Information Security GRC Manager

Key responsibilities

• Develop and maintain information security policies aligned to recognised frameworks (e.g. ISO27001/2)
• Manage and report on policy exceptions
• Produce management reporting on information security and change programmes
• Partner with business and technology teams to track remediation of risks and issues
• Support the assessment of third-party security posture
• Undertake risk profiling of information and technology assets
• Support audit activity and supplier due diligence processes
• Ensure all activities support customer protection and regulatory requirements, including Consumer Duty

Technical skills

• Strong knowledge of information security risk management tools and techniques
• Experience with security frameworks and standards
• Understanding of the threat landscape
• Awareness of security technologies (e.g. SIEM, endpoint protection, email/web gateways)
• Knowledge of IT General Controls frameworks
• Awareness of operational risk and RCSA processes

Skills and experience

• Experience working within frameworks such as ISO27001, NIST or similar
• Ideally 5+ years’ experience in an information security role within financial services
• Strong attention to detail and ownership of tasks
• Confident challenging approaches to improve security outcomes
• Self-motivated, organised, and able to work independently
• Strong communication skills
• Ability to manage multiple priorities in a fast-paced environment
• CISM certification (achieved or in progress) preferred

If this sounds like the right opportunity for you, we’d love to hear from you.