Head of InfoSec GRC & Awareness

Location: London (onsite 3 days per week)
Basis: Permanent

Package: TBD, generous salary and benefits

Are you an experienced leader in Information Security Governance, Risk and Compliance looking for your next opportunity to make an impact within an evolving and fast-paced environment? Do you have strong experience of leading internal and 3rd party risk management due diligence processes? If so, apply now.

We are seeking an experienced Head of InfoSec GRC & Awareness to lead governance, risk, compliance, and security awareness initiatives across an organisation at a time of significant modernisation. This pivotal role ensures a robust security posture by developing and enforcing policies, standards, and training programmes aligned with business objectives and regulatory requirements.

The key responsibilities of the Head of Information Security GRC & Awareness are:

• Lead the development and enforcement of enterprise-wide information security policies and standards
• Drive security governance and cyber maturity through compliance, assurance reviews, and gap analysis
• Oversight and improvement of the Information Security Risk Management frameworks and process
• Conducting in depth supplier due diligence / third party assurance processes
• Manage audit readiness and support internal/external audit activities
• Own and deliver the organisation's security awareness programme, including campaigns and tailored training
• Depending on the candidate, you would also be involved in developing and implementing an Operational Technology (OT) Security Assurance Framework

The successful candidate will have the following skills, experience and qualifications:

• Professional certifications such as CISSP, CISM, ISO27001 Lead Auditor, CLAS etc
• Extensive experience in information security or IT governance within large, complex environments
• Strong knowledge of security frameworks (ISO/IEC 27001, NIST CSF, CIS Controls, Cyber Essentials)
• Proven track record in risk management, policy development, and security awareness initiatives
• Excellent communication, leadership, and influencing skills
• Very strong experience of driving 3rd party due diligence
• Pro-active, pragmatic self-starter with the ability to effectively lead a small team, including those with potentially differing skill sets to their own
• Any experience of driving Technical Assurance, Operational Technology (OT) Security Assurance and Penetration Testing would be a bonus

This is an excellent opportunity to lead a critical function within a dynamic organisation, ensuring security resilience and cultural change across the enterprise.

The salary is competitive and we can discuss this directly. For further information, please apply and I will be in touch.

Head of InfoSec GRC & Awareness

Head of Information Security Governance, Risk and Compliance