Head of Information Security

Head of InfoSec Governance, Risk & Compliance

Location: Hybrid (London office with home working)

Salary: £78,000

Shape the future of security and compliance in a purpose-driven organisation.

Are you a strategic thinker with deep expertise in information security governance and a knack for influencing at all levels? We're on the hunt for a dynamic individual who can lead the charge in transforming how compliance and risk management are embedded across the organisation.

This role is ideal for someone who doesn’t just understand governance and risk, but knows how to bring it to life. You’ll be instrumental in turning compliance strategies into real, practical outcomes that protect the organisation while enabling innovation and growth.

The Role

We’re seeking a confident and capable Head of InfoSec GRC to lead a maturing function in a well-established, values-led organisation making a real difference in people’s lives.

In this position, you will:

• Drive the design, implementation, and continual improvement of the organisation’s InfoSec GRC framework
• Lead risk identification, assessment, and mitigation initiatives, ensuring alignment with legal and regulatory obligations
• Partner with senior leaders to promote a culture of security awareness and compliance
• Deliver impactful training and awareness programmes to embed secure practices across the business
• Use metrics and data to assess performance and influence decision-making
• Lead and mentor a high-performing team, fostering collaboration and continuous improvement

You’ll report to the Director of Information Security and work alongside passionate, skilled professionals in a collaborative environment.

About You

This role calls for a strategic communicator, someone who can translate technical requirements into meaningful business insights and drive adoption of best practices. You’ll need to be comfortable operating in a complex, matrixed environment and confident in your ability to challenge the status quo constructively.

We're looking for someone who brings:

• Extensive experience in information security governance, risk, and compliance
• Knowledge of key standards and frameworks such as NIST CSF 2.0, PCI DSS, and Cyber Essentials Plus
• A proven ability to build strong relationships and influence stakeholders at all levels
• Experience in leading change and driving cross-functional initiatives
• Excellent communication skills, both written and verbal, with the ability to tailor messages to different audiences
• A proactive, solution-oriented mindset and the ability to work independently

Working Arrangements

This is a hybrid role, requiring regular attendance at our London office (approximately one day per week). We believe in flexibility, autonomy, and creating the conditions for you to do your best work, wherever you are.