Information Security GRC Manager | ISO27001, SOC2, Azure Security | Global Trading Platform
* £70–80k base + 10% bonus
* Hybrid in London
* Training budget for certifications + conference attendance
* Strong emphasis on professional autonomy and ethical leadership
A newly created opportunity to lead and shape the GRC function of a global financial group at a pivotal time, supporting the secure rollout of U.S. banking operations, driving ISO27001 and SOC2 maturity, and mentoring an evolving InfoSec team.
This is a hands-on manager-level role with real scope: oversight of policy, third-party risk, architectural reviews, and cloud compliance. You'll work closely with the Head of InfoSec to maintain audit readiness, improve security posture, and influence business-wide awareness and accountability.
What you’ll bring:
* 5+ years in InfoSec, IT Security or Ops within a regulated environment
* Certification required: CISSP, CISM, CRISC, or equivalent
* Strong knowledge of ISO27001:2022, SOC2 Type II, NIST CSF, PCI DSS, GDPR, DORA
* Confident with security risk assessments, audit responses, and policy governance
* Hands-on cloud security experience: ideally with Azure and the Shared Responsibility Model
* Comfort with complexity: able to analyze architecture, track metrics, and translate acronyms into actionable plans
* Mentorship ability: ready to step up, guide analysts, and model high-integrity InfoSec practice
What you’ll be doing:
* GRC ownership: maintain ISO27001 and SOC2 certifications, policies, and the Information Security Management System
* Third-party risk management: oversee supplier assessments, support junior analysts, and guide reviews via Panorays
* Security awareness & training: manage phishing simulations and content using Proofpoint
* Security architecture reviews: support technical assessments of new systems and services
* Data protection & cloud security: drive governance for Azure, Purview, and shared responsibility models
* Team leadership: mentor two analysts and deputize for the Head of InfoSec when required
* Project support: direct InfoSec involvement in the U.S. banking expansion and business unit reviews
Tech & tools you’ll use:
* Protecht – Enterprise risk and audit management
* Panorays – Third-party risk tooling
* Rapid7 / Armis – Vulnerability management and threat detection
* Proofpoint – Phishing and awareness platform
* Microsoft Purview – Data governance and compliance
* Azure & AWS – Cloud IAM, encryption, monitoring (Sentinel experience valued)
Why this role?
* High-impact GRC project work tied to new market expansion
* Strong internal security culture: backed by a collaborative team and engaged InfoSec leadership
* A clear opportunity to stretch across awareness, compliance, and operational domains
Information Security GRC Manager | ISO27001, SOC2, Azure Security | Global Trading Platform