IT Security & GRC Manager

IT Security & GRC Manager

Permanent – £48k – £52k + strong benefits

Location: Hybrid – Bristol

Your new company

I am looking to recruit an IT Security & GRC Manager to join a great public sector organisation. You\’ll join a forward-thinking organisation with a national footprint and a user base exceeding 2,000 people. With ambitious plans for IT Security transformation, this is a fantastic opportunity to be part of a dynamic and evolving team. The organisation is investing in its IT and Security function and is looking for a leader who can inspire and drive change.

Your new role

This is an interesting opportunity to join a great organisation at a key time when they are investing in and transforming their IT and Security estate. You will be running the IT Security and GRC department, reporting into the Head of IT. Key parts of the role include:

• Shape and steer the direction of IT security governance, ensuring alignment with business strategy, HMG requirements, and evolving threat landscapes.
• Ensure the organisation meets the standards expected of a government department, embedding capabilities to Identify, Detect, Protect, Respond, and Recover in line with defined frameworks, standards, and practices.
• To lead modern IT/cyber security thinking and deliverable initiatives.
• Understand the risk landscape affecting IT systems and information. Prioritise risk treatment and resources based on impact, human factors, and cost-effectiveness.
• Assurance and compliance oversight and management
• Manage the IT Security, Governance, Risk and Compliance team, ensuring clear direction, support, and professional development.

What you\’ll need to succeed

• At least one of the following, ideally 2 of CISM / CISA / CISMP
• Strong demonstrable experience of IT and cyber governance, compliance, risk, and security within enterprise IT environments.
• Awareness and experience of working within industry, Government and NCSC security governance frameworks, standards, policies, and legislation (e.g. GovAssure, Cyber Assurance Framework, Government Functional Standards, Cyber Essentials, GDPR.
• Experience communicating with stakeholders at all levels.
• Experience leading or contributing to the response and resolution of IT/cyber security incidents, including investigation, remediation, assurance, continuous improvement.
• Experience of being a central point for provision of IT/cyber security and risk guidance.
• Able to manage sensitive and challenging situations with discretion, fairness, empathy.
• Awareness of vulnerability management tools; enterprise IT systems, services, infrastructure, networking, applications in cloud, on-prem, and hybrid environments. Security tooling such as Mimecast and Microsoft Defender, Sentinel, IDAM services; ITSM tools such as Halo, Lansweeper.
• Experience leading and managing an IT/Cyber Security function and working groups.
• ITIL and ITSM.

What you\’ll get in return

• Salary of between £48k-£52k
• 25 days annual leave + bank holidays – additional day for each year of service (up to 30 days)
• Hybrid working 2 days in Bristol per week (open to negotiation for the right candidate)
• Strong civil service pension (27%)
• And more!

What you need to do now

If you\’re interested in this role, click \’apply now\’ to forward an up-to-date copy of your CV, or call us now.

If this job isn\’t quite right for you, but you are looking for a new position, please contact us for a confidential discussion about your career.

Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C\’s, Privacy Policy and Disclaimers which can be found at hays.co.uk