Information Security Governance Manager
Specialisms: GRC Jobs
1. London, Hybrid
2. £75,000 - £85,000
3. Job type: Permanent
4. Sector: Travel & Tourism, Commerce and Industry
5. Job reference: JOL / 41824
Apply for this job
We are partnering with an award-winning UK-based business seeking to hire an Information Security Governance Manager. This role is pivotal in ensuring compliance with regulatory standards such as ISO 27001, PCI DSS, and others. The successful candidate will take ownership of all aspects of information security risk, compliance, and governance, implementing industry standards and best practices as part of an integrated approach to security across the organisation. This is an outstanding opportunity to join a thriving and progressive company where Security & Trust are key to our strategic growth.
Responsibilities:
6. Manage the Security Governance Team: Lead the team with a hands-on approach to meet business requirements and continual improvement goals.
7. Policy and Compliance Management: Define, monitor, and maintain the organisation’s information security policies, procedures, and standards. Ensure compliance with regulatory, industry best practices, and stakeholder requirements.
8. Risk Management and Assessments: Identify, assess, and mitigate information security risks through regular security assessments on third parties, information assets, projects, and sites.
9. Incident Response and Oversight: Oversee the incident response process, including identification, notification, investigation, and reporting. Contribute to the Information Security Awareness Programme to promote a security culture within the organisation.
10. Performance Tracking and Vendor Security: Define and track key performance indicators (KPIs) and key risk indicators (KRIs) to measure the effectiveness of the information security programme. Develop and maintain vendor security assessments and due diligence processes.
Qualifications:
11. Strong understanding of information security best practices, regulatory requirements, and industry standards (ISO 27001, PCI-DSS, SOX).
12. Knowledge of risk management, incident response, and compliance frameworks.
13. Experience working with globally distributed cross-functional teams and managing security initiatives
14. Professional certifications such as CISSP, CISM, or CISA are highly desirable.
If you would like any further details please contact James Lawrence – jol