Lead GRC Specialist - PCI-DSS - Manchester

Lead GRC Specialist - PCI-DSS - Manchester

We're seeking a strong Lead GRC Specialist / GRC Manager with excellent cyber security, GRC & PCI-DSS payments experience to join our client's growing Cyber Security team. They need somebody who has excellent knowledge in PCI-DSS, ideally the subject matter expert along with good governance, risk and compliance experience

You'll have a small team of GRC Specialists to do the transactional work, so we're looking for someone who is confident and can provide the PCI-DSS expertise that is needed.

Experience Required:

• At least 5 years in a Cyber security & GRC role, at Senior, lead or manager level.
• Be a PCI-DSS expert around payments
• ISO 27001and GDPR
• Knowledge of Risk Management, including risk identification, assessment, and mitigation techniques
• Good experience around Audits and compliance
• Any penetration testing experience would be a bonus

You'll work closely with both internal and external stakeholders across Legal, Risk & Audit, Procurement, and IT to embed strong governance and maintain alignment with leading standards such as ISO 27001, NIST CSF, and GDPR. The position combines both strategic oversight and hands-on delivery, providing clear visibility of risks and driving measurable improvements in security maturity.

This role is majority onsite in Central Manchester but there is flex on start and finish times. They have just opened their brand-new UK based headquarters in Manchester, so it is a great time to join a global company that is going from strength to strength.

Responsibilities

Cyber Governance & Frameworks within a PCI-DSS environment

• Develop, maintain, and evolve the cyber governance and compliance framework.
• Define and manage information and cyber security policies, standards, and procedures.
• Ensure alignment with ISO 27001, NIST CSF, GDPR, and other relevant regulations.
• Partner with internal teams to integrate governance and compliance into daily operations.
• Support policy reviews, updates, and communication across business units.

Risk Management & Assurance

• Support risk identification, assessment, and treatment processes.
• Maintain risk registers and monitor remediation of control gaps and audit findings.
• Conduct risk assessments, control testing, and compliance reviews to ensure effectiveness.
• Prepare and deliver reports, dashboards, and metrics for management and board-level reviews.
• Collaborate with technical teams to address findings and continuously improve the security posture.

Compliance & Third-Party Assurance

• Manage compliance with key UK and international standards (e.g., GDPR, NIS Regulations, DPA 2018).
• Coordinate internal and external audits, certifications, and customer assurance activities.
• Manage other GRC specialists on projects and coordinate activities.
• Evaluate security risks of third-party vendors, ensuring alignment with internal security requirements.
• Maintain documentation, evidence, and metrics to support ongoing audit readiness.

Incident Response & Awareness

• Support the development, testing, and refinement of incident response plans.
• Assist with investigation and reporting of security incidents.
• Promote and support information security awareness and training initiatives across the organisation.

Our client is looking to pay a starting salary of £65 - 75k DOE.

If you're passionate about cyber governance, risk, and compliance and want to make a real impact in a collaborative and forward-thinking environment, we'd love to hear from you. Press 'Apply Now', or send your CV directly to faye com

Circle Recruitment is acting as an Employment Agency in relation to this vacancy. Earn yourself a referral bonus if you refer somebody else who fills the role! We also offer an iPad if you refer a new client to us and we recruit for them. Follow us on Facebook - Circle Recruitment , Twitter and LinkedIn - Circle Recruitment.