Information Security GRC Manager | ISO27001, SOC2, Azure Security | Global Trading Platform £70–80k base 10% bonus Hybrid in London Training budget for certifications conference attendance Strong emphasis on professional autonomy and ethical leadership A newly created opportunity to lead and shape the GRC function of a global financial group at a pivotal time, supporting the secure rollout of U.S. banking operations, driving ISO27001 and SOC2 maturity, and mentoring an evolving InfoSec team. This is a hands-on manager-level role with real scope: oversight of policy, third-party risk, architectural reviews, and cloud compliance. You'll work closely with the Head of InfoSec to maintain audit readiness, improve security posture, and influence business-wide awareness and accountability. What you’ll bring: 5 years in InfoSec, IT Security or Ops within a regulated environment Certification required: CISSP, CISM, CRISC, or equivalent Strong knowledge of ISO27001:2022, SOC2 Type II, NIST CSF, PCI DSS, GDPR, DORA Confident with security risk assessments, audit responses, and policy governance Hands-on cloud security experience: ideally with Azure and the Shared Responsibility Model Comfort with complexity: able to analyze architecture, track metrics, and translate acronyms into actionable plans Mentorship ability: ready to step up, guide analysts, and model high-integrity InfoSec practice What you’ll be doing: GRC ownership: maintain ISO27001 and SOC2 certifications, policies, and the Information Security Management System Third-party risk management: oversee supplier assessments, support junior analysts, and guide reviews via Panorays Security awareness & training: manage phishing simulations and content using Proofpoint Security architecture reviews: support technical assessments of new systems and services Data protection & cloud security: drive governance for Azure, Purview, and shared responsibility models Team leadership: mentor two analysts and deputize for the Head of InfoSec when required Project support: direct InfoSec involvement in the U.S. banking expansion and business unit reviews Tech & tools you’ll use: Protecht – Enterprise risk and audit management Panorays – Third-party risk tooling Rapid7 / Armis – Vulnerability management and threat detection Proofpoint – Phishing and awareness platform Microsoft Purview – Data governance and compliance Azure & AWS – Cloud IAM, encryption, monitoring (Sentinel experience valued) Why this role? High-impact GRC project work tied to new market expansion Strong internal security culture: backed by a collaborative team and engaged InfoSec leadership A clear opportunity to stretch across awareness, compliance, and operational domains Information Security GRC Manager | ISO27001, SOC2, Azure Security | Global Trading Platform