Technology Governance Manager

We are seeking a highly capable Technology Governance Manager to lead and mature the governance, risk, and compliance framework across our Technology function. In this role, you will ensure that technology risk, change, and information security are effectively managed, and that policies, controls, and governance practices actively support business performance.

You will own and develop our technology governance framework, maintain compliance with key standards such as ISO 27001 and Cyber Essentials Plus, embed a culture of secure by design principles, and ensure that governance is practical, usable, and outcome driven. You'll work closely with senior stakeholders, the Information Security team, and technology partners to reduce risk, ensure compliance, and support the organisation's ongoing growth and stability.

This is an exciting opportunity for someone who enjoys shaping policy, managing risk, influencing culture, and ensuring that strong governance underpins high quality service delivery.

• Excellent communication and stakeholder management skills
• CISSP or CISSM qualification
• ISO 27001 qualifications/experience (highly desirable)
• ITIL v3 knowledge (desirable)
• Strong document management and policy writing skills
• Demonstrable experience delivering security best practice, risk management, and change governance
• Experience coordinating internal/external audits and managing compliance activities
• Project management experience and the ability to lead improvements end to end
• High level understanding of enterprise IT functions (ideally within private medical or similar industries)
• Ability to prioritise effectively and own issues through to resolution

Experience managing or guiding others.

• Develop, maintain, and improve the Technology Governance Framework
• Ensure governance aligns with organisational risk frameworks and supports business performance
• Embed "secure by design" and risk aware decision making
• Own and maintain all Technology policies, standards, and guidelines
• Ensure compliance with internal and external governance requirements (ISO 27001, CE+, regulatory standards)
• Provide governance content for tenders and bids
• Own the Technology Disaster Recovery Plan and ensure structured, reliable recovery processes
• Simplify governance where possible without compromising accreditation

• Own and manage the Technology Risk Register
• Identify, assess, and prioritise risks across systems, suppliers, and services
• Ensure mitigations and remediation plans are in place and tracked
• Provide clear reporting of risk posture to senior leadership

• Manage technology change across services, infrastructure, and solutions
• Ensure change processes remain effective and support delivery velocityPromote a risk based assessment approach rather than blanket checks

• Work closely with the Information Security Manager / DPO
• Ensure cyber and security controls align with business risk appetite and compliance frameworks
• Promote best practice across access control, configuration, monitoring, and data protection

• Coordinate internal and external security audits and certification activities
• Track and close non conformities and improvement actions
• Provide structured compliance reporting for stakeholders including Group, shareholders, customers, and insurers
• Monitor and audit technology suppliers against governance and security requirements