Technology GRC and Awareness Lead
TR/082349
Posted: 26/05/2026
Our Oil & Gas Operator client is currently recruiting for the position of Technology GRC and Awareness Lead based in Aberdeen
What we are seeking:
Experience with setting Information Security Policy and Frameworks
Experience with Technology Risk Reporting and engagement with Enterprise Risk and Audit Committees
Excellent understanding of regulatory frameworks e.g. UK CAF, Cyber Security and Resilience Bill, NIS2
Confident engaging senior leadership and explaining the current risk position and option for risk reduction
Familiar with IT security frameworks such as the NIST CSF
Bachelor Degree in CS, InfoSec, or equivalent experience
Certifications: GICSP, CISSP, or equivalent qualification
Role overview
The Information Security Governance, Risk, Policy, Framework & Awareness Lead is accountable for designing and maintaining the enterprise’s security governance structures, risk management frameworks, policy ecosystem, and security awareness strategy.
This role ensures cybersecurity is effectively governed, risk-managed, and communicated across all levels of the organisation through structured frameworks, stakeholder engagement, and compliance oversight.
Key Responsibilities:
Security governance and frameworks:
Design and maintain the organisation’s overarching information security governance model.
Define roles, responsibilities, forums, and escalation paths for cyber governance across business units and functions.
Align frameworks with industry standards (e.g. ISO/IEC 27001, NIST CSF, CAF) and integrate with enterprise governance structures.
Information Security Risk Management:
Lead the design and operation of the security risk management framework, including risk identification, assessment, treatment, and reporting.
Ensure risk registers are maintained and embedded into governance reviews and decision-making forums.
Coordinate with Enterprise Risk Management (ERM) to integrate cyber risk into the broader risk posture.
Policy, standards and compliance:
Own the lifecycle of information security policies, standards, procedures, and guidelines.
Ensure alignment with legal, regulatory, and industry requirements (e.g., NIS2, GDPR).
Establish governance routines to review, approve, and communicate policy updates organisation-wide.
Awareness, culture and training:
Develop and lead a comprehensive cybersecurity awareness and training strategy for all staff.
Drive behavioural change through targeted campaigns, phishing simulations, and executive-level engagement.
Measure awareness effectiveness through KPIs, surveys, and cultural assessments.
Executive reporting and assurance:
Deliver regular reporting to senior leadership and boards on governance effectiveness, risk posture, and policy compliance.
Support internal and external audit activity and ensure timely remediation of control deficiencies.
Lead maturity assessments (e.g. ISO 27001 audits, CAF assessments) and track progress against strategic goals.
Stakeholder Engagement & Integration:
Collaborate with Legal, Compliance, HR, and IT to embed governance, risk, and policy practices into business-as-usual activities.
Act as a subject matter expert to guide the development of secure business processes and projects.
Ensure governance and awareness initiatives are adapted to regional, cultural, and operational contexts.
Contract position
If you feel that you are well suited to the above opportunity and would like to find out more then please contact Orion Group for more information or apply by forwarding your current CV quoting reference: TR/082349
People are our business worldwide
Orion Group was founded in 1987 and is now one of the largest, independent, international recruitment companies. We have a network of 200 employees working from 24 offices, delivering a range of services – Talent Acquisition, Recruitment Outsourcing Services, Retained Search, Global Workforce Solutions, Completions & Commissioning and Materials Management – across 68 countries. As a global leader in workforce solutions, we recruit personnel across the Engineering & Technical, Office & Commercial, Scientific and Skilled Trades disciplines, for sectors including Oil & Gas, Life Science, Power & Utilities, Constructions & Infrastructure, Manufacturing and Renewables.
- PAYE Day Rate Negotiable
- Scotland, Aberdeen City, Aberdeen
- Contract
Our Oil & Gas Operator client is currently recruiting for the position of Technology GRC and Awareness Lead based in Aberdeen
- 3/2 Hybrid Work Pattern
- Based in Aberdeen
- Free onsite car parking
- 38 days holiday per annum
What we are seeking:
Experience with setting Information Security Policy and Frameworks
Experience with Technology Risk Reporting and engagement with Enterprise Risk and Audit Committees
Excellent understanding of regulatory frameworks e.g. UK CAF, Cyber Security and Resilience Bill, NIS2
Confident engaging senior leadership and explaining the current risk position and option for risk reduction
Familiar with IT security frameworks such as the NIST CSF
Bachelor Degree in CS, InfoSec, or equivalent experience
Certifications: GICSP, CISSP, or equivalent qualification
Role overview
The Information Security Governance, Risk, Policy, Framework & Awareness Lead is accountable for designing and maintaining the enterprise’s security governance structures, risk management frameworks, policy ecosystem, and security awareness strategy.
This role ensures cybersecurity is effectively governed, risk-managed, and communicated across all levels of the organisation through structured frameworks, stakeholder engagement, and compliance oversight.
Key Responsibilities:
Security governance and frameworks:
Design and maintain the organisation’s overarching information security governance model.
Define roles, responsibilities, forums, and escalation paths for cyber governance across business units and functions.
Align frameworks with industry standards (e.g. ISO/IEC 27001, NIST CSF, CAF) and integrate with enterprise governance structures.
Information Security Risk Management:
Lead the design and operation of the security risk management framework, including risk identification, assessment, treatment, and reporting.
Ensure risk registers are maintained and embedded into governance reviews and decision-making forums.
Coordinate with Enterprise Risk Management (ERM) to integrate cyber risk into the broader risk posture.
Policy, standards and compliance:
Own the lifecycle of information security policies, standards, procedures, and guidelines.
Ensure alignment with legal, regulatory, and industry requirements (e.g., NIS2, GDPR).
Establish governance routines to review, approve, and communicate policy updates organisation-wide.
Awareness, culture and training:
Develop and lead a comprehensive cybersecurity awareness and training strategy for all staff.
Drive behavioural change through targeted campaigns, phishing simulations, and executive-level engagement.
Measure awareness effectiveness through KPIs, surveys, and cultural assessments.
Executive reporting and assurance:
Deliver regular reporting to senior leadership and boards on governance effectiveness, risk posture, and policy compliance.
Support internal and external audit activity and ensure timely remediation of control deficiencies.
Lead maturity assessments (e.g. ISO 27001 audits, CAF assessments) and track progress against strategic goals.
Stakeholder Engagement & Integration:
Collaborate with Legal, Compliance, HR, and IT to embed governance, risk, and policy practices into business-as-usual activities.
Act as a subject matter expert to guide the development of secure business processes and projects.
Ensure governance and awareness initiatives are adapted to regional, cultural, and operational contexts.
Contract position
If you feel that you are well suited to the above opportunity and would like to find out more then please contact Orion Group for more information or apply by forwarding your current CV quoting reference: TR/082349
People are our business worldwide
Orion Group was founded in 1987 and is now one of the largest, independent, international recruitment companies. We have a network of 200 employees working from 24 offices, delivering a range of services – Talent Acquisition, Recruitment Outsourcing Services, Retained Search, Global Workforce Solutions, Completions & Commissioning and Materials Management – across 68 countries. As a global leader in workforce solutions, we recruit personnel across the Engineering & Technical, Office & Commercial, Scientific and Skilled Trades disciplines, for sectors including Oil & Gas, Life Science, Power & Utilities, Constructions & Infrastructure, Manufacturing and Renewables.
Alan Patterson
Office Account Manager
Apply for this role
Recruitment