Governance, Risk & Compliance (GRC) Lead

{
  "content_hash": "373f154d0647c4ee2b946b7a1c9bf0ba2383a31929c8f1035f7de7925f55c8b7",
  "source_hash": "8954f5a44a33894bd7f9d7ee0d20ee357a2ea336d9e1d5a2e733218157ee339e",
  "last_changed_at": "2026-05-30T05:38:00.728Z",
  "active_status": "active"
}

{
  "language": "en",
  "location": {
    "raw": "Cloghran, Dublin, K67 VE08, Ireland",
    "city": "Cloghran",
    "region": "Dublin",
    "country": null,
    "is_remote": false,
    "confidence": 0.8
  },
  "salary_max": null,
  "salary_min": null,
  "inferred_at": "2026-06-06T08:45:50.855Z",
  "launch_scope": {
    "reason": "bamboohr_production_catalog",
    "included": true,
    "location": {
      "raw": "Cloghran, Dublin, K67 VE08, Ireland",
      "city": "Cloghran",
      "region": "Dublin",
      "country": null,
      "is_remote": false,
      "confidence": 0.8
    },
    "countries": []
  },
  "remote_policy": null,
  "salary_period": null,
  "workplace_type": null,
  "salary_currency": null
}

{}

{
  "list_job": {
    "id": "343",
    "isRemote": null,
    "location": {
      "city": "Cloghran",
      "state": "Dublin"
    },
    "atsLocation": {
      "city": null,
      "state": null,
      "country": null,
      "province": null
    },
    "departmentId": "19086",
    "locationType": "2",
    "jobOpeningName": "Governance, Risk & Compliance (GRC) Lead ",
    "departmentLabel": "Cyber Security",
    "employmentStatusLabel": "Permanent, Full Time"
  },
  "detail_errors": [],
  "detail_job_opening": {
    "location": {
      "city": "Cloghran",
      "state": "Dublin",
      "postalCode": "K67 VE08",
      "addressCountry": "Ireland"
    },
    "datePosted": "2026-04-24",
    "atsLocation": {
      "city": null,
      "state": null,
      "country": null,
      "countryId": null
    },
    "description": "<p>The GRC Lead is responsible for establishing, implementing, and maturing an enterprise-wide Governance, Risk &amp; Compliance program. The role will directly address high‑priority risks—including disaster recovery readiness, identity governance, cyber supplier risk, and compliance obligations (ISO27001, Cyber Essentials+)—to ensure the organisation achieves a resilient, secure, and compliant operating environment.</p>\n<p>This role requires a strategic thinker capable of building policies, frameworks, and processes, while also executing hands‑on GRC activities to reduce enterprise IT risk.</p>\n<p> </p>\n<p><span style=\"font-size: 12pt; font-weight: bold\">Key Responsibilities</span></p>\n<p><br></p>\n<p><span style=\"font-weight: bold\">Governance</span><br></p>\n<ul>\n<li>Develop and maintain governance frameworks, policies, and standards aligned with organisational strategy.</li>\n<li>Establish governance for Disaster Recovery (RPO/RTO definitions, testing cycles, documentation).</li>\n<li>Ensure alig</li>\n<li>nment of governance processes with regulatory and contractual requirements.</li>\n<li>Promote a risk-aware culture across the organisation in partnership with HR, IT, and business leaders.Enterprise Risk Management (ERM)</li>\n</ul>\n<ul>\n<li>Lead identification, assessment, and monitoring of enterprise IT risks (DR, identity, supplier risk, browser credential risk, systems single point of failure).</li>\n<li>Develop risk mitigation plans and track remediation progress across IT and business functions.</li>\n<li>Conduct periodic risk assessments and maintain the corporate risk register.</li>\n<li>Report KRIs and risk posture to senior leadership and board committees. </li>\n</ul>\n<p><span style=\"font-weight: bold\"> Compliance</span></p>\n<ul>\n<li>Lead compliance programs including ISO27001, Cyber Essentials+, and relevant industry/government standards.</li>\n<li>Monitor regulatory changes and ensure the organisation maintains compliance.</li>\n<li>Oversee internal/external audits and coordinate documentation and evidence collection.</li>\n<li>Develop and deliver compliance training to business and IT teams.</li>\n</ul>\n<p><span style=\"font-weight: bold\"> Technology and Security Controls</span></p>\n<ul>\n<li>Oversee identity governance improvements, joiner/mover/leaver controls, and credentials risk remediation.</li>\n<li>Drive third‑party cyber risk assessments and supplier due diligence processes.</li>\n<li>Partner with IT to ensure cloud, ERP and critical system controls meet best practice and risk requirements.</li>\n<li>Lead incident response governance and maintain updated incident playbooks.</li>\n</ul>\n<p><span style=\"font-weight: bold\"> Leadership &amp; Stakeholder Management</span></p>\n<ul>\n<li>Serve as advisor to CIO/Executive team on governance, risk, and compliance matters.</li>\n<li>Collaborate with cross‑functional teams (Procurement, HR, Local IT Leads, Security).</li>\n<li>Build and mentor a growing GRC function as the organisation matures.</li>\n</ul>\n<p> </p>\n<p><span style=\"font-size: 12pt; font-weight: bold\">Training, Capability &amp; Continuous Development</span></p>\n<p>Given the evolving regulatory, cyber‑risk and governance landscape, the GRC Lead will be supported through a structured and ongoing training programme to ensure continued capability, regulatory alignment and professional development.</p>\n<p><br></p>\n<p><span style=\"font-weight: bold\">Mandatory / Core Training (Initial 6–12 Months)</span></p>\n<p><span style=\"font-weight: bold\">ISO 27001 / ISO 27002</span></p>\n<p>Refresher or Lead Implementer / Lead Auditor training to support certification readiness and ongoing compliance oversight.</p>\n<p><br></p>\n<p><span style=\"font-weight: bold\">Risk Management Frameworks</span></p>\n<p>Training aligned to NIST CSF, ISO 31000, and enterprise risk management best practice to support consistent risk identification, assessment and reporting.</p>\n<p><br></p>\n<p><span style=\"font-weight: bold\">Regulatory &amp; Compliance Awareness</span></p>\n<p>Ongoing training covering GDPR, cyber security legislation, industry‑specific regulatory requirements, and emerging compliance obligations.</p>\n<p><br></p>\n<p><span style=\"font-weight: bold\">Third‑Party &amp; Supplier Risk Management</span></p>\n<p>Training on supplier due diligence, contract risk, and third‑party cyber risk assessment methodologies.</p>\n<p> </p>\n<p><span style=\"font-weight: bold\">Leadership &amp; Stakeholder Training</span></p>\n<p><span style=\"font-weight: bold\">Executive &amp; Board Communication</span></p>\n<p>Development focused on presenting risk, controls and compliance status clearly to senior leadership and governance committees.</p>\n<p><br></p>\n<p><span style=\"font-weight: bold\">Influencing Without Authority</span></p>\n<p>Training to support cross‑functional engagement, particularly where risk ownership sits outside of IT or security teams.</p>\n<p><br></p>\n<p><span style=\"font-weight: bold\">Policy &amp; Governance Framework Development</span> -Advanced training in policy writing, governance design, and control lifecycle management.</p>\n<p> </p>\n<p><span style=\"font-weight: bold\">Continuous Professional Development (CPD)</span></p>\n<ul>\n<li>Participation in relevant industry forums, professional bodies, and GRC communities</li>\n<li>Attendance at security, risk and governance conferences or briefings</li>\n<li>Ongoing vendor‑led training relating to tooling, regulatory changes and emerging risk areas</li>\n<li>Annual CPD planning aligned to organisational risk priorities</li>\n</ul>\n<p> </p>\n<p><span style=\"font-weight: bold\">Knowledge Sharing &amp; Internal Enablement</span></p>\n<ul>\n<li>Delivery of awareness sessions for IT and business teams on governance, risk and compliance obligations</li>\n<li>Development and maintenance of internal training materials, standards and guidance</li>\n<li>Support for building a risk‑aware culture across the organisation</li>\n</ul>\n<p> </p>\n<p><span style=\"font-weight: bold\">Governance Assurance</span><br></p>\n<p><span style=\"font-weight: bold\">All training and development activities will be:</span></p>\n<ul>\n<li>Documented and reviewed annually</li>\n</ul>\n<p><br></p>\n<p><span style=\"font-weight: bold\">Required Qualifications &amp; Skills</span></p>\n<p><span style=\"font-weight: bold\">Education &amp; Certifications</span></p>\n<ul>\n<li>Bachelor’s degree in business IT, Risk Management, Cybersecurity or related field.</li>\n<li>Preferred: CISA, CRISC, CISSP, ISO27001 Lead Implementer/Auditor.</li>\n</ul>\n<p><br></p>\n<p><span style=\"font-weight: bold\">Experience</span></p>\n<ul>\n<li>6–15 years GRC, cybersecurity risk management, internal audit, or enterprise risk experience.</li>\n<li>Experience leading risk mitigation projects across DR, identity governance, supplier risk, and regulatory compliance.</li>\n<li>Strong knowledge of NIST CSF, ISO27001/2, SOC frameworks, GDPR and global privacy regulations.</li>\n</ul>\n<p><br></p>\n<p><span style=\"font-weight: bold\">T</span><span style=\"font-weight: bold\">echnical &amp; Professional Skills</span></p>\n<ul>\n<li>Strong understanding of IT infrastructure, cloud environments, ERP systems, and identity platforms.</li>\n<li>Ability to translate complex risks into business-language recommendations.</li>\n<li>Excellent communication, policy writing, and stakeholder management skills.</li>\n<li>Reflected in succession planning and role‑critical capability assessments</li>\n</ul>\n<p> </p>\n<p><br><br></p>\n<p><span style=\"font-weight: bold\">OUR VALUES AND CULTURE AND BENEFITS:</span></p>\n<p> </p>\n<p>The Glen Dimplex values are important guiding principles and define the way all employees across the Group work: We Think Customer, We Care About People, We Value Innovation and We Keep It Simple. Our core values are ingrained in our DNA and play an active part in everything we do.  Each one reminds us to stay true to ourselves whilst driving us to create innovative products and solutions for our customers.</p>\n<p> </p>\n<p>At Glen Dimplex, we are strongly committed to providing equal employment opportunities for all. We are focused on creating and inclusive culture and believe that it is essential to creating a dynamic and supportive workplace. We are committed to fostering a culture that embraces and celebrates differences in race, ethnicity, gender, sexual orientation, age, religion, and ability. We believe diverse perspectives and experiences are essential to our success as a company and a team.</p>\n<p> </p>\n<p>We believe in investing in our employees' well-being and recognise the importance of work-life balance. We offer a comprehensive benefits package to support our employees' physical, mental, and financial health. Our benefits package includes:</p>\n<p> </p>\n<p>·         Competitive salary</p>\n<p>·         Generous annual leave allowance</p>\n<p>·         Private Health Insurance</p>\n<p>·         Pension and Death in Service Benefit</p>\n<p>·         Employee Assistance Programme</p>\n<p>·         Permanent Health Insurance</p>\n<p>·         Life Assurance</p>\n<p>·         Supportive Family Leave policies.</p>\n<p> </p>\n<p><span style=\"font-weight: bold\">We also offer additional benefits such as </span></p>\n<p>·         -Generous discounts on Company products.</p>\n<p>·         -Bike to Work / Tax Saver initiatives.</p>\n<p>·         -Regular wellbeing talks supports and resources<span style=\"font-weight: bold\">. </span></p>\n<p><br><br></p>\n<p><br><br></p>\n<p>By submitting your application, you agree that Glen Dimplex may collect your personal data for recruiting and related purposes. <span><a href=\"https://www.glendimplex.com/index.php/en-ie/candidate-privacy-notice\" target=\"_blank\" rel=\"noopener noreferrer\">Glen Dimplex Privacy Policy</a></span> explains what personal information we may process, where we may process your personal information, our purposes for processing your personal information, and the rights you can exercise over Glen Dimplex's use of your personal information.</p>\n<p> </p>\n<p><br></p>",
    "compensation": null,
    "departmentId": "19086",
    "locationType": "2",
    "seekPromoted": false,
    "jobCategoryId": null,
    "jobOpeningName": "Governance, Risk & Compliance (GRC) Lead ",
    "departmentLabel": "Cyber Security",
    "jobOpeningStatus": "Open",
    "minimumExperience": "Manager/Supervisor",
    "jobOpeningShareUrl": "https://glendimplex.bamboohr.com/careers/343",
    "employmentStatusLabel": "Permanent, Full Time"
  }
}