Information Security Manager (GRC Focus)
We’re partnering with a large, multi-site organisation looking to bring in an experienced Information Security Manager to take ownership of their GRC function.
This is a hands-on, high-impact role where you’ll shape security strategy, drive compliance, and embed a strong security culture across the business.
What you’ll be doing:
* Owning and evolving the information security strategy, policies, and ISMS (ISO 27001 aligned)
* Leading governance, risk, and compliance activity across the organisation
* Acting as the go-to for data protection across UK and EU regulations (GDPR, NIS, etc.)
* Managing security risk assessments, DPIAs, and maintaining the risk register
* Overseeing vulnerability management, pen testing, and remediation efforts
* Leading incident response and supporting major incident management when needed
* Driving audit readiness across frameworks like ISO 27001, NIST, PCI DSS
* Managing third-party/vendor risk and security due diligence
* Delivering security awareness programmes and influencing stakeholders at all levels
What they’re looking for:
* Proven experience in a GRC-focused cyber security role
* Strong understanding of risk, compliance frameworks, and security principles
* Ability to translate technical risk into clear business impact
* Hands-on experience with vulnerability management and security assessments
* Good knowledge of network security and modern security tooling
* Strong grasp of UK/EU data protection regulations
* Experience working with ISO 27001 and similar frameworks
Nice to have:
* Certifications like CISSP, CISM, ISO 27001, or similar
* Exposure to cloud environments (Azure/AWS) and security tooling
* Experience working in complex, multi-site environments
Why this role?
You’ll be stepping into a role with real ownership, visibility, and influence. It’s an opportunity to shape security maturity in a business where cyber is taken seriously and continues to grow in importance.