Audit & Risk Recruitment provided pay range
This range is provided by Audit & Risk Recruitment. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.
Base pay range
Direct message the job poster from Audit & Risk Recruitment.
Audit & Risk Recruitment are working on a fantastic Technology Risk and Assurance opportunity for a large Technology business.
This role focuses on managing and enhancing the IT and Information Security risk landscape. Reporting directly to the Head of Risk and Assurance, you will play a key role in embedding effective risk management practices across the company's technology and cybersecurity domains.
Responsibilities
* Partnering with senior IT, Security, and business leaders to embed risk management practices into operational processes and strategic initiatives.
* Owning and maintaining IT Risk and Control Matrices (RCMs), ensuring they remain current, comprehensive, and aligned with industry standards and audit expectations.
* Reviewing effectiveness of first line functions in testing and validation of key IT controls (e.g., access management, change control, incident response, vulnerability management), ensuring effectiveness and consistency.
* Leading in the review and enhancement of IT and infosec risk and control frameworks (e.g., ISO 27001, ITIL, ISO22301, NIST), ensuring alignment with business objectives and regulatory requirements.
* Coordinating and representing IT risk in internal, external audits and certification processes (e.g., ISO 27001, Cyber Essentials, ISO22301, etc.), acting as the primary point of contact.
Qualifications
* Minimum 5 years of experience in second-line risk management or internal audit, with a strong focus on IT or Information Security.
* Experience in consultancy or professional services, with a proven ability to support complex transformation or change programmes is preferred.
* Demonstrated leadership in delivering IT risk or audit initiatives, including managing projects, mentoring team members, and driving outcomes.
* Strong knowledge of industry frameworks and standards, such as ISO 27001, NIST, CIS Controls, and regulatory requirements like GDPR.
* Proven ability to engage and influence stakeholders across IT, Information Security, and business functions, building trusted relationships at all levels.
Flexibility
* Hybrid working – 3 days in the office and 2 days working from home
* Working flexible hours - flexing the times you start and finish during the day
* Flexibility around school pick up and drop offs
Seniority level
Mid-Senior level
Employment type
Full-time
Job function
Information Technology
Industries
Technology, Information and Media
#J-18808-Ljbffr