This is a senior leadership role responsible for shaping and leading our Information Security GRC and Identity Governance function. You’ll ensure we have a robust, scalable and effective framework for managing cyber risk, regulatory compliance, policy governance and access control across the organisation.
You’ll lead a team of managers and analysts across governance, risk, compliance and identity governance disciplines—driving performance, maturity and continuous improvement. Acting as a trusted advisor to senior stakeholders, you’ll translate complex regulatory and risk requirements into clear, practical direction that enables secure and compliant business and technology operations.
You’ll also play a key role in influencing strategic decision-making, providing insight and challenge on material cyber risks, control gaps and compliance exposure.
Key Responsibilities
* Lead and develop the Information Security GRC and Identity Governance function, setting direction, priorities and operating model
* Own and evolve the information security governance and policy framework, ensuring it aligns to regulatory, audit and business requirements
* Oversee enterprise security risk management, ensuring risks are clearly identified, assessed, tracked and treated
* Lead audit, compliance and regulatory readiness, ensuring effective engagement, evidence management and remediation governance
* Own and mature identity governance, including access governance, privileged access, lifecycle controls and assurance
* Provide clear, risk-based reporting and recommendations to senior stakeholders to support informed decision-making
* Represent the function in senior forums and act as a delegate for the Head of Information and Cyber Security where required
About You
* Proven leadership experience in Information Security GRC, security governance or cyber risk within a complex, regulated environment
* Strong understanding of frameworks and regulations such as ISO 27001, NIST CSF, PCI‑DSS, UK GDPR, NIS/NIS2 and aviation or resilience requirements
* Experience leading multi‑disciplinary teams, including managers, and driving performance and capability development
* Deep knowledge of risk management, control assurance, compliance and governance frameworks
* Strong understanding of identity and access governance, including privileged access, segregation of duties and lifecycle controls
* Experience supporting audit and regulatory engagements, including remediation and assurance
* Ability to influence and challenge senior stakeholders across business and technology in a complex, matrixed environment
* Professional certifications such as CISSP, CISM, CRISC or CISA (or equivalent)
#J-18808-Ljbffr