The Head of GRC leads the pillar responsible for ensuring the organisation understands, manages, and can demonstrate compliance with its security risk and regulatory obligations. This includes owning the PCI DSS compliance programme, managing FCA and ICO regulatory engagement, maintaining the security risk register, and ensuring third‑party risks are assessed and managed. The role bridges the gap between technical security delivery and regulatory/business expectations, translating the organisation’s declared risk appetite into measurable tolerances, control objectives, and compliance evidence. This is a critical leadership position that requires someone comfortable operating at both strategic and operational levels. The ideal candidate will have a financial services background, regulation expertise and practical experience, and the credibility to engage effectively with the FCA, external auditors, and the QSA.

Key Responsibilities

• Own the security policy f...