Head of Information Security GRC & Awareness

Head of Information Security Governance, Risk and Compliance

Location: London (onsite 3 days per week)

Basis: Permanent

Package: TBD, generous salary, bonus and benefits

Are you an experienced leader in Information Security Governance, Risk and Compliance looking for your next opportunity to make an impact within an evolving and fast-paced environment? Do you have strong experience of leading internal and 3rd party risk management due diligence processes?

We are seeking an experienced Head of InfoSec GRC & Awareness to lead governance, risk, compliance, and security awareness initiatives across an organisation at a time of significant modernisation. This pivotal role ensures a robust security posture by developing and enforcing policies, standards, and training programmes aligned with business objectives and regulatory requirements.

The key responsibilities of the Head of Information Security GRC & Awareness are:

Lead the development and enforcement of enterprise-wide information security policies and standards

Drive security governance and cyber maturity through compliance, assurance reviews, and gap analysis

Oversight and improvement of the Information Security Risk Management frameworks and process

Conducting in depth supplier due diligence / third party assurance processes

Manage audit readiness and support internal/external audit activities

Own and deliver the organisation’s security awareness programme, including campaigns and tailored training

Depending on the candidate, you would also be involved in developing and implementing an Operational Technology (OT) Security Assurance Framework

The successful candidate will have the following skills, experience and qualifications:

Professional certifications such as CISSP, CISM, ISO27001 Lead Auditor, CLAS etc

Extensive experience in information security or IT governance within large, complex environments

Strong knowledge of security frameworks (ISO/IEC 27001, NIST CSF, CIS Controls, Cyber Essentials)

Proven track record in risk management, policy development, and security awareness initiatives

Excellent communication, leadership, and influencing skills

Very strong experience of driving 3rd party due diligence

Pro-active, pragmatic self-starter with the ability to effectively lead a small team, including those with potentially differing skill sets to their own

Any experience of driving Technical Assurance, Operational Technology (OT) Security Assurance and Penetration Testing would be a bonus

This is an excellent opportunity to lead a critical function within a dynamic organisation, ensuring security resilience and cultural change across the enterprise.

The salary is competitive and we can discuss this directly. For further information, please apply and I will be in touch.