This role is central to strengthening and advancing the organization’s cybersecurity control framework across global operations. As a strategic and hands-on cyber risk professional, you will drive consistency, compliance, and maturity in cyber governance, risk management, and audit practices, directly supporting the Regional Director of Cyber Security.  The successful candidate will have a proven background in cyber risk and compliance functions within regulated industries, demonstrating both tactical and strategic expertise. Experience in managing cyber risk across multiple jurisdictions (US, UK, EU) and driving regulatory alignment is essential. You will be highly organized, detail-oriented, and documentation-focused, with the ability to influence and build collaborative relationships at all levels.  This role is a functional management role, non-supervisory, that will have ownership of and directly responsible for daily execution of GRC tasks.

• Lead and Develop GRC Practices:
  Champion the development and implementation of global Cyber GRC practices, ensuring robust cyber risk management and governance across all business units.
•  Policy and Standards Management:
  Maintain, enhance, and align cybersecurity policies, standards, and documentation to meet regulatory, audit, and business requirements.

• Vendor and Third-Party Assurance:
  Oversee vendor and third-party due diligence, supplier notifications, and control assurance activities to safeguard organisational interests.
  
  
• Risk Monitoring and Reporting:
  Utilise industry-standard tools to monitor, assess, and report on cyber risks, translating technical findings into actionable insights for senior stakeholders.
  
  
• Stakeholder Engagement:
  Prepare board-level reporting and engage with executive leadership across global regions, simplifying complex technical risk concepts for non-technical audiences.
  
  
• Collaboration:
  Work closely with Technology and Cyber Operations teams to ensure alignment and effective risk mitigation.

• Deep understanding of cyber risk management frameworks (NIST, ISO 27001, CRI Cyber Risk Profile).
• Experience with regulatory compliance and alignment across global jurisdictions.
• Strong communication skills, capable of translating technical risk into clear, executive-level reporting.
• Highly developed influencing skills, able to build buy-in and foster a positive cybersecurity culture.
• Proven track record in cyber risk management, policy development, and audit readiness.
• Demonstrable experience in cyber risk and compliance roles within regulated industries.
• Experience overseeing vendor and third-party risk management.
• Proven ability to manage and deliver complex projects across multiple geographies.
• Experience engaging with senior stakeholders, including board-level executives.

Preferred Qualifications

• Experience with CMMC certification audits or CMMC Certified Assessor or Professional certified.
• Supporting governance or accreditation of IT systems used in support of US defense contracts.

At Element, we always take pride in putting our people first. We are an equal opportunity employer that recognizes diversity and inclusion as fundamental to our Vision of becoming “the world’s most trusted testing partner”.

All suitably qualified candidates will receive consideration for employment on the basis of objective work related criteria and without regard for the following: age, disability, ethnic origin, gender, marital status, race, religion, responsibility of dependents, sexual orientation, or gender identity or other characteristics in accordance with the applicable governing laws or other characteristics in accordance with the applicable governing laws.

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c) 

“If you need an accommodation filling out an application, or applying to a job,  please email Recruitment@element.com”