Governance, Risk and Compliance Lead

🇬🇧 United Kingdom - Remote
⚖️ Finance & Legal🟣 Senior

Job description

At Wayve we’re committed to creating a diverse, fair and respectful culture that is inclusive of everyone based on their unique skills and perspectives, and regardless of sex, race, religion or belief, ethnic or national origin, disability, age, citizenship, marital, domestic or civil partnership status, sexual orientation, gender identity, veteran status, pregnancy or related condition  (including breastfeeding) or any other basis as protected by applicable law.

About us

Founded in 2017, Wayve is the leading developer of Embodied AI technology.  Our advanced AI software and foundation models enable vehicles to perceive, understand, and navigate any complex environment, enhancing the usability and safety of automated driving systems.

Our vision is to create autonomy that propels the world forward.  Our intelligent, mapless, and hardware-agnostic AI products are designed for automakers, accelerating the transition from assisted to automated driving.

In our fast-paced environment big problems ignite us—we embrace uncertainty, leaning into complex challenges to unlock groundbreaking solutions. We aim high and stay humble in our pursuit of excellence, constantly learning and evolving as we pave the way for a smarter, safer future.

At Wayve, your contributions matter.  We value diversity, embrace new perspectives, and foster an inclusive work environment; we back each other to deliver impact.

Make Wayve the experience that defines your career!

The role

As Governance, Risk and Compliance (GRC) Lead at Wayve, you’ll define, build, and lead our security GRC capability. You’ll be trusted to determine what good looks like for GRC at Wayve, applying industry best practice with pragmatism and adapting it to our technology, risk profile, and stage of growth. You will be accountable for establishing and operating the frameworks, processes, and oversight that enable Wayve to understand, manage, and communicate its information security risk posture, while supporting the secure and compliant delivery of our technology across the business.

You’ll partner closely with security specialists, engineering, IT, Legal, procurement, and business stakeholders to ensure security risks are identified, assessed, and managed effectively, and that assurance activities are proportionate, pragmatic, and aligned to Wayve’s risk profile, regulatory obligations, and customer expectations.

This role combines hands-on delivery with leadership responsibility. From day one, you’ll line-manage a small GRC team and be directly involved in the execution of core GRC activities, while defining and delivering the roadmap for maturing Wayve’s GRC capability. As the function matures and scales, the role will evolve towards a stronger leadership and management focus, with increased delegation and team ownership over time.

The role is advisory in nature, focused on providing oversight, challenge, and pragmatic guidance to the business, while enabling teams to meet security and compliance expectations without unnecessary friction.

Key responsibilities

  • Security Risk Management

    • Own and operate Wayve’s information security risk management framework and processes, including risk identification, assessment, treatment tracking, and risk acceptance governance.
    • Establish a regular cadence of risk review with risk owners and senior stakeholders, and develop metrics that demonstrate the effectiveness and maturity of Wayve’s risk management approach.

  • Policies, Standards & Exceptions

    • Own the lifecycle of information security policies and standards, including authoring, maintenance, approval, and review.
    • Manage policy exceptions and risk-based deviations within defined parameters, ensuring decisions are documented, consistent, and aligned to Wayve’s risk appetite.

  • Security Awareness & Training

    • Own the definition and oversight of Wayve’s security awareness and training approach, ensuring staff receive appropriate, role-relevant guidance to meet security and compliance expectations.
    • Partner with relevant teams to ensure training is proportionate, effective, and aligned to Wayve’s risk profile, and track completion and effectiveness through meaningful metrics.

  • Security Assurance & Control Effectiveness

    • Define and operate Wayve’s security assurance approach, combining automated controls, internal assurance activities, and third-party testing.
    • Own assurance outcomes, partnering with security SMEs and external providers to design, execute, and interpret control testing and assessments.

  • External Audits & Certifications

    • Own preparation, coordination, and delivery of external audits and certifications, including TISAX and future ISO 27001 alignment.
    • Lead audit readiness assessments, manage auditor interactions, and drive remediation of findings in partnership with control owners across the business.

  • Third-Party Security Risk Management

    • Own Wayve’s third-party security risk management process, including supplier due diligence, ongoing monitoring, and exception handling.
    • Make risk-based decisions on supplier security posture, escalating higher-impact cases in alignment with the Head of Security.

  • Regulatory Security Compliance

    • Own compliance with security-relevant regulatory and contractual requirements, working closely with Legal on privacy and data protection matters.
    • Monitor emerging regulatory expectations relevant to Wayve’s technology and operating geographies, translating them into practical security controls and assurance activities where appropriate.

  • GRC Tooling, Metrics & Reporting

    • Operationalise and continuously improve Wayve’s GRC tooling, ensuring it supports effective risk management, assurance, and audit activities.
    • Develop and report meaningful metrics to demonstrate the effectiveness of our security programme, providing regular internal reporting and updates to Wayve leadership.

  • Strategy & Capability Development

    • Define and deliver the roadmap for establishing, scaling, and continuously improving Wayve’s GRC capability, with autonomy to determine priorities, approaches, and sequencing in line with Wayve’s risk profile.
    • Apply industry best practices pragmatically, adapting frameworks and standards to Wayve’s context, risk profile, and stage of growth.

About you

To set you up for success as GRC Lead at Wayve, we’re looking for the following skills and experience.

Essential

  • Proven experience in a senior GRC, information security, or risk management role, with accountability for governance, risk, and assurance outcomes.
  • Strong experience designing and operating information security risk management processes, including risk assessment, treatment tracking, and risk acceptance governance.
  • Hands-on experience owning or leading external audits and certifications, particularly ISO 27001 and/or TISAX.
  • Experience developing and maintaining security policies, standards, and exception processes.
  • Experience partnering with technical security teams, engineering, IT, Legal, and business stakeholders to deliver proportionate and effective security governance.
  • Strong judgement and confidence making risk-based decisions independently, and comfort operating with a high degree of autonomy within defined authority.
  • Experience defining and reporting meaningful security metrics to senior leadership.
  • Excellent written and verbal communication skills, able to translate security and compliance requirements into clear, practical guidance.

Desirable

  • Experience establishing or scaling a GRC function in a growing or fast-moving organisation.
  • Familiarity with additional assurance frameworks such as SOC2 or NIST CSF.
  • Experience with third-party security risk management at scale.
  • Experience operating or implementing GRC tooling (e.g. Vanta or similar).
  • Exposure to automotive, safety-critical, AI/ML, or regulated technology environments.
  • Relevant certifications (e.g. CISSP, CISM, CRISC, ISO 27001 Lead Implementer/Auditor).

This is a full-time role based in our offices in London or Sunnyvale.  At Wayve we want the best of all worlds so we operate a hybrid working policy that combines time together in our offices and workshops to fuel innovation, culture, relationships and learning, and time spent working from home.  We operate core working hours so you can determine the schedule that works best for you and your team.

Wayve is committed to creating an inclusive interview experience. If you require any accommodations or adjustments to participate fully in our interview process, please let us know

We understand that everyone has a unique set of skills and experiences and that not everyone will meet all of the requirements listed above. If you’re passionate about self-driving cars and think you have what it takes to make a positive impact on the world, we encourage you to apply.

For more information visit Careers at Wayve.

To learn more about what drives us, visit Values at Wayve

DISCLAIMER: We will not ask about marriage or pregnancy, care responsibilities or disabilities in any of our job adverts or interviews. However, we do look to capture information about care responsibilities, and disabilities among other diversity information as part of an optional DEI Monitoring form to help us identify areas of improvement in our hiring process and ensure that the process is inclusive and non-discriminatory.

Share this job:
Please let Wayve know you found this job on Remote First Jobs 🙏

Similar Remote Jobs

Latest Jobs at Wayve

Find Remote Jobs

Connect with top companies hiring for remote jobs, work-from-home roles, and 100% online jobs worldwide.

Search Jobs Hiring? Post a job

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Apply