At a Glance
- Tasks: Lead the Information Security risk framework and drive a risk-led culture.
- Company: A leading London brand with a strong focus on information security.
- Benefits: Competitive salary, flexible working, and opportunities for professional growth.
- Other info: Great opportunity for ownership and career advancement in a well-known brand.
- Why this job: Shape risk strategy and influence senior leadership in a dynamic environment.
- Qualifications: Experience in information security risk management and stakeholder engagement.
The predicted salary is between 80000 - 90000 £ per year.
A leading London based brand is looking for an experienced Information Security GRC Risk Manager to take ownership of their Information Security risk framework, driving a mature, risk-led culture across the organisation. Reporting into the Head of Information Security GRC, this is a highly visible and autonomous role, working closely with senior leadership to shape risk strategy, lead governance forums, and provide clear insight into risk exposure, controls, and remediation. You’ll play a key part in building up and strengthening the GRC function, improving reporting (KPIs/KRIs), and embedding robust policy and risk management practices.
A great opportunity for someone who thrives on influencing stakeholders, challenging risk positions, and driving continuous improvement across a complex, regulated environment.
Key responsibilities:- Own and operate the Information Security risk management framework, ensuring alignment with enterprise risk management (ERM) practices.
- Act as the central point of accountability for Information Security risk, driving consistent identification, assessment, and management of risks across the organisation.
- Creation and management of risk artefacts required for the management of information security risk i.e. risk acceptance documents, risk management plans, issue logs, risk statements etc.
- Lead risk assessments and workshops, ensuring risks are clearly articulated, appropriately rated, and aligned to defined risk appetite.
- Challenge, drive and validate risk positions and treatment plans, ensuring they are robust, proportionate, and business-aligned.
- Drive risk-based decision-making, including escalation of material risks to senior leadership and governance forums.
- Prepare and document risk acceptance decisions, clearly articulating residual risk, and drive these through appropriate governance forums to obtain formal sign-off.
- Maintain and continuously enhance the information security risk register, ensuring accuracy, completeness, and actionable insight.
- Identify and manage emerging risks, including those associated with AI/ML systems (e.g. bias, privacy, security, and model integrity).
- Strong expertise in identifying, assessing, and managing information security risks aligned to business risk appetite.
- Proven ability to own risk processes, make informed decisions, and appropriately challenge or escalate risk positions.
- Solid experience in security control assessment, testing, gap identification, and remediation tracking.
- Good working knowledge of key frameworks and regulations (ISO 27005, NIST CSF/800-53, GDPR, emerging AI standards).
- Effective communicator with the ability to influence senior stakeholders and translate technical risk into business impact.
- Highly organised and methodical, delivering clear risk reporting (KPIs/KRIs), managing multiple priorities, and leveraging GRC tools.
This is an excellent opportunity for someone looking for ownership and experience in building and maturing risk and governance for a well-known brand.
Salary between £80,000 to £90,000 plus benefits - flexible depending on experience.
Strong stakeholder and user facing engagement experience is essential for the successful candidate.
Please send me a copy of your CV or reach out to arrange a confidential chat at your earliest convenience. Qualification and shortlisting this week and interviews to follow in the next 2 weeks. Look forward to discussing this opportunity!
Information Security GRC Risk Manager / Lead in Slough employer: Harvey Nash
Join a leading London-based brand that prioritises a mature, risk-led culture and offers an empowering work environment for its employees. With a strong focus on professional growth, you will have the opportunity to shape risk strategy and influence senior leadership while enjoying competitive benefits and a collaborative atmosphere. This role not only allows for autonomy in managing the Information Security risk framework but also fosters continuous improvement and innovation within a complex, regulated setting.
StudySmarter Expert Advice🤫
We think this is how you could land Information Security GRC Risk Manager / Lead in Slough
✨Tip Number 1
Network like a pro! Reach out to your connections in the industry, attend relevant events, and engage with professionals on platforms like LinkedIn. We can’t stress enough how important it is to make those personal connections that could lead to job opportunities.
✨Tip Number 2
Prepare for interviews by researching the company and its culture. Understand their risk management practices and be ready to discuss how your experience aligns with their needs. We want you to walk in feeling confident and ready to impress!
✨Tip Number 3
Showcase your expertise during interviews by sharing specific examples of how you've managed information security risks in the past. We love hearing about real-life scenarios that demonstrate your skills and problem-solving abilities.
✨Tip Number 4
Don’t forget to follow up after your interviews! A simple thank-you email can go a long way in keeping you top of mind. We recommend reiterating your enthusiasm for the role and how you can contribute to their risk management goals.
We think you need these skills to ace Information Security GRC Risk Manager / Lead in Slough
Some tips for your application 🫡
Tailor Your CV:Make sure your CV speaks directly to the role of Information Security GRC Risk Manager. Highlight your experience with risk management frameworks and any relevant certifications. We want to see how your skills align with what we're looking for!
Craft a Compelling Cover Letter:Your cover letter is your chance to shine! Use it to explain why you're passionate about information security and how you can contribute to our risk-led culture. Be sure to mention specific examples of your past successes in similar roles.
Showcase Your Stakeholder Engagement Skills:Since this role involves influencing senior leadership, make sure to highlight your experience in stakeholder engagement. Share examples of how you've effectively communicated complex risk issues in the past – we love a good story!
Apply Through Our Website:We encourage you to apply through our website for a smoother application process. It helps us keep track of your application and ensures you don’t miss out on any important updates. Plus, it’s super easy!
How to prepare for a job interview at Harvey Nash
✨Know Your Risk Frameworks
Make sure you’re well-versed in key frameworks like ISO 27005 and NIST CSF/800-53. Brush up on how these frameworks align with the organisation's risk appetite, as you'll need to demonstrate your expertise in managing information security risks during the interview.
✨Prepare for Stakeholder Engagement
Since this role involves influencing senior stakeholders, practice articulating technical risks in a way that highlights their business impact. Think of examples where you've successfully communicated complex risk positions and how they were received by leadership.
✨Showcase Your Governance Skills
Be ready to discuss your experience in leading risk assessments and workshops. Prepare specific examples of how you’ve created and managed risk artefacts, and how you’ve driven risk-based decision-making in previous roles.
✨Stay Updated on Emerging Risks
With the rise of AI/ML systems, it’s crucial to be aware of the associated risks. Familiarise yourself with current trends and challenges in this area, and be prepared to discuss how you would identify and manage these emerging risks within the organisation.
