Information Security GRC Risk Manager

Information Security GRC Risk Manager

North London (Hybrid - 3 days onsite)
Permanent | 35 hours per week

£(phone number removed) plus benefits

About the Role

We're seeking an experienced Information Security GRC Risk Manager to take ownership of our client's growing security risk capability.

This is a hands-on risk practitioner role with senior leadership exposure, not a purely strategic GRC position. You will run and mature an established risk framework, ensuring it is embedded effectively across the business while driving real outcomes.

Reporting to the Information Security GRC Lead, you will own the risk function end-to-end, engaging senior stakeholders (including ExCo), challenging risk positions, and shaping how risk is understood and managed.

The GRC function is still evolving (2-3 years old), offering a unique opportunity to build, refine, and embed risk practices in a low-to-mid maturity environment.

Key Responsibilities

Risk Management & Governance

Own and operate the Information Security risk framework aligned to enterprise risk
Lead risk identification, assessment, and treatment across the organisation
Maintain and enhance the risk register and supporting artefacts
Facilitate workshops and validate risk positions and remediation plans
Drive risk-based decisions and escalate material risks to leadership
Identify emerging risks, including AI/ML-related threatsReporting & Insight

Deliver clear, concise reporting to senior stakeholders and ExCo
Define and track KPIs/KRIs to measure programme effectiveness
Highlight control weaknesses, systemic issues, and emerging threatsStakeholder Leadership

Act as the key interface between Information Security and ERM
Influence and challenge senior stakeholders to own and manage risk
Provide expert guidance and support audits and assurance activity
Help educate the business and embed a strong risk culturePolicy Governance & Improvement

Own the Information Security policy framework
Ensure policies align to risk appetite and regulatory requirements
Drive adoption, governance, and continuous improvement
Support the ongoing maturity of a recently scaled GRC teamAbout You

Proven experience in Information Security risk management
Hands-on experience owning and running risk processes end-to-end
Strong knowledge of frameworks (ISO 27005, NIST CSF, NIST 800-53)
Understanding of GDPR and emerging AI risk considerations
Ability to present to and challenge senior leadership (ExCo level)
Strong analytical and communication skills, translating risk into business impact
Experience with GRC tools (e.g. Diligent One) is beneficialWhy Apply?

Own a high-visibility risk function in a growing team
Combine hands-on delivery with strategic influence
Shape risk practices in an evolving GRC environment
Exposure to emerging areas including AI governanceIf you're a hands-on risk professional who thrives in building and embedding capability, this is an excellent opportunity to make a significant impact
Only candidates based in UK and eligible to work in UK are allowed