Information Security GRC Manager

Oliver James has partnered with a industry leader who are currently looking for a Information Security GRC Manager to join the team.

Experience Required:

• Lead information security governance, risk, and compliance efforts, drawing on solid management experience.

• Apply deep knowledge of key security frameworks and regulations (ISO 27001, NIST, GDPR) to guide compliance.

• Develop and implement risk assessments and mitigation plans to address identified threats.

• Create clear documentation and reports, including audits, assessments, and gap analyses.

• Oversee compliance with standards such as ISO 27001 and PCI-DSS, ensuring ongoing monitoring and delivery.

• Communicate effectively with stakeholders at all levels, translating complex security concepts into business terms.

• Stay informed on legal and regulatory requirements relevant to security, particularly in the housing sector.

• Establish and maintain effective policies, standards, and controls for managing information security.

• Build strong relationships with senior leaders and support a security-first culture across the business.

Responsibilities:

• Own and maintain the information security governance and risk frameworks.

• Define and track KPIs to measure how well security controls are performing.

• Assess security risks and implement action plans to manage and reduce them.

• Lead both internal and external security audits.

• Evaluate the effectiveness of security measures across suppliers, systems, and products.

• Communicate security policies, standards, and regulatory requirements across the business.

• Support budgeting, procurement, and tender processes with security input.