We’re recruiting an Information Security GRC Manager to support the Senior Manager and Chief Information Security Officer in managing and reporting information security risks across Technology Services and the wider business.

You’ll work closely with stakeholders to ensure appropriate controls, policies, and procedures are in place, aligned to industry best practice and regulatory requirements. You’ll also support internal and external audits, as well as due diligence activities with partners and suppliers.

Key responsibilities

• Develop and maintain information security policies aligned to recognised frameworks (e.g. ISO27001/2)
• Manage and report on policy exceptions
• Produce management reporting on information security and change programmes
• Partner with business and technology teams to track remediation of risks and issues
• Support the assessment of third-party security posture
• Undertake risk profiling of info...