Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead and shape the GRC function, ensuring compliance and security across operations.
- Company: Join a global financial group focused on secure banking operations and ethical leadership.
- Benefits: Enjoy a hybrid work model, training budget, and a 10% bonus on top of your salary.
- Why this job: Be part of impactful projects while mentoring a dynamic InfoSec team in a supportive culture.
- Qualifications: 5+ years in InfoSec with relevant certifications like CISSP or CISM required.
- Other info: Hands-on role with opportunities for professional growth and influence in a pivotal time.
The predicted salary is between 56000 - 84000 £ per year.
Information Security GRC Manager | ISO27001, SOC2, Azure Security | Global Trading Platform
- £70–80k base + 10% bonus
- Hybrid in London
- Training budget for certifications + conference attendance
- Strong emphasis on professional autonomy and ethical leadership
A newly created opportunity to lead and shape the GRC function of a global financial group at a pivotal time, supporting the secure rollout of U.S. banking operations, driving ISO27001 and SOC2 maturity, and mentoring an evolving InfoSec team.
This is a hands-on manager-level role with real scope: oversight of policy, third-party risk, architectural reviews, and cloud compliance. You\’ll work closely with the Head of InfoSec to maintain audit readiness, improve security posture, and influence business-wide awareness and accountability.
What you’ll bring:
- 5+ years in InfoSec, IT Security or Ops within a regulated environment
- Certification required: CISSP, CISM, CRISC, or equivalent
- Strong knowledge of ISO27001:2022, SOC2 Type II, NIST CSF, PCI DSS, GDPR, DORA
- Confident with security risk assessments, audit responses, and policy governance
- Hands-on cloud security experience: ideally with Azure and the Shared Responsibility Model
- Comfort with complexity: able to analyze architecture, track metrics, and translate acronyms into actionable plans
- Mentorship ability: ready to step up, guide analysts, and model high-integrity InfoSec practice
What you’ll be doing:
- GRC ownership: maintain ISO27001 and SOC2 certifications, policies, and the Information Security Management System
- Third-party risk management: oversee supplier assessments, support junior analysts, and guide reviews via Panorays
- Security awareness & training: manage phishing simulations and content using Proofpoint
- Security architecture reviews: support technical assessments of new systems and services
- Data protection & cloud security: drive governance for Azure, Purview, and shared responsibility models
- Team leadership: mentor two analysts and deputize for the Head of InfoSec when required
- Project support: direct InfoSec involvement in the U.S. banking expansion and business unit reviews
Tech & tools you’ll use:
- Protecht – Enterprise risk and audit management
- Panorays – Third-party risk tooling
- Rapid7 / Armis – Vulnerability management and threat detection
- Proofpoint – Phishing and awareness platform
- Microsoft Purview – Data governance and compliance
- Azure & AWS – Cloud IAM, encryption, monitoring (Sentinel experience valued)
Why this role?
- High-impact GRC project work tied to new market expansion
- Strong internal security culture: backed by a collaborative team and engaged InfoSec leadership
- A clear opportunity to stretch across awareness, compliance, and operational domains
Information Security GRC Manager | ISO27001, SOC2, Azure Security | Global Trading Platform
Information Technology Governance Manager employer: Prism Digital
Contact Detail:
Prism Digital Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Information Technology Governance Manager
✨Tip Number 1
Network with professionals in the InfoSec and GRC fields. Attend industry conferences or local meetups to connect with others who may have insights into the role or even know about openings at StudySmarter.
✨Tip Number 2
Familiarise yourself with the specific tools mentioned in the job description, such as Protecht, Panorays, and Proofpoint. Having hands-on experience or knowledge of these platforms can set you apart during discussions.
✨Tip Number 3
Prepare to discuss your experience with ISO27001 and SOC2 in detail. Be ready to share examples of how you've maintained certifications or improved security postures in previous roles.
✨Tip Number 4
Showcase your mentorship skills by preparing examples of how you've guided junior team members in the past. This will demonstrate your leadership potential and fit for the role.
We think you need these skills to ace Information Technology Governance Manager
Some tips for your application 🫡
Tailor Your CV: Make sure your CV highlights relevant experience in InfoSec, IT Security, or Operations within regulated environments. Emphasise your certifications like CISSP, CISM, or CRISC, and showcase your hands-on cloud security experience, particularly with Azure.
Craft a Compelling Cover Letter: In your cover letter, express your enthusiasm for the role and the company. Discuss how your background aligns with the responsibilities of GRC ownership, third-party risk management, and team leadership. Use specific examples to demonstrate your mentorship abilities and experience with ISO27001 and SOC2.
Highlight Relevant Skills: Clearly outline your skills related to security risk assessments, audit responses, and policy governance. Mention your familiarity with tools like Protecht, Panorays, and Proofpoint, as well as your ability to analyse complex architectures and translate technical jargon into actionable plans.
Showcase Your Leadership Experience: Since this is a managerial role, highlight any previous leadership experience you have. Discuss how you've mentored junior analysts or led teams in past positions, and how you can contribute to fostering a strong internal security culture within the company.
How to prepare for a job interview at Prism Digital
✨Showcase Your Technical Knowledge
Make sure to demonstrate your understanding of ISO27001, SOC2, and other relevant frameworks during the interview. Be prepared to discuss how you've applied these standards in previous roles, especially in a regulated environment.
✨Highlight Your Leadership Skills
Since this role involves mentoring analysts and leading the GRC function, share specific examples of how you've successfully guided teams in the past. Discuss your approach to fostering a strong security culture and promoting ethical leadership.
✨Prepare for Scenario-Based Questions
Expect questions that assess your problem-solving abilities in real-world situations. Think about challenges you've faced in InfoSec, particularly around third-party risk management or cloud security, and how you navigated them.
✨Demonstrate Your Communication Skills
As you'll need to translate complex security concepts into actionable plans, practice explaining technical topics in simple terms. This will show your ability to influence business-wide awareness and accountability effectively.
