Information Security GRC Manager

Information Security GRC Manager

Information Security, GRC (Governance, Risk, and Compliance), Risk Management, Compliance, ISO 27001, NIST, GDPR, Security Audits, Risk Assessments, Mitigation Strategies, Security Policies, Legal and Regulatory Requirements, Cloud Security, Microsoft Cloud Services, Data Governance, Policy and Standard Development, CRISC, CISA, ISO 27001 LA, CISMP

• Hybrid with 2 days per months in the office – multiple locations across England.  
• London - £47,700 to £65,587 per annum + benefits
• National - £43,981 to £60,474 per annum  + benefits

Our client is seeking an Information Security GRC Manager to join our team. This role is crucial for understanding, communicating, and managing security risks to ensure our security posture aligns with compliance and regulatory obligations. The successful candidate will establish and maintain the information security governance and risk frameworks to ensure compliance with relevant standards and regulations.

Day-to-Day of the Role:

• Produce and maintain the information security governance and risk frameworks.
• Develop and monitor KPIs to measure the effectiveness of security controls.
• Analyse information security risks and develop management strategies and action plans to mitigate risks.
• Lead internal and external security audit activities.
• Assess the level of assurance provided by security mechanisms, suppliers, systems, or products.
• Communicate security policies, standards, legal and regulatory requirements to the wider business.
• Input into budgets, tenders, and purchasing requirements.
• Attend supplier reviews as required.

Required Skills & Qualifications:

• Proven management experience within information security governance, risk, and compliance.
• Strong knowledge of information security frameworks, standards, and legislation (ISO 27001, NIST, GDPR).
• Proven experience developing risk assessments and risk mitigation strategies and action plans.
• Skilled in producing documents or reports, including internal audits, assessments, or gap analysis.
• Successful in monitoring and delivery against compliance standards, such as ISO 27001, PCI-DSS.
• Excellent communication skills with stakeholders at various levels of the business.
• Knowledge of legal and regulatory requirements that could affect security requirements within the housing sector.
• Track record of establishing and maintaining workable policies, standards, processes, and control frameworks for information security.
• Excellent interpersonal skills, comfortable communicating with senior stakeholders with the ability to translate security requirements and standards into easily understood business concepts.

Desirable:

• BSc/MSc in Computer Science or IT-related academic qualification; and/or relevant industry certification such as CRISC, CISA, ISO 27001 LA, CISMP.
• Understanding of cloud security principles, including knowledge of Microsoft cloud services and security products.
• Familiarity with security tools and technologies.

In the first instance, please submit your CV.