GRC Officer

About the Role We are looking for a hands-on GRC Officer to support and mature our Information Security Management System (ISMS) in line with ISO27001:2022. You will work closely with the Information Risk & Governance Lead to ensure our governance, risk, and compliance processes operate effectively across the full PDCA cycle. This is a great opportunity for someone who enjoys structured governance work, documentation quality, compliance follow-up, and collaborating with stakeholders across a complex technology environment. What You Will Do Create, maintain, and update ISMS documentation aligned with ISO27001:2022. Execute and follow up on ISMS activities across the full PDCA lifecycle. Support compliance processes, including exceptions management and control activity follow-up. Assist with our GRC tool, focusing on configuration, monitoring, and maintaining compliance modules. Collaborate with internal stakeholders to gather inputs, clarify requirements, and ensure alignment with security governance standards. Provide clear updates, track actions, and support audit readiness. What You Bring 3+ years' experience with ISO27001 implementation, maintenance, or audit. Strong understanding of ISMS governance, compliance processes, risk management basics, and control frameworks. Ability to work independently, communicate effectively, and facilitate discussions with both technical and non-technical stakeholders. Strong documentation, organization, and follow-up skills. Tech-savvy and comfortable using tools such as Excel, GRC platforms, or workflow systems. Nice to Have ISO27001:2022 Lead Implementer certification. Familiarity with UCB's digital technology operating model, stakeholders, or ways of working.