- £70–80k base 10% bonus
- Hybrid in London
- Training budget for certifications conference attendance
- Strong emphasis on professional autonomy and ethical leadership
A newly created opportunity to lead and shape the GRC function of a global financial group at a pivotal time, supporting the secure rollout of U.S. banking operations, driving ISO27001 and SOC2 maturity, and mentoring an evolving InfoSec team.
This is a hands-on manager-level role with real scope: oversight of policy, third-party risk, architectural reviews, and cloud compliance. You'll work closely with the Head of InfoSec to maintain audit readiness, improve security posture, and influence business-wide awareness and accountability.
What you’ll bring:
- 5 years in InfoSec, IT Security or Ops within a regulated environment
- Certification required: CISSP, CISM, CRISC, or equivalent
- Strong knowledge of ISO27001:2022, SOC2 Type II, NIST CSF, PCI DSS, GDPR, DORA
- Confident with security risk assessments, audit responses, and policy governance
- Hands-on cloud security experience: ideally with Azure and the Shared Responsibility Model
- Comfort with complexity: able to analyze architecture, track metrics, and translate acronyms into actionable plans
- Mentorship ability: ready to step up, guide analysts, and model high-integrity InfoSec practice
What you’ll be doing:
- GRC ownership: maintain ISO27001 and SOC2 certifications, policies, and the Information Security Management System
- Third-party risk management: oversee supplier assessments, support junior analysts, and guide reviews via Panorays
- Security awareness & training: manage phishing simulations and content using Proofpoint
- Security architecture reviews: support technical assessments of new systems and services
- Data protection & cloud security: drive governance for Azure, Purview, and shared responsibility models
- Team leadership: mentor two analysts and deputize for the Head of InfoSec when required
- Project support: direct InfoSec involvement in the U.S. banking expansion and business unit reviews
Tech & tools you’ll use:
- Protecht – Enterprise risk and audit management
- Panorays – Third-party risk tooling
- Rapid7 / Armis – Vulnerability management and threat detection
- Proofpoint – Phishing and awareness platform
- Microsoft Purview – Data governance and compliance
- Azure & AWS – Cloud IAM, encryption, monitoring (Sentinel experience valued)
Why this role?
- High-impact GRC project work tied to new market expansion
- Strong internal security culture: backed by a collaborative team and engaged InfoSec leadership
- A clear opportunity to stretch across awareness, compliance, and operational domains
Information Security GRC Manager | ISO27001, SOC2, Azure Security | Global Trading Platform
