Security Risk & Compliance Manager (London)

Location: London (hybrid working 3 office days per week)

Employment Type: Permanent, full time

Additional Benefits: Annual Bonus, Cash-Car Allowance & Private Medical Insurance

We’re looking for a highly capable Security Risk & Compliance Manager to shape and operate our enterprise security risk and compliance framework. This is a key role within Group Security, partnering across technology, risk, compliance and leadership teams to ensure our security posture aligns with business priorities and regulatory expectations. You’ll take ownership of key security frameworks and certifications, drive audit readiness, and provide clear insight into risk and control effectiveness, enabling informed decision-making at a senior level. This opportunity suits someone with strong internal audit capability, deep ISO27001 expertise, and the confidence to operate in a regulated environment without reliance on tooling.

What will I be doing?

• Lead the development and operation of the enterprise security risk and compliance framework aligned to business outcomes and risk appetite
• Own lifecycle management of key certifications (including ISO27001), ensuring audit readiness and successful external assurance outcomes
• Deliver robust security risk assessment, reporting and governance, including KRIs, dashboards and executive insight
• Drive control assurance and continuous improvement, ensuring gaps are identified, owned and remediated effectively
• Partner with cross-functional stakeholders to embed security requirements into technology, change and operational processes
• Act as a senior subject matter expert, influencing decisions and promoting a strong culture of security ownership

What do I need?

• Demonstrated expertise operating and auditing Information Security Management Systems (ISMS), ideally with ISO27001 certification or similar
• Strong internal audit capability, able to independently assess controls without reliance on automated tools
• Proven experience working within regulated environments, with knowledge of FCA and/or PRA expectations
• Ability to build effective relationships and influence senior stakeholders across technology, risk and business teams
• Strong understanding of risk management, control frameworks and assurance practices within complex organisations
• Professional certifications such as ISO27001 Lead Auditor/Implementer, CISSP, CISM, CRISC or equivalent are highly valued

We’re always looking to recognise and reward our employees for the work they do. As a valued member of The AA team, you’ll have access to a range of benefits including:

• 25 days annual leave plus bank holidays + holiday buying scheme
• Worksave pension scheme with up to 7% employer contribution
• Free AA breakdown membership from Day 1 plus 50% discount for family and friends
• Discounts on AA products including car and home insurance
• Employee discount scheme that gives you access to a car salary sacrifice scheme plus great discounts on healthcare, shopping, holidays and more
• Company funded life assurance
• Diverse learning and development opportunities to support you to progress in your career
• Dedicated Employee Assistance Programme and a 24/7 remote GP service for you and your family

We’re an equal opportunities employer and welcome applications from everyone. The AA values diversity and the difference this brings to our culture and our customers. We actively seek people from diverse backgrounds to join us and become part of an inclusive company where you can be yourself, be empowered to be your best and feel like you truly belong.