We’ve been engaged by our client to hire an Information Security GRC Risk Manager to take full ownership of internal facing (not vendor or third party) security risk management and policy governance across a complex, enterprise environment.

This is a high-impact role where you’ll act as the central point for Information Security risk, driving risk visibility, governance, and accountability across the organisation while influencing senior stakeholders and shaping decision-making.

What you’ll be doing

• Owning and operating the Information Security risk management framework aligned to ERM
• Leading internal risk assessments, workshops, and governance forums
• Managing the security risk register, risk artefacts, and treatment plans
• Driving risk-based decision making and escalating key risks to leadership
• Delivering clear risk reporting (KPIs/KRIs) and actionable insights
• Acting as the bridge between Information Security, ERM, and the wider business
• Owning and maintaining the Information Security policy framework (standards, life cycle, exceptions)
• Identifying and managing emerging risks, including AI/ML-related threats
• Running & presenting at risk committees at the C-suite level

What you’ll bring

• Strong experience in Information Security GRC, particularly in the internal Risk Management space
• Proven ability to own end-to-end risk processes and influence outcomes
• Experience conducting risk assessments and defining treatment strategies
• Solid understanding of frameworks such as ISO 27001/27005, NIST CSF, NIST 800-53
• Knowledge of regulatory requirements (eg GDPR)
• Experience with security controls, control testing, and gap analysis
• Strong stakeholder management-comfortable challenging, presenting to and influencing senior leaders
• Experience with GRC tools (eg Diligent One) is beneficial

Why apply?

• Own and shape the organisation’s Information Security risk approach
• High visibility role with direct impact on senior decision-making
• Opportunity to drive GRC maturity and continuous improvement
• Work across modern technology risks, including AI and emerging threats