Governance Risk & Compliance Manager

Job Introduction

Salary: £55,310.87 per annum with yearly increments based on performance.

Contract Type: Permanent

Location: Cardiff, Wales 

Type of Working Arrangement: Blended approach of home and office-working is available - A minimum of two days per week to be worked in the office.

Hours: This is full-time role (37 hours per week) 

British Transport Police (BTP) is the national police force for the rail network throughout Great Britain. We are the ‘Guardians of the Railway,’ putting passenger safety at the heart of what we do. Our values are simply: We Care, We Do the Right Thing, We Strive to Be Better Every Day, We Are One BTP, and We Are Proud to Protect. Join us and help create an environment where we can all be our best every day.

The Opportunity:

British Transport Police have an opportunity for a Governance Risk and Compliance (GRC) Manager  to join the Information Management Department. As a GRC Manager with BTP, you will provide strategic leadership and operational delivery of the organisation’s Information Management Governance, Risk and Compliance function. You will play a pivotal role in ensuring BTP maintains a robust Information Security Management System (ISMS), aligned with national policing and industry standards, while embedding a culture of compliance, continuous improvement, and proactive risk mitigation across the organisation. You will also lead and develop a team of GRC Officers, providing coaching, direction, and oversight to support high performance and professional growth.

What you'll be doing: 

• Strategic Leadership & Governance – Lead the development and continuous improvement of BTP’s Information Security Management System (ISMS), ensuring alignment with national policing and industry standards, and act as the senior lead for information assurance governance and strategy.
• Risk & Incident Management – Oversee the identification, assessment, and mitigation of information risks across BTP, maintain the organisational Information Management risk register, and lead the force-wide incident response process in line with national guidance.
• Policy & Compliance Oversight – Develop and govern information security policies, ensuring compliance with GDPR, DPA 2018, and national standards, and monitor adherence through audits and assurance activities.
• Third-Party Assurance – Manage third-party risk using the NPCC TPAP framework, ensuring suppliers meet BTP’s security standards and reporting compliance to governance boards.
• Team Leadership & Development – Lead, coach, and support the GRC team, fostering a high-performance culture, promoting agile working, and enabling cross-functional collaboration.
• Strategic Reporting & Liaison – Prepare strategic advice and reports for senior stakeholders, act as BTP’s Crypto Custodian, and liaise with national bodies including Police Digital Services and the Police Information Assurance Board.

What you'll bring to the team: Essential Skills, Qualifications, Knowledge and Experience 

• Qualifications & Training – Educated to degree level (or equivalent experience) in a relevant discipline, with professional certifications including CISMP, CISSP, and GDPR/Data Protection. 
• Experience – Significant experience in information security, risk management, and compliance within a complex or regulated environment—ideally policing or public sector. Proven track record in developing governance frameworks, managing third-party assurance, and leading audits and accreditation processes.
• Skills – Strong analytical and communication skills, with the ability to translate complex technical concepts into clear guidance for non-technical audiences. Skilled in stakeholder engagement working closely with colleagues in Technology, policy development, and embedding compliance through audits and risk assessments.
• Leadership – Demonstrable ability to lead and develop high-performing teams, drive change, and embed new ways of working. Experience in coaching and supporting professional growth within a governance or compliance function.
• Knowledge – Deep understanding of ISO/IEC 27001, GDPR, and national security standards (e.g. NCSC, NPCC). Solid working knowledge of cryptographic controls, accreditation processes, and assurance methodologies.
• Strategic Thinking – Ability to prepare strategic reports and position papers, advise senior stakeholders, and contribute to the development of organisational information security strategy and policy.

Further information about this vacancy can be found in the attached job description.

How to apply: Applications will be via an up to date CV and an online application form, as part of this application you will be asked to outline how your skills and experience demonstrate your suitability for the role.

Completed applications must be submitted by 11.59pm, 27 November 2025

What we offer:

• 28 days annual leave plus bank holidays, increasing to 30 days after 5 years.
• Family-friendly policies, including up to 26 weeks paid maternity and adoption leave.
• Bespoke benefits platform and Blue Light Card access.
• Salary sacrifice options for cycles, home technology, gym membership, and electric vehicles.
• Interest-free annual rail season ticket loan after 6 months. 
• Access to the Transport Benevolent Fund for health, welfare, and financial support.
• Development opportunities, including fully funded apprenticeships.
• Excellent Pension scheme:  We offer the BTP GPP Police Staff Pension Scheme, administered by Royal London. This group personal pension plan is available to all police staff and is a defined contribution scheme. It provides the flexibility to vary your pension contributions from 4.4% to 12% of your salary. For more information, visit the Royal London dedicated pension page or email us at Pension-Queries@btp.police.uk. Note: If you are an existing member of Police Staff in the RPS, your pension will not be affected.

Vetting: Successful applicants will be required to pass Management Vetting (5 years minimum UK residency required), including a full background and financial disclosure. For more information and Top Tips, please see attached document. 

Medical: We’ll ask for relevant health and medical history details to support employee wellbeing.  

References: We'll ask for references to cover the past 5 years.

Inclusion & Diversity: 

At BTP, we are committed to fostering an inclusive workplace where everyone feels valued. We believe diversity drives innovation and better decision-making. Our roles are open to everyone, and we encourage applications from underrepresented groups, including Black, Asian, and minority ethnic candidates, women, LGBTQI+ individuals, people with disabilities, and those who are neurodiverse. As part of our commitment we operate a ‘Disability Confident Scheme’ - all candidates who declare a disability and meet the essential criteria for the role will be offered an interview. 

For more information on Inclusion or the Disability Confident Scheme, please click the links Inclusion & Diversity Disability Confident Scheme

Join Us: 

Grow your career with us. We can’t wait to hear from you! See why BTP is right for you and click here for more information. For further information, please contact our Resourcing Team at RecruitmentTeam@btp.police.uk.

The above advert, Job description and Application process is available through the medium of Welsh - if requested.