2 of 2 Information Security Risk Manager Jobs in London

Job title: Information Security Manager: Governance, Risk and Compliance (GRC) Location: London or Newcastle Salary: London: Up to £80,000 per annum, Newcastle: Up to £70,000 per annum Type of contract: Full Time, permanent Working arrangement: Hybrid, on-site at London or Newcastle office 2 days per week minimum About the role We are seeking … an experienced Information Security Manager: GRC to lead our Governance, Risk, and Compliance functions. This role involves managing the NAO's certified ISMS, developing security policies, and transforming our security posture to support our strategic objectives. Key Responsibilities Leadership: Manage and develop the GRC team, build stakeholder relationships, and promote a positive security culture. GRC Management: Oversee security controls, ensure compliance, and manage third-party security assessments. ISMS: Maintain and improve the Information Security Management System, certifications (ISO27001, Cyber Essentials Plus), and security policies. Risk Management: Identify, assess, and treat information security risks, maintaining the risk register and ensuring risk-aware decision More ❯

This position offers a unique opportunity to shape and lead the security strategy of a forward-thinking company. You will be at the forefront of protecting our digital assets in a rapidly evolving threat landscape, ensuring compliance with international standards, and fostering a culture of security awareness. You'll work closely with IT, compliance, and executive teams to … align security measures with business objectives. Responsibilities Risk Assessment: Conduct thorough risk assessments to identify vulnerabilities, threats, and potential impacts on information security. Strategy Development: Develop and implement risk management strategies, policies, and procedures to mitigate identified risks. Compliance: Ensure adherence to GDPR, ISO 27001, and other relevant regulatory requirements. Incident Management: Lead the response … to security incidents, including root cause analysis and the implementation of corrective measures. Stakeholder Communication: Regularly report on security risks, incidents, and compliance to senior management and board members. Training: Oversee security awareness programs to educate employees about security best practices. Vendor Management: Assess third-party security risks and manage security in vendor relationships. More ❯