Risk & Security Lead - Leeds (Hybrid, 2 days per month in the office)
Overview:
Are you an experienced Risk & Security professional with a solid understanding of security frameworks such as ISO27001, NIST, and risk assurance? We are looking for a pragmatic and proactive Risk & Security Lead to join a forward-thinking organisation based in Leeds. In this key role, you will be responsible for driving the organisation's security strategy, improving risk control frameworks, and supporting external audits to ensure compliance and effective risk management. The role will involve the hands-on delivery of a range of Security & Risk projects including Access Management, Audits & Change Transformation. The role is a hybrid role where you will be required to be in the office 2 separate days per month.
Key Responsibilities:
Lead and enhance the organisation's risk and security framework, ensuring alignment with best practices such as ISO27001, NIST, and other relevant standards.
Provide risk assurance by identifying, assessing, and mitigating security risks across the business.
Develop and implement effective risk management strategies, ensuring a balance of robust controls with a pragmatic approach.
Collaborate with internal teams and senior leadership to ensure a strong security posture across the organisation.
Support external audits and ensure the organisation is prepared for audits and regulatory assessments.
Continuously review and improve existing risk control frameworks, ensuring they meet evolving business needs and security standards.
Provide expert guidance and training on risk and security best practices to stakeholders across the business.
Key Requirements:
Proven experience in a Risk & Security role with hands-on knowledge of ISO27001, NIST, and other security frameworks.
Strong understanding of risk management principles and the ability to apply them pragmatically within an organisation.
Experience in supporting and managing external audits, ensuring compliance and identifying areas for improvement.
Excellent communication and stakeholder management skills, with the ability to influence at all levels.
Ability to think critically and strategically about security risks while balancing business priorities.
A proactive, solution-focused mindset, able to implement security improvements in a practical and efficient way.
Relevant certifications (e.g., CISSP, CISM, CRISC) would be a bonus.
Benefits:
10% annual bonus
Comprehensive healthcare plan
Generous pension scheme
Hybrid working only 2 days per month in the office
Additional benefits including training opportunities and a supportive work environment.
Due to the high volume of applications we receive, we may not be able to respond to all applications. Should you not hear from us in 5 working days then your application has not been successful.
Information Security, Risk, Security, Assurance, ISO27001, NIST, PCI-DSS, CISSP, Audit, Auditing, InfoSec, CyberSec,
TPBN1_UKTJ