Information Security GRC Risk Manager

Information Security GRC Risk Manager

North London (Hybrid – 3 days onsite)

Permanent | 35 hours per week

£ plus benefits

About the Role

We’re seeking an experiencedInformation Security GRC Risk Manager to take ownership of our client's growing security risk capability.

This is ahands-on risk practitioner role with senior leadership exposure, not a purely strategic GRC position. You willrun and mature an established risk framework, ensuring it is embedded effectively across the business while driving real outcomes.

Reporting to theInformation Security GRC Lead, you will own the risk function end-to-end, engaging senior stakeholders (including ExCo), challenging risk positions, and shaping how risk is understood and managed.

The GRC function is still evolving (2–3 years old), offering a unique opportunity tobuild, refine, and embed risk practices in a low-to-mid maturity environment.

Key Responsibilities

Risk Management & Governance

• Own and operate the Information Security risk framework aligned to enterprise risk
• Lead risk identification, assessment, and treatment across the organisation
• Maintain and enhance the risk register and supporting artefacts
• Facilitate workshops and validate risk positions and remediation plans
• Drive risk-based decisions and escalate material risks to leadership
• Identify emerging risks, includingAI/ML-related threats

Reporting & Insight

• Deliver clear, concise reporting to senior stakeholders and ExCo
• Define and track KPIs/KRIs to measure programme effectiveness
• Highlight control weaknesses, systemic issues, and emerging threats

Stakeholder Leadership

• Act as the key interface between Information Security and ERM
• Influence and challenge senior stakeholders to own and manage risk
• Provide expert guidance and support audits and assurance activity
• Help educate the business and embed a strong risk culture

Policy Governance & Improvement

• Own the Information Security policy framework
• Ensure policies align to risk appetite and regulatory requirements
• Drive adoption, governance, and continuous improvement
• Support the ongoing maturity of a recently scaled GRC team

About You

• Proven experience inInformation Security risk management
• Hands-on experienceowning and running risk processes end-to-end
• Strong knowledge of frameworks (ISO 27005, NIST CSF, NIST 800-53)
• Understanding ofGDPR and emerging AI risk considerations
• Ability topresent to and challenge senior leadership (ExCo level)
• Strong analytical and communication skills, translating risk into business impact
• Experience with GRC tools (e.g. Diligent One) is beneficial

Why Apply?

• Own ahigh-visibility risk function in a growing team
• Combinehands-on delivery with strategic influence
• Shape risk practices in an evolving GRC environment
• Exposure to emerging areas includingAI governance

If you’re a hands-on risk professional who thrives in building and embedding capability, this is an excellent opportunity to make a significant impact.