Head of Information Security GRC & Awareness

Location: London (onsite 2 days per week)
Duration: 6 months

Rate: Inside IR35, rate to be discussed

Are you an experienced Head of Information Security Governance, Risk and Compliance looking for your next opportunity to make an impact within an evolving and fast paced environment? Do you have strong experience of leading 3rd party security assurance processes? If so, apply now.

We are seeking an experienced Head of InfoSec GRC & Awareness to lead governance, risk, compliance, and security awareness initiatives across an organisation at a time of significant modernisation. This pivotal role ensures a robust security posture by developing and enforcing policies, standards, and training programmes aligned with business objectives and regulatory requirements.

The key responsibilities of the Head of Information Security GRC & Awareness are:

• Lead the development and enforcement of enterprise-wide information security policies and standards.
• Drive security governance and cyber maturity through compliance, assurance reviews, and gap analysis.
• Oversee the Information Security Risk Management process
• Conducting in depth supplier due diligence / third party assurance processes
• Manage audit readiness and support internal/external audit activities.
• Own and deliver the organisation's security awareness programme, including campaigns and tailored training.
• Depending on the candidate, you would also be involved in developing and implementing an Operational Technology (OT) Security Assurance Framework.

The successful candidate will have the following skills, experience and qualifications:

• Professional certifications such as CISSP, CISM, ISO27001 Lead Auditor, CLAS etc
• Extensive experience in information security or IT governance within large, complex environments.
• Strong knowledge of security frameworks (ISO/IEC 27001, NIST CSF, CIS Controls, Cyber Essentials).
• Proven track record in risk management, policy development, and security awareness initiatives.
• Excellent communication, leadership, and influencing skills.
• Very strong experience of driving 3rd party due diligence
• Any experience of driving Technical Assurance, Operational Technology (OT) Security Assurance and Penetration Testing would be a bonus

This is an excellent opportunity to lead a critical function within a dynamic organisation, ensuring security resilience and cultural change across the enterprise.

The rate is competitive and we can discuss this directly. For further information, please apply and I will be in touch.

Head of InfoSec GRC & Awareness

Head of Information Security Governance, Risk and Compliance