Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead cyber risk assessments and enhance security policies while collaborating with tech teams.
- Company: Join a leading global investment management organisation in a dynamic hybrid role.
- Benefits: Enjoy competitive salary, flexible working, and opportunities for professional growth.
- Other info: Be part of a supportive team with excellent career advancement opportunities.
- Why this job: Make a real impact on information security in a fast-paced, innovative environment.
- Qualifications: Experience in Information Security and strong stakeholder management skills required.
The predicted salary is between 70000 - 90000 ÂŁ per year.
My client is a leading global investment management organisation seeking a Cyber GRC Specialist to join its Global Technology function in London. This is a senior hire within the Information Security GRC function, acting as deputy to the Head of Information Security & GRC, supporting the leadership and day‑to‑day running of the team. The role combines hands‑on delivery with leadership responsibility, operating in a 1.5 line capacity – working closely with technology teams while maintaining strong governance oversight.
The Information Security GRC Specialist is expected to:
- Act as second‑in‑command within the GRC function, supporting the Head of Information Security & GRC across BAU, projects, and stakeholder engagement.
- Operate in a hands‑on 1.5 line capacity, working closely with SecOps, IAM, and cloud teams to ensure controls are effective in practice.
- Lead cyber risk assessments and control reviews, identifying gaps and driving remediation through to closure.
- Act as a bridge between GRC and technical teams, confidently challenging and validating control design and implementation.
- Support board‑level reporting and risk metrics, translating technical issues into clear, business‑focused insights.
- Contribute to the development and rollout of GRC tooling, with a focus on automation, reporting, and adoption across technical teams.
- Support incident response oversight, including post‑incident reviews and control improvements.
- Maintain and enhance security policies, standards, and frameworks aligned to ISO 27001 and NIST.
- Work across Technology, Risk, Compliance, and Audit to embed security into business processes and decision‑making.
The successful Information Security GRC Specialist will possess:
- Proven experience within financial services.
- Proven experience in Information Security, Cyber GRC, or Technology Risk within a regulated environment.
- Experience operating in a hands‑on capacity across both governance and technical security domains (e.g. vulnerability management, SIEM/SOC, IAM, cloud security).
- Strong understanding of security frameworks such as ISO 27001 and/or NIST.
- Ability to engage with and challenge technical teams, ensuring controls are implemented effectively rather than existing as policy only.
- Experience producing senior‑level reporting, including risk metrics and board‑facing outputs.
- Exposure to GRC tooling and/or automation initiatives.
- Strong stakeholder management skills, with the ability to work across technical and non‑technical audiences.
- Certifications (e.g. CISSP, CISM) are not essential – practical, real‑world experience is key.
Information Security GRC Specialist in London employer: Morson Edge (Financial Services)
Contact Detail:
Morson Edge (Financial Services) Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Information Security GRC Specialist in London
✨Tip Number 1
Network like a pro! Reach out to folks in the industry on LinkedIn or at events. A friendly chat can open doors that a CV just can't.
✨Tip Number 2
Prepare for interviews by practising common questions and scenarios related to GRC. We recommend role-playing with a friend to boost your confidence and refine your answers.
✨Tip Number 3
Showcase your hands-on experience! Be ready to discuss specific projects where you’ve made an impact, especially in cyber risk assessments and control reviews.
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets noticed and shows you’re serious about joining our team.
We think you need these skills to ace Information Security GRC Specialist in London
Some tips for your application 🫡
Tailor Your CV: Make sure your CV speaks directly to the role of Information Security GRC Specialist. Highlight your experience in financial services and any hands-on roles you've had in governance and technical security. We want to see how your skills align with what we're looking for!
Craft a Compelling Cover Letter: Your cover letter is your chance to shine! Use it to explain why you're passionate about the role and how your background makes you a perfect fit. Don’t forget to mention your experience with security frameworks like ISO 27001 or NIST, as this will catch our eye.
Showcase Your Stakeholder Management Skills: In your application, be sure to highlight examples of how you've successfully engaged with both technical and non-technical teams. We love seeing candidates who can bridge the gap between governance and tech, so share those experiences with us!
Apply Through Our Website: We encourage you to apply directly through our website. It’s the best way for us to receive your application and ensures you’re considered for the role. Plus, it shows us you’re keen on joining our team at StudySmarter!
How to prepare for a job interview at Morson Edge (Financial Services)
✨Know Your GRC Inside Out
Make sure you’re well-versed in the principles of Governance, Risk, and Compliance (GRC). Brush up on frameworks like ISO 27001 and NIST, and be ready to discuss how you've applied these in real-world scenarios. This will show your potential employer that you can bridge the gap between governance and technical teams effectively.
✨Showcase Your Hands-On Experience
Prepare to share specific examples of your hands-on experience in Information Security and Cyber GRC. Highlight instances where you’ve led cyber risk assessments or managed control reviews. This will demonstrate your ability to operate in a 1.5 line capacity and your readiness to take on leadership responsibilities.
✨Engage with Stakeholders
Think about how you’ve successfully engaged with both technical and non-technical stakeholders in the past. Be ready to discuss how you’ve translated complex technical issues into business-focused insights. This skill is crucial for the role, so showcasing it will set you apart from other candidates.
✨Prepare for Scenario-Based Questions
Expect scenario-based questions that test your problem-solving skills in real-time. Practice articulating your thought process when faced with challenges, such as identifying gaps in security controls or responding to incidents. This will help you demonstrate your critical thinking and decision-making abilities during the interview.