Head of Information Security GRC & Awareness

Head of Information Security GRC & Awareness

We are seeking an experienced Head of Info Sec GRC & Awareness to lead governance, risk, compliance, and security awareness initiatives across an organisation at a time of significant modernisation. This pivotal role ensures a robust security posture by developing and enforcing policies, standards, and training programmes aligned with business objectives and regulatory requirements.

Duration: 6 months. Rate:
Inside IR35, rate to be discussed.

• Lead the development and enforcement of enterprise-wide information security policies and standards.
• Drive security governance and cyber maturity through compliance, assurance reviews, and gap analysis.
• Oversee the Information Security Risk Management process.
• Conduct in‑depth supplier due diligence / third‑party assurance processes.
• Manage audit readiness and support internal/external audit activities.
• Own and deliver the organisation’s security awareness programme, including campaigns and tailored training.
• Depending on the candidate, also develop and implement an Operational Technology (OT) Security Assurance Framework.

• Professional certifications such as CISSP, CISM, ISO
  27001 Lead Auditor, CLAS, etc.
• Extensive experience in information security or IT governance within large, complex environments.
• Strong knowledge of security frameworks (ISO/IEC 27001, NIST CSF, CIS Controls, Cyber Essentials).
• Proven track record in risk management, policy development, and security awareness initiatives.
• Excellent communication, leadership, and influencing skills.
• Very strong experience of driving 3rd‑party due diligence.
• Experience in Technical Assurance, OT Security Assurance and Penetration Testing is a bonus.

This is an excellent opportunity to lead a critical function within a dynamic organisation, ensuring security resilience and cultural change across the enterprise.

For further information, please apply and I will be in touch.