We're looking for an IT Risk & Compliance Manager to identify, assess, and mitigate risks across information systems and applications. This role will ensure strong IT governance, compliance with regulatory and industry standards, and the continuous improvement of risk management and assurance practices.
Key Responsibilities
Information Risk Management
* Identify, assess, and manage IT risks across areas such as data protection, secure-by-design, project and life cycle management, applications, infrastructure, and networks.
* Own and maintain the IT risk register, ensuring clear mitigation and treatment plans.
* Establish or align to risk management frameworks, monitor key risk indicators, and drive corrective actions.
* Ensure alignment with relevant industry standards, policies, and regulations.
* Provide expert guidance to stakeholders on IT risk, governance, and compliance throughout the change life cycle.
* Lead risk awareness training, workshops, and communications to promote a strong risk culture.
IT Audit & Assurance
* Act as the primary contact for IT audits and assurance activities.
* Scope and coordinate IT audits, manage fieldwork, and oversee responses to findings.
* Track, report, and follow up on audit actions to ensure timely and effective remediation.
Skills & Experience
* Significant experience in IT risk management, security governance, audit, and compliance roles.
* Strong knowledge of frameworks and standards such as ISO 27001/2, NIST, COBIT, CIS Controls, GDPR, and PCI-DSS.
* Experience leading IT risk and compliance assessments and developing policies, processes, and procedures.
* Good understanding of security risk management, vulnerability management, and modern IT and cyber security practices.
* Strong communication and stakeholder management skills, with the ability to influence at all levels.
* Broad technical exposure to IT applications, infrastructure, and systems delivery and support.
* Background spanning multiple industries is highly desirable.
Qualifications
* Degree in IT, Computer Science, Engineering, Information Security, or equivalent.
* Relevant professional certification in IT risk, security, or governance (eg ISO 27001, NIST, COBIT)
Hybrid working available.
Robert Half Ltd acts as an employment business for temporary positions and an employment agency for permanent positions. Robert Half is committed to diversity, equity and inclusion. Suitable candidates with equivalent qualifications and more or less experience can apply. Rates of pay and salary ranges are dependent upon your experience, qualifications and training. If you wish to apply, please read our Privacy Notice describing how we may process, disclose and store your personal data: