Job Description:

Information Security GRC Risk Manager

North London (Hybrid - 3 days onsite)
Permanent | 35 hours per week

£(phone number removed) plus benefits

About the Role

We're seeking an experienced Information Security GRC Risk Manager to take ownership of our client's growing security risk capability.

This is a hands-on risk practitioner role with senior leadership exposure, not a purely strategic GRC position. You will run and mature an established risk framework, ensuring it is embedded effectively across the business while driving real outcomes.

Reporting to the Information Security GRC Lead, you will own the risk function end-to-end, engaging senior stakeholders (including ExCo), challenging risk positions, and shaping how risk is understood and managed.

The GRC function is still evolving (2-3 years old), offering a unique opportunity to build, refine, and embed risk practices in a low-to-mid maturity environment.

Key Responsibilities

Risk Management & Governance

• Own and operate the Information Security risk framework aligned to enterprise risk
• Lead risk identification, assessment, and treatment across the organisation
• Maintain and enhance the risk register and supporting artefacts
• Facilitate workshops and validate risk positions and remediation plans
• Drive risk-based decisions and escalate material risks to leadership
• Identify emerging risks, including AI/ML-related threats

Reporting & Insight

• Deliver clear, concise reporting to senior stakeholders and ExCo
• Define and track KPIs/KRIs to measure programme effectiveness
• Highlight control weaknesses, systemic issues, and emerging threats

Stakeholder Leadership

• Act as the key interface between Information Security and ERM
• Influence and challenge senior stakeholders to own and manage risk
• Provide expert guidance and support audits and assurance activity
• Help educate the business and embed a strong risk culture

Policy Governance & Improvement

• Own the Information Security policy framework
• Ensure policies align to risk appetite and regulatory requirements
• Drive adoption, governance, and continuous improvement
• Support the ongoing maturity of a recently scaled GRC team

About You

• Proven experience in Information Security risk management
• Hands-on experience owning and running risk processes end-to-end
• Strong knowledge of frameworks (ISO 27005, NIST CSF, NIST 800-53)
• Understanding of GDPR and emerging AI risk considerations
• Ability to present to and challenge senior leadership (ExCo level)
• Strong analytical and communication skills, translating risk into business impact
• Experience with GRC tools (e.g. Diligent One) is beneficial

Why Apply?

• Own a high-visibility risk function in a growing team
• Combine hands-on delivery with strategic influence
• Shape risk practices in an evolving GRC environment
• Exposure to emerging areas including AI governance

If you're a hands-on risk professional who thrives in building and embedding capability, this is an excellent opportunity to make a significant impact.