Real success is the success you share

Job Title: GRC Manager

Location: Northern Ireland

Office: Belfast

Department: IT
Reports to: IT Director

Role Purpose

The GRC Manager is responsible for establishing and maintaining effective governance, risk management, compliance, business continuity, and data protection practices across the organisation.

The role provides oversight, coordination, and assurance that organisational risks and obligations are identified, managed, evidenced, and reported in a consistent and transparent manner. Working closely with the Information Security Officer, the GRC Manager ensures that security, risk, resilience, and compliance considerations are embedded into business and IT operations, enabling informed decision‑making and organisational resilience.

Key Responsibilities

· Develop, maintain, and embed governance frameworks, policies, standards, and procedures.

· Coordinate governance activities and reporting to senior leadership and governance forums

· Monitor adherence to internal policies and recommend corrective actions where required

· Maintain corporate and IT risk registers, ensuring risks are accurately assessed and documented

· Facilitate risk assessments for new systems, suppliers, changes, and projects

· Track and report progress of risk mitigation and treatment plans

· Support risk acceptance decisions and ensure these are formally documented

· Identify, track, and manage regulatory, contractual, and internal compliance obligations

· Coordinate internal audits, reviews, and external assurance activities

· Manage findings, non‑conformities, and corrective action plans

· Maintain compliance evidence and assurance artefacts

· Respond to customer, partner, and third‑party assurance requests

· Lead the organisation’s business continuity and resilience framework

· Coordinate Business Impact Assessments (BIAs) with service owners

· Ensure business continuity and disaster recovery plans are documented, reviewed, and tested

· Facilitate continuity exercises, tests, and post‑incident reviews

· Drive continuous improvement of resilience arrangements

· Work closely with the Information Security Officer to align risk, governance, and compliance activities with the organisation’s security strategy

· Provide governance and assurance oversight of information security risks, incidents, and control effectiveness

· Ensure security risks and exceptions are formally documented, tracked, and reported

· Translate technical security issues into business‑level risk insights for leadership

· Coordinate handling of data subject rights requests, including:

o Subject Access Requests (SARs)

o Requests for rectification, erasure, or restriction

· Log, track, and manage requests to ensure statutory timescales are met

· Coordinate responses across IT, HR, Legal, and business teams

· Maintain records of requests and outcomes

· Support privacy risk assessments and advise on data protection queries

· Support awareness and training activities where appropriate

Skills & Competencies

· Proven experience in an Information Security, Governance, Risk, or Compliance role, ideally within a multi‑site or regional organisation.

· Hands‑on experience implementing and maintaining security and compliance certifications and frameworks such as ISO 27001, Cyber Essentials Plus, or NIST.

· Strong communication and stakeholder engagement skills, with a customer‑focused approach.

· Ability to work autonomously, manage priorities effectively, and travel between sites as required.

· Skilled in producing clear, well‑structured documentation and delivering accessible, user‑friendly training.

· Experience collaborating closely with an Information Security function or security professionals.

· Solid understanding of data protection, privacy legislation, and related regulatory obligations.

Qualifications & Education

• Minimum Level 3 qualification in IT (e.g., Level 3 Diploma in IT Systems Support, Level 3 BTEC in IT, or equivalent).

• Or more than 3 years’ experience working in a similar IT support role.