (ISO27001, Cyber Essentials+)—to ensure the organisation achieves a resilient, secure, and compliant operating environment.

This role requires a strategic thinker capable of building policies, frameworks, and processes, while also executing hands‑on GRC activities to reduce enterprise IT risk.

Key Responsibilities

Governance

• Develop and maintain governance frameworks, policies, and standards aligned with organisational strategy.


• Establish governance for Disaster Recovery (RPO/RTO definitions, testing cycles, documentation).


• Ensure alig


• nment of governance processes with regulatory and contractual requirements.


• Promote a risk-aware culture across the organisation in partnership with HR, IT, and business leaders.Enterprise Risk Management (ERM)

• Lead identification, assessment, and monitoring of enterprise IT risks (DR, identity, supplier risk, browser credential risk, systems single point of failure).


• Develop risk mitigation plans and track remediation progress across IT and business functions.


• Conduct periodic risk assessments and maintain the corporate risk register.


• Report KRIs and risk posture to senior leadership and board committees. 

Compliance

• Lead compliance programs including ISO27001, Cyber Essentials+, and relevant industry/government standards.


• Monitor regulatory changes and ensure the organisation maintains compliance.


• Oversee internal/external audits and coordinate documentation and evidence collection.


• Develop and deliver compliance training to business and IT teams.

Technology and Security Controls

• Oversee identity governance improvements, joiner/mover/leaver controls, and credentials risk remediation.


• Drive third‑party cyber risk assessments and supplier due diligence processes.


• Partner with IT to ensure cloud, ERP and critical system controls meet best practice and risk requirements.


• Lead incident response governance and maintain updated incident playbooks.

Leadership & Stakeholder Management

• Serve as advisor to CIO/Executive team on governance, risk, and compliance matters.


• Collaborate with cross‑functional teams (Procurement, HR, Local IT Leads, Security).


• Build and mentor a growing GRC function as the organisation matures.

Training, Capability & Continuous Development

Given the evolving regulatory, cyber‑risk and governance landscape, the GRC Lead will be supported through a structured and ongoing training programme to ensure continued capability, regulatory alignment and professional development.

Mandatory / Core Training (Initial 6–12 Months)

ISO 27001 / ISO 27002

Refresher or Lead Implementer / Lead Auditor training to support certification readiness and ongoing compliance oversight.

Risk Management Frameworks

Training aligned to NIST CSF, ISO 31000, and enterprise risk management best practice to support consistent risk identification, assessment and reporting.

Regulatory & Compliance Awareness

Ongoing training covering GDPR, cyber security legislation, industry‑specific regulatory requirements, and emerging compliance obligations.

Third‑Party & Supplier Risk Management

Training on supplier due diligence, contract risk, and third‑party cyber risk assessment methodologies.

Leadership & Stakeholder Training

Executive & Board Communication

Development focused on presenting risk, controls and compliance status clearly to senior leadership and governance committees.

Influencing Without Authority

Training to support cross‑functional engagement, particularly where risk ownership sits outside of IT or security teams.

Policy & Governance Framework Development -Advanced training in policy writing, governance design, and control lifecycle management.

Continuous Professional Development (CPD)

• Participation in relevant industry forums, professional bodies, and GRC communities


• Attendance at security, risk and governance conferences or briefings


• Ongoing vendor‑led training relating to tooling, regulatory changes and emerging risk areas


• Annual CPD planning aligned to organisational risk priorities

Knowledge Sharing & Internal Enablement

• Delivery of awareness sessions for IT and business teams on governance, risk and compliance obligations


• Development and maintenance of internal training materials, standards and guidance


• Support for building a risk‑aware culture across the organisation

Governance Assurance

All training and development activities will be:

• Documented and reviewed annually

Required Qualifications & Skills

Education & Certifications

• Bachelor’s degree in business IT, Risk Management, Cybersecurity or related field.


• Preferred: CISA, CRISC, CISSP, ISO27001 Lead Implementer/Auditor.

Experience

• 6–15 years GRC, cybersecurity risk management, internal audit, or enterprise risk experience.


• Experience leading risk mitigation projects across DR, identity governance, supplier risk, and regulatory compliance.


• Strong knowledge of NIST CSF, ISO27001/2, SOC frameworks, GDPR and global privacy regulations.

Technical & Professional Skills

• Strong understanding of IT infrastructure, cloud environments, ERP systems, and identity platforms.


• Ability to translate complex risks into business-language recommendations.


• Excellent communication, policy writing, and stakeholder management skills.


• Reflected in succession planning and role‑critical capability assessments

OUR VALUES AND CULTURE AND BENEFITS:

The Glen Dimplex values are important guiding principles and define the way all employees across the Group work: We Think Customer, We Care About People, We Value Innovation and We Keep It Simple. Our core values are ingrained in our DNA and play an active part in everything we do.  Each one reminds us to stay true to ourselves whilst driving us to create innovative products and solutions for our customers.

At Glen Dimplex, we are strongly committed to providing equal employment opportunities for all. We are focused on creating and inclusive culture and believe that it is essential to creating a dynamic and supportive workplace. We are committed to fostering a culture that embraces and celebrates differences in race, ethnicity, gender, sexual orientation, age, religion, and ability. We believe diverse perspectives and experiences are essential to our success as a company and a team.

We believe in investing in our employees' well-being and recognise the importance of work-life balance. We offer a comprehensive benefits package to support our employees' physical, mental, and financial health. Our benefits package includes:

·         Competitive salary

·         Generous annual leave allowance

·         Private Health Insurance

·         Pension and Death in Service Benefit

·         Employee Assistance Programme

·         Permanent Health Insurance

·         Life Assurance

·         Supportive Family Leave policies.

We also offer additional benefits such as

·         -Generous discounts on Company products.

·         -Bike to Work / Tax Saver initiatives.

·         -Regular wellbeing talks supports and resources.

By submitting your application, you agree that Glen Dimplex may collect your personal data for recruiting and related purposes. Glen Dimplex Privacy Policy explains what personal information we may process, where we may process your personal information, our purposes for processing your personal information, and the rights you can exercise over Glen Dimplex's use of your personal information.