Are you a highly skilled and experienced professional looking to lead Governance, Risk, and Compliance in one of the UK's largest charities? About the role Our vision is to embed robust governance, risk management, and compliance frameworks across the organisation, ensuring British Heart Foundation (BHF) is secure and resilient in the future. As our Head of Governance, Risk, and Compliance (InfoSec), youll play a pivotal role in making this vision a reality. Youll be responsible for providing strategic guidance, oversight, and management of the GRC functions within BHF. Reporting directly to the Head of Information Security, youll lead initiatives to build a strong security culture, ensure compliance with relevant laws and standards, and manage information security risks. Working arrangements This is a blended role, where your work will be dual located between your home and our London office. At BHF, we believe in the power of being together, so our colleagues on blended contracts can expect to spend some time in their office, at least one day each week, on average. The use of our office spaces is driven in part by your role and the activities you need to do. This may vary from time to time, so you will need to work in a flexible way to unlock your best work for our cause. About you We are open to applicants with a wide range of backgrounds and experience, who can demonstrate excellent stakeholder management skills alongside solid analysis skills. With good influencing and communication skills (both written and verbal), youll also have previous experience of leading change and challenging assumptions. Being able to build, plan and deliver against is essential in this role. Youd benefit from experience information security, particularly focused on governance, risk, and compliance. Youll also have a solid understanding of the NIST CSF 2.0, PCI DSS, and Cyber Essentials Plus. Leading the development and implementation of information security governance frameworks. In this role you will be responsible for: Conducting risk assessments, identifying, assessing, and mitigating information security risks Ensuring compliance with relevant laws, regulations, and standards Promoting a strong security culture within the organisation through training programs and awareness campaigns Managing and mentoring a team, fostering a positive and collaborative work environment Developing and maintaining metrics to measure the effectiveness of InfoSec activities Interview process First stage interviews will be held via MS Teams, with final interviews in person, at our London offices, which will include a short presentation. ADZN1_UKTJ