We\'re looking for a Information Security GRC Manager to join our team in Milton Keynes on a permanent basis. This role offers a salary of £75,000 - £84,000 with a hybrid working pattern.
At The Institute of Chartered Accountants England & Wales (ICAEW), you\'ll be part of an organisation that\'s shaping the future of business, finance and the accountancy profession on a global scale. Our bold 2030 Strategy puts members, innovation, sustainability and trust at the heart of everything we do; creating an exciting, forward looking environment where your work has real impact. We invest in our people through our benefits package, continuous development and a supportive, inclusive culture that empowers you to grow and thrive. If you\'re looking for a role with purpose, influence and opportunity, ICAEW is a place where your future can truly take shape.
The Information Security GRC Manager is a hands-on leader who will be responsible for the development, implementation and maintenance of the organisation\'s Information Security Governance, Risk Management and Compliance framework across the ICAEW business. The role will ensure alignment with ICAEW Information Security strategy and all relevant legislative, regulatory and industry standards. The role requires collaboration with senior leadership, technology teams, legal, DPO and wider business stakeholders to embed a strong security and compliance culture across the business.
What you will be doing
* The end-to-end design, implementation and maintenance of an ISO27001 compliant Information Security Management System.
* Ownership, delivery and maintenance of Cyber Essentials certification.
* The implementation of an effective Third-Party Risk Management strategy to mitigate supplier and vendor risks.
* Driving adoption of Information Security Governance, Risk, Compliance requirements within the organisation.
* The development and implementation of information security policies, standards and guidelines.
* The provision of InfoSec advice for new and on-going projects
* Tracking InfoSec risk metrics, monitoring compliance and escalation of exceptions where necessary.
* Liaison with internal & external auditors; ensure remediation of findings.
* Monitoring emerging Information Security threats and trends.
* Proven experience in the hands-on delivery of GRC strategies in complex environments.
* Intrinsic knowledge of ISO 27001, CE & PCI
* Engagement with external auditors
* Certification is desirable: ISO 27001 Lead Auditor; ISO 27001 Implementor; CISM, CRISC, CISA, CISSP
* Desirable: Experience in the Financial or other regulated sector
Personal Attributes
* Calm and decisive under pressure, with a focus on outcomes and collaboration.
* Strong presence with the ability to engage and influence across the business.
* Analytical and disciplined, with a commitment to operational excellence.
* Continuously improves capability through reflection, feedback, and innovation.
What you can expect from us
We believe doing your best work starts with feeling supported both professionally and personally. That\'s why we offer a range of benefits designed to give you flexibility, security, and peace of mind:
* Private Medical Insurance
* 24 days\' holiday, and the option to buy or sell extra days
* Flexible and hybrid working to help you find the right balance
* Everyday savings through gym discounts, travel loans, and retail perks
* Enhanced family leave, including up to 6 months on full pay
* Ongoing wellbeing support, including access to CABA
* A paid day each year to volunteer for a cause that matters to you
It\'s all part of creating an environment where you can thrive, in work and beyond. For a full overview of our benefits package please see below.
Additional Information
Who We Are
Diversity & Inclusion
Governance
We reserve the right to close this vacancy earlier than the advertised closing date should we receive enough suitable applications. We therefore encourage interested candidates to apply as soon as possible to avoid disappointment.
Privacy Statement
The ICAEW privacy statement outlines how the Institute collects, uses, shares, and retains personal data. It includes information on what personal data is collected, how it is used, and how it is shared. The statement also details the special categories of personal data that require additional care and protection. ICAEW is committed to ensuring that everyone has access to its facilities and that freedom of movement is achieved for staff, members, and visitors. The statement is available on the ICAEW website and can be contacted for any questions or concerns.
#J-18808-Ljbffr