Information Security GRC Risk Manager
Job in
London, Greater London, W1B, England, UK
Listed on 2026-06-04
Listing for:
Reed
Full Time
position Listed on 2026-06-04
Job specializations:
-
IT/Tech
Information Security, Cybersecurity, Data Security, IT Consultant
Job Description & How to Apply Below
Permanent | 35 hours per week £ plus benefits About the Role We’re seeking an experienced Information Security GRC Risk Manager to take ownership of our client's growing security risk capability. This is a hands-on risk practitioner role with senior leadership exposure , not a purely strategic GRC position. You will run and mature an established risk framework , ensuring it is embedded effectively across the business while driving real outcomes.
Reporting to the Information Security GRC Lead , you will own the risk function end-to-end, engaging senior stakeholders (including ExCo), challenging risk positions, and shaping how risk is understood and managed. The GRC function is still evolving (2–3 years old), offering a unique opportunity to build, refine, and embed risk practices in a low-to-mid maturity environment .
Key Responsibilities Risk Management & Governance Own and operate the Information Security risk framework aligned to enterprise risk Lead risk identification, assessment, and treatment across the organisation Maintain and enhance the risk register and supporting artefacts Facilitate workshops and validate risk positions and remediation plans Drive risk-based decisions and escalate material risks to leadership Identify emerging risks, including AI/ML-related threats Reporting & Insight Deliver clear, concise reporting to senior stakeholders and ExCo Define and track KPIs/KRIs to measure programme effectiveness Highlight control weaknesses, systemic issues, and emerging threats Stakeholder Leadership Act as the key interface between Information Security and ERM Influence and challenge senior stakeholders to own and manage risk Provide expert guidance and support audits and assurance activity Help educate the business and embed a strong risk culture Policy Governance & Improvement Own the Information Security policy framework Ensure policies align to risk appetite and regulatory requirements Drive adoption, governance, and continuous improvement Support the ongoing maturity of a recently scaled GRC team About You Proven experience in Information Security risk management Hands-on experience owning and running risk processes end-to-end Strong knowledge of frameworks (ISO 27005, NIST CSF, NIST 800-53) Understanding of GDPR and emerging AI risk considerations Ability to present to and challenge senior leadership (ExCo level) Strong analytical and communication skills, translating risk into business impact
Experience with GRC tools (e.g. Diligent One) is beneficial Why Apply? Own a high-visibility risk function in a growing team Combine hands-on delivery with strategic influence Shape risk practices in an evolving GRC environment Exposure to emerging areas including AI governance If you’re a hands-on risk professional who thrives in building and embedding capability, this is an excellent opportunity to make a significant impact.
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
Search for further Jobs Here:
×