2 of 2 Information Risk Manager Jobs in London

Job title: Information Security Manager: Governance, Risk and Compliance (GRC) Location: London or Newcastle Salary: London: Up to £80,000 per annum, Newcastle: Up to £70,000 per annum Type of contract: Full Time, permanent Working arrangement: Hybrid, on-site at London or Newcastle office 2 days per week minimum About the role We are seeking an … experienced Information Security Manager: GRC to lead our Governance, Risk, and Compliance functions. This role involves managing the NAO's certified ISMS, developing security policies, and transforming our security posture to support our strategic objectives. Key Responsibilities Leadership: Manage and develop the GRC team, build stakeholder relationships, and promote a positive security culture. GRC Management: Oversee security … controls, ensure compliance, and manage third-party security assessments. ISMS: Maintain and improve the Information Security Management System, certifications (ISO27001, Cyber Essentials Plus), and security policies. Risk Management: Identify, assess, and treat information security risks, maintaining the risk register and ensuring risk-aware decision-making. Skills and Qualifications Proven experience in information security, governance More ❯

compliance with international standards, and fostering a culture of security awareness. You'll work closely with IT, compliance, and executive teams to align security measures with business objectives. Responsibilities Risk Assessment: Conduct thorough risk assessments to identify vulnerabilities, threats, and potential impacts on information security. Strategy Development: Develop and implement risk management strategies, policies, and procedures … programs to educate employees about security best practices. Vendor Management: Assess third-party security risks and manage security in vendor relationships. Requirements Education: Bachelor's degree in Computer Science, Information Security, or a related field; Master's degree preferred. Experience: Minimum of 7 years in information security with at least 3 years in a risk management role. … Certifications: Preferably CISSP, CISM, or CRISC. Additional certifications in risk management are advantageous. Skills: Strong understanding of cybersecurity frameworks, risk assessment methodologies, and compliance requirements. Excellent analytical, strategic planning, and decision-making skills. Ability to communicate complex security concepts to non-technical stakeholders. Proficient in using risk management tools and technologies. Personal Attributes: Proactive, detail-oriented, with More ❯