At a Glance
- Tasks: Lead the Information Security risk framework and drive a risk-led culture.
- Company: A leading London brand with a strong focus on information security.
- Benefits: Competitive salary, flexible working, and opportunities for professional growth.
- Other info: Great opportunity for ownership and career advancement in a well-known brand.
- Why this job: Shape risk strategy and influence senior leadership in a dynamic environment.
- Qualifications: Experience in information security risk management and strong stakeholder engagement skills.
The predicted salary is between 80000 - 90000 £ per year.
A leading London based brand is looking for an experienced Information Security GRC Risk Manager to take ownership of their Information Security risk framework, driving a mature, risk-led culture across the organisation. Reporting into the Head of Information Security GRC, this is a highly visible and autonomous role, working closely with senior leadership to shape risk strategy, lead governance forums, and provide clear insight into risk exposure, controls, and remediation. You’ll play a key part in building up and strengthening the GRC function, improving reporting (KPIs/KRIs), and embedding robust policy and risk management practices.
A great opportunity for someone who thrives on influencing stakeholders, challenging risk positions, and driving continuous improvement across a complex, regulated environment.
Key responsibilities:- Own and operate the Information Security risk management framework, ensuring alignment with enterprise risk management (ERM) practices.
- Act as the central point of accountability for Information Security risk, driving consistent identification, assessment, and management of risks across the organisation.
- Creation and management of risk artefacts required for the management of information security risk i.e. risk acceptance documents, risk management plans, issue logs, risk statements etc.
- Lead risk assessments and workshops, ensuring risks are clearly articulated, appropriately rated, and aligned to defined risk appetite.
- Challenge, drive and validate risk positions and treatment plans, ensuring they are robust, proportionate, and business-aligned.
- Drive risk-based decision-making, including escalation of material risks to senior leadership and governance forums.
- Prepare and document risk acceptance decisions, clearly articulating residual risk, and drive these through appropriate governance forums to obtain formal sign-off.
- Maintain and continuously enhance the information security risk register, ensuring accuracy, completeness, and actionable insight.
- Identify and manage emerging risks, including those associated with AI/ML systems (e.g. bias, privacy, security, and model integrity).
- Strong expertise in identifying, assessing, and managing information security risks aligned to business risk appetite.
- Proven ability to own risk processes, make informed decisions, and appropriately challenge or escalate risk positions.
- Solid experience in security control assessment, testing, gap identification, and remediation tracking.
- Good working knowledge of key frameworks and regulations (ISO 27005, NIST CSF/800-53, GDPR, emerging AI standards).
- Effective communicator with the ability to influence senior stakeholders and translate technical risk into business impact.
- Highly organised and methodical, delivering clear risk reporting (KPIs/KRIs), managing multiple priorities, and leveraging GRC tools.
This is an excellent opportunity for someone looking for ownership and experience in building and maturing risk and governance for a well-known brand.
Salary between £80,000 to £90,000 plus benefits - flexible depending on experience.
Strong stakeholder and user facing engagement experience is essential for the successful candidate.
Please send me a copy of your CV or reach out to arrange a confidential chat at your earliest convenience. Qualification and shortlisting this week and interviews to follow in the next 2 weeks. Look forward to discussing this opportunity!
Information Security GRC Risk Manager / Lead in London employer: Harvey Nash
Join a leading London-based brand that prioritises a mature, risk-led culture and offers an empowering work environment for its employees. With a strong focus on professional growth, you will have the opportunity to shape risk strategy and influence senior leadership while enjoying competitive benefits and a collaborative atmosphere. This role not only allows for autonomy in managing the Information Security risk framework but also fosters continuous improvement and innovation within a complex, regulated setting.
StudySmarter Expert Advice🤫
We think this is how you could land Information Security GRC Risk Manager / Lead in London
✨Tip Number 1
Network like a pro! Reach out to your connections in the industry, attend relevant events, and engage with professionals on platforms like LinkedIn. We all know that sometimes it’s not just what you know, but who you know that can help you land that dream role.
✨Tip Number 2
Prepare for those interviews! Research the company and its risk management practices thoroughly. We recommend practising common interview questions related to information security and governance, so you can confidently showcase your expertise and how you can drive their risk strategy.
✨Tip Number 3
Showcase your achievements! When discussing your experience, focus on specific examples where you’ve successfully managed risks or improved governance frameworks. We want to see how you’ve made an impact in previous roles, so don’t hold back!
✨Tip Number 4
Apply through our website! It’s the best way to ensure your application gets noticed. Plus, we’re always looking for talented individuals who can contribute to our mission of enhancing information security practices across organisations.
We think you need these skills to ace Information Security GRC Risk Manager / Lead in London
Some tips for your application 🫡
Tailor Your CV:Make sure your CV speaks directly to the role of Information Security GRC Risk Manager. Highlight your experience with risk management frameworks and any relevant certifications. We want to see how your skills align with what we're looking for!
Craft a Compelling Cover Letter:Your cover letter is your chance to shine! Use it to explain why you're passionate about information security and how you can contribute to our risk-led culture. Be sure to mention specific examples of your past successes in similar roles.
Showcase Your Stakeholder Engagement Skills:Since this role involves influencing senior leadership, make sure to highlight your experience in stakeholder engagement. Share examples of how you've effectively communicated complex risk issues in the past – we love a good story!
Apply Through Our Website:We encourage you to apply through our website for a smoother application process. It helps us keep track of your application and ensures you don’t miss out on any important updates. Plus, it shows you're keen on joining our team!
How to prepare for a job interview at Harvey Nash
✨Know Your Risk Frameworks
Make sure you’re well-versed in key frameworks like ISO 27005 and NIST CSF/800-53. Brush up on how these frameworks align with the company's risk management practices, as this will show your understanding of their needs and how you can contribute.
✨Prepare for Stakeholder Engagement
Since this role involves influencing senior stakeholders, practice articulating technical risks in a way that highlights their business impact. Use examples from your past experiences to demonstrate how you've successfully communicated complex information to non-technical audiences.
✨Showcase Your Organisational Skills
Be ready to discuss how you manage multiple priorities and deliver clear risk reporting. Bring examples of KPIs/KRIs you've developed or improved in previous roles, as this will illustrate your methodical approach to risk management.
✨Emphasise Continuous Improvement
Highlight your experience in driving continuous improvement within risk management processes. Be prepared to share specific instances where you've identified gaps, implemented changes, and measured the outcomes to enhance the overall risk posture.
