GRC Officer

About the Role

We are looking for a hands-on GRC Officer to support and mature our Information Security Management System (ISMS) in line with ISO27001:2022. You will work closely with the Information Risk & Governance Lead to ensure our governance, risk, and compliance processes operate effectively across the full PDCA cycle.

This is a great opportunity for someone who enjoys structured governance work, documentation quality, compliance follow-up, and collaborating with stakeholders across a complex technology environment.

What You Will Do

• Create, maintain, and update ISMS documentation aligned with ISO27001:2022.
• Execute and follow up on ISMS activities across the full PDCA lifecycle.
• Support compliance processes, including exceptions management and control activity follow-up.
• Assist with our GRC tool, focusing on configuration, monitoring, and maintaining compliance modules.
• Collaborate with internal stakeholders to gather inputs, clarify requirements, and ensure alignment with security governance standards.
• Provide clear updates, track actions, and support audit readiness.

What You Bring

• 3+ years’ experience with ISO27001 implementation, maintenance, or audit.
• Strong understanding of ISMS governance, compliance processes, risk management basics, and control frameworks.
• Ability to work independently, communicate effectively, and facilitate discussions with both technical and non-technical stakeholders.
• Strong documentation, organization, and follow-up skills.
• Tech-savvy and comfortable using tools such as Excel, GRC platforms, or workflow systems.

Nice to Have

• ISO27001:2022 Lead Implementer certification.
• Familiarity with UCB’s digital technology operating model, stakeholders, or ways of working.