Information Security GRC Manager

The Manager serves as a trusted advisor to internal leaders and client stakeholders, ensuring regulatory, contractual, and client security requirements are met through strong governance, proactive risk management, and clear executive reporting.

Key Responsibilities

• Provide leadership oversight of information security and compliance risk assessments across client programmes and internal functions.
• Govern core GRC artefacts, including risk registers, control frameworks, exceptions, and risk acceptances.
• Translate regulatory, contractual, and client security requirements into scalable, auditable control expectations.
• Advise senior stakeholders on risk prioritization, materiality, and risk‑business trade‑offs.
• Complete all assigned, mandatory training within the timeframe provided
• Conduct and/or participate in regularly scheduled 1:1 meetings with direct manager and/or direct reports

• Act as the senior escalation point for client security audits, assessments, and due diligence activities.
• Oversee end‑to‑end delivery of client assurance engagements, ensuring quality, consistency, and on‑time completion.
• Review and approve complex or high‑risk client assurance responses and evidence submissions.
• Ensure effective governance of client‑driven findings through remediation tracking and executive escalation.

• Lead responses to internal and external audits, maintaining audit readiness and consistent narratives.
• Establish and oversee proactive monitoring to identify control failures, emerging risks, and compliance gaps.
• Provide leadership oversight for security incidents and investigations, ensuring effective root cause analysis and remediation.
• Drive systemic improvements to controls, processes, and governance models to prevent recurring issues.

• Lead, coach, and develop a team of GRC Specialists through performance management, mentoring, and capability building.
• Produce clear, executive‑level risk reporting on posture, trends, and remediation status.
• Partner with Client Security leadership, IT, Operations, Privacy, Legal, and other stakeholders to ensure aligned priorities and timely execution.

Qualifications

• 8–10 years of experience in information security, governance, risk, compliance, audit, or client assurance.
• Demonstrated experience leading audits, security assessments, and remediation programmes.
• Strong knowledge of common security and compliance frameworks (e.g., ISO/IEC 27001, NIST, SOC 2, PCI DSS).
• Proven ability to communicate complex risk topics to executive and non‑technical audiences.
• Experience managing competing priorities across multiple clients, regions, or regulatory environments.
• Prior people‑management or team‑leadership experience.

• Bachelor’s degree in Information Security, Risk Management, Business, or a related field (or equivalent experience).
• Professional certifications such as CISSP, CISM, CISA, CRISC, HCISPP, or IAPP credentials.
• Experience with GRC tools, audit platforms, or evidence management systems.