Job Description
A leading London based brand is looking for an experienced Information Security GRC Risk Manager to take ownership of their Information Security risk framework, driving a mature, risk-led culture across the organisation.
Reporting into the Head of Information Security GRC, this is a highly visible and autonomous role, working closely with senior leadership to shape risk strategy, lead governance forums, and provide clear insight into risk exposure, controls, and remediation. You’ll play a key part in building up and strengthening the GRC function, improving reporting (KPIs/KRIs), and embedding robust policy and risk management practices.
A great opportunity for someone who thrives on influencing stakeholders, challenging risk positions, and driving continuous improvement across a complex, regulated environment.
Key responsibilities:
Risk Management & Governance
- Own and operate the Information Security risk management framework, ensuring alignment with enterprise risk management (ERM) practices
- Act as the central point of accountability for Information Security risk, driving consistent identification, assessment, and management of risks across the organisation.
- Creation and management of risk artefacts required for the management of information security risk i.e. risk acceptance documents, risk management plans, issue logs, risk statements etc.
- Lead risk assessments and workshops, ensuring risks are clearly articulated, appropriately rated, and aligned to defined risk appetite
- Challenge , drive and validate risk positions and treatment plans, ensuring they are robust, proportionate, and business-aligned
- Drive risk-based decision-making, including escalation of material risks to senior leadership and governance forums.
- Prepare and document risk acceptance decisions, clearly articulating residual risk, and drive these through appropriate governance forums to obtain formal sign-off
- Maintain and continuously enhance the information security risk register, ensuring accuracy, completeness, and actionable insight
- Identify and manage emerging risks, including those associated with AI/ML systems (e.g. bias, privacy, security, and model integrity)
Key skills
- Strong expertise in identifying, assessing, and managing information security risks aligned to business risk appetite
- Proven ability to own risk processes, make informed decisions, and appropriately challenge or escalate risk positions
- Solid experience in security control assessment, testing, gap identification, and remediation tracking
- Good working knowledge of key frameworks and regulations (ISO 27005, NIST CSF/800-53, GDPR, emerging AI standards)
- Effective communicator with the ability to influence senior stakeholders and translate technical risk into business impact
- Highly organised and methodical, delivering clear risk reporting (KPIs/KRIs), managing multiple priorities, and leveraging GRC tools
Reporting into the Head of Information Security and GRC, this is an excellent opportunity for someone looking for ownership and experience in building and maturing risk and governance for a well known brand.
Salary between £80,000 to £90,000 plus benefits - flexible depending on experience.
Strong stakeholder and user facing engagement experience is essential for the successful candidate.
Please send me a copy of your CV or reach out to arrange a confidential chat at your earliest convenience. Qualification and shortlisting this week and interviews to follow in the next 2 weeks.
Look forward to discussing this opportunity!
Lou @Harvey Nash.