The Opportunity This enterprise scale business is seeking a GRC focussed information security professional to join as an Information Security Governance & Risk Lead.Being responsible for managing IT risks, you will develop and deliver IT Security and Governance processes, policies and procedures, ensuring effective controls are in place, monitored and managed, to minimise and mitigate organisational risk.This is an exciting time to join the business as it embarks on a major cyber security programme of work. The company operates a hybrid working policy where you will be in the office 4 days a week. The Role As the SME for IT Risk, you will: Provide expertise on compliance with internal and IT Security policies and governance controls (e.g., ISO27001, ISO27019, NIS-R, CAF). Be accountable for technical and non-technical risk assessments, monitoring compliance, and recommending technical controls. Ensure timely resolution of internal and external audit actions. Ensure IT Business Continuity planning, collaborating with Emergency Planning and Business Services. Regularly review IT policies, processes, and standards, recommending cost-effective actions and controls. Manage IT Security vendors, suppliers, contractors, and the Managed Security Service. Collaborate with peers within the Cyber Security team on regulatory and project assurance, managing audits, and assessing risks. Develop IT Cyber Security reporting, promoting policy and governance awareness. Continuously improves IT Security Risk processes and compliance initiatives. The Person As an experienced Governance, Risk & Compliance professional you will be proficient with working to standards such as ISO 27001 and NIS-D / CAF. Specifically you will have: Experience in delivering information security certification and maintaining compliance. Experience in creating and reviewing IT security policies. High-level understanding of operational technology systems and their risks. Certifications such as ISO 27001 Implementer or Lead Auditor, CISM, CISSP or CISA will be beneficial though not essential. Exposure to CAF would be ideal.Applications are invited for both seasoned Information Security Managers as well as those looking to make the step up into this area from a GRC focused role such as from IT Audit.You must have the ability to obtain UK security clearance and have been a UK resident for 5 years or more.