GRC Risk Manager

Job Overview:

At Arm, we’re building the future of computing—securely, at scale, and with purpose. As part of our Enterprise Security team, you’ll help shape how we identify, quantify, and manage risk across the business and our global supply chain.

This is a high-impact role for a highly experienced technical risk expert who thrives in complexity and values innovation. You’ll take the lead on cybersecurity and third-party cyber risk management, risk quantification, and post-incident reviews—translating insights into action, and helping to drive data-driven, risk-informed decisions across Arm.

Responsibilities:

· Expertly navigate and enhance Arm’s Information Security Risk Management Framework within ServiceNow IRM, applying qualitative and quantitative risk management principles to empower risk-informed decision-making.

· Lead third-party cyber risk management. Conduct structured assessments, review contracts, and oversee ongoing supplier monitoring.

· Run post-incident reviews: identify root causes, extract systemic insights, and ensure lessons learned are fed back into the control environment and risk register.

· Develop Key Risk and Key Control Indicators to monitor security control effectiveness: guide design and assessment approaches across critical assets and third-party domains.

· Collaborate cross-functionally to reduce risk, ensure accountability and tracking of remediation and improve visibility at speed.

Required Skills and Experience :

· Holds certifications such as CRISC, CISM, CISSP or FAIR. Although experience, impact and the courage to challenge matter more than acronyms.

· Must have hands on experience with risk assessment methodologies, risk quantification and ServiceNow IRM.

· Deep knowledge of security technologies and control frameworks such as ISO 27001, NIST CSF and NIST SP800-53.

· Experience in third-party security risk management—comfortable leading assessments, influencing decisions, and challenging skilfully.

· Confident working with metrics, risk and control indicators and data, drawing conclusions, and using dashboards to inform decisions.

· Champion of AI and Automation.

· Advanced communicator: able to translate technical risks into actionable insights and business impact and articulate these to senior leadership.

· Experience with globally distributed teams, large-scale vendor ecosystems and fast-moving, dynamic environments.

In Return:

Arm is a global organization powered by a diverse community of high-impact collaborators.

We offer:

· Access to industry-leading security tools, platforms, and processes

· Opportunities to grow alongside some of the best technical minds in the industry

· A competitive salary and benefits package

· A culture that values transparency, autonomy, and measurable impact