GRC Manager

Era4 develops, owns and operates AI infrastructure across the UK, powered by renewable energy. Converting legacy industrial and energy sites into modern data-centre facilities, Era4 is combining brownfield regeneration opportunities with cleaner, efficient, scalable compute capacity for healthcare, research, finance, enterprise, and public-sector organisations

Role Summary:

This role is responsible for building and operationalising our governance, quality, risk, security, and regulatory compliance programme, ensuring our platform meets UK and global regulatory standards (e.g., EU AI Act, GDPR, HIPAA, CCPA, DORA) and the specialised needs of regulated and public‑sector clients with strict regulatory, security and sovereignty requirements.

This role blends regulatory intelligence, AI governance, corporate risk management, and cloud infrastructure compliance, you will collaborate deeply across engineering, security, legal, product, and operations teams to embed robust GRC controls across data centre, energy generation, GPU cluster environments, and customer onboarding and delivery models.

You will be instrumental in ensuring Era4 meets these high standards, and can provide credible assurance to customers, auditors and regulators. This is an opportunity to join a mission-led AI business that is redefining infrastructure, intelligence, and impact for enterprise customers.

Key Responsibilities:

Governance and frameworks:

• Maintain governance, risk, and compliance frameworks, including regulatory horizon scanning (EU AI Act, ATAA, GDPR, CCPA, HIPAA, DORA).
• Keep policies, standards, and procedures up to date and aligned with operational realities.
• Document ownership, accountability, and escalation paths for GRC matters and support reporting for operational leadership.

Corporate risk management:

• Operate the corporate risk management process, including risk identification and assessment with operational teams.
• Maintain the corporate risk register and track mitigations and actions.
• Escalate material risks and support risk input into operational change initiatives.

Compliance and assurance:

• Support the ISMS, BMS, EMS and other management systems with ISO 27001 as a baseline.
• Coordinate internal and external audits and manage audit evidence.
• Track remediation actions and support responses to customer security and compliance requests.

Operational collaboration:

• Act as a day‑to‑day GRC partner to Operations, Facilities, Engineering, Security and IT.
• Provide practical guidance on risk and compliance expectations.
• Support incident reviews, business continuity, and operational resilience assurance.

Continuous improvement:

• Identify opportunities to improve GRC processes, tooling, reporting, and documentation.
• Monitor regulatory and standards changes and highlight operational impacts.
• Help embed a risk‑aware culture across Operations and the wider business.

Essential Experience:

• Expertise working in a governance, risk, compliance, or assurance role within IT/cloud services for a regulated, operational, or infrastructure heavy environment.
• Hands on experience supporting ISO 27001, ISO9001, or other ISO certifications live operational settings.
• Strong understanding of UK an EU regulatory frameworks as they apply to Era4 and it’s customers (GDPR, UK GDPR, NIS, NIS2, DORA etc).
• Familiarity with UK government high‑assurance security requirements and Critical National Infrastructure requirements.
• Experience participating in external audits and assurance activities.
• Understanding of operational risk in technical or facilities based environments.
• Comfortable establishing cyber incident response playbooks.

One or more would be an advantage:

• Led or significantly shaped parts of a GRC or compliance programme.
• Exposure to multiple frameworks or assurance models such as SOC 2, PCI DSS, or similar.
• Experience in high performance computing, data centres, cloud infrastructure, telecommunications, or other high availability environments.
• Experience supporting large customer assurance or due diligence processes.
• Exposure to physical security, operational resilience, or critical facilities risk.
• Experience scaling or maturing GRC processes in a growing organisation.
• Familiarity with UK government high‑assurance security requirements.

Why Join Era4:

You’ll be joining a mission-driven start-up building critical national infrastructure, where operational excellence directly enables growth. This role offers high visibility with leadership, real autonomy, and the chance to shape how a next-generation company operates at scale.

Diversity & Inclusion:

Era4 is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.