At a Glance
- Tasks: Lead information security governance, risk management, and compliance initiatives across a global consultancy.
- Company: Join a leading environmental and ESG consultancy making a real impact worldwide.
- Benefits: Enjoy remote work flexibility, competitive salary, and opportunities for professional growth.
- Other info: Dynamic role with significant influence on organisational security and compliance strategies.
- Why this job: Be at the forefront of cybersecurity, ensuring trust and safety in a rapidly evolving landscape.
- Qualifications: 6+ years in information security roles with strong communication and collaboration skills.
The predicted salary is between 60000 - 80000 £ per year.
We are a global environmental and ESG consultancy operating in over 130 countries, supporting clients to manage environmental, climate, and sustainability risk. As the organisation continues to grow through organic expansion and acquisitions, maintaining strong information security governance, compliance, and effective risk oversight is essential to safeguarding data, maintaining client trust, and enabling sustainable growth.
We are seeking an Information Security GRC Manager to manage and mature the organisation’s information security governance, risk management, and compliance capability. Reporting to the Security Director, this role will act as a core second-line security function, providing oversight, assurance, and pragmatic guidance across the business. This is a hands-on managerial role, balancing framework ownership, risk analysis, third-party risk management, audit coordination, information security awareness and stakeholder engagement. The Information Security GRC Manager will report to the Director of Cybersecurity and work closely with IT, Legal, Compliance, and other business functions to ensure information security requirements are embedded into day-to-day operations, proportionate to risk, and aligned with business priorities, regulatory obligations, and client expectations.
Key Responsibilities
- Information Security Governance & Policy Management
- Maintain and evolve the organisation’s information security governance framework in line with Cyber Essentials, ISO 27001, the NIST Cybersecurity Framework, and other recognised standards.
- Own and manage the information security policy and standards suite, ensuring policies and standards are current, risk-based, and consistently applied.
- Support the definition of information security roles, responsibilities, and information security related decision-making processes across the organisation.
- Ensure information security governance is integrated into enterprise processes, including technology delivery, data management, M&A activities, procurement, and HR.
- Risk Management
- Own and operate the cyber and information security risk management framework, including risk identification, assessment, treatment, and reporting.
- Maintain the information security risk register and track remediation activities to closure.
- Conduct and oversee information security risk assessments for new systems, projects, and business initiatives.
- Provide clear, proportionate information security risk advice to business and technology stakeholders.
- Compliance, Audit & Assurance
- Manage compliance activities against ISO 27001, SOC 2, Cyber Essentials Plus, and other relevant frameworks and regulations.
- Coordinate internal and external audits, certifications, client security questionnaires and assessments.
- Work closely with Legal and Compliance teams to ensure information security controls support regulatory and contractual obligations.
- Track regulatory and standards developments and assess their impact on the organisation.
- Third-Party & Supply Chain Security
- Manage the third-party information security risk management process, including supplier due diligence and ongoing assurance.
- Support procurement and vendor management teams with information security requirements and risk assessments.
- Ensure appropriate information security oversight of critical suppliers, partners, and service providers.
- M&A and Business Change Support
- Support information security due diligence activities for mergers, acquisitions.
- Assist with the assessment of information security risks associated with acquisitions.
- Support the onboarding of acquired entities into group information security governance and compliance frameworks.
- Awareness & Stakeholder Engagement
- Support the improvement and delivery of information security awareness and training activities across the organisation.
- Act as a trusted point of contact for information security governance, risk, and compliance matters.
- Promote a consistent, risk-aware, and pragmatic security culture.
- Metrics, Reporting & Continuous Improvement
- Develop, maintain, and report meaningful information and cyber security metrics and key risk indicators (KRIs) to the Director of Cybersecurity and senior stakeholders.
- Contribute to maturity assessments and track progress against agreed improvement plans.
- Support control testing, assurance activities, and continuous improvement initiatives.
Candidate Profile
- Essential
- 6+ years’ experience in information security governance, risk, or compliance roles.
- Demonstrated ability to work collaboratively with business and IT teams, providing pragmatic, risk-based security guidance aligned with organisational priorities.
- Strong written and verbal communication skills, with experience engaging both technical and non-technical stakeholders.
- Strong working knowledge of ISO 27001, SOC 2, Cyber Essentials Plus and security risk management practices.
- Experience working with multiple stakeholders across IT, Legal, Compliance, and business functions in complex or regulated environments.
- Experience managing information security audits, certifications, and assurance activities.
- Desirable
- Experience in consultancy, professional services, or regulated sectors.
- Exposure to third-party risk management and supplier assurance.
- Experience supporting M&A security due diligence or business integration.
- Relevant certifications such as CISA, CRISC, CISSP, or ISO 27001 Lead Implementer/Auditor.
Success Measures
- Clear, effective information security governance and policy framework in place and adopted.
- Improved visibility and management of cyber and information security risks.
- Successful audit and certification outcomes with reduced findings over time.
- Timely and effective management of third-party, M&A and business change related security risks.
- Positive stakeholder feedback on the quality and practicality of Information Security GRC support.
Why This Role Matters
The Security GRC Manager plays a critical role in ensuring information security is assured, measurable, and trusted, supporting the organisation’s mission and global growth. Through strong oversight and practical risk management, the role enables the business to operate securely while meeting client, regulatory, and stakeholder expectations.
Information Security Governance, Risk & Compliance (SGRC) Manager in England employer: SLR Consulting
As a global environmental and ESG consultancy, we pride ourselves on fostering a collaborative and inclusive work culture that prioritises employee growth and development. Our remote working model allows for flexibility while providing access to a wealth of resources and training opportunities, ensuring that our Information Security Governance, Risk & Compliance Manager can thrive in their role. Join us to make a meaningful impact in sustainability while enjoying a supportive environment that values your contributions and promotes a strong sense of purpose.
StudySmarter Expert Advice🤫
We think this is how you could land Information Security Governance, Risk & Compliance (SGRC) Manager in England
✨Get Involved in the Cybersecurity Community
Diving into the cybersecurity community is key for landing that full-time gig. Join forums like Reddit's r/cybersecurity or attend local meetups to connect with industry veterans and other job seekers. Networking is everything in this field—don’t just be a passive lurker!
✨Show Off Your Skills with Capture the Flag Competitions
Participate in Capture the Flag (CTF) competitions; these are not just a fun way to boost your skills but also a chance to showcase your talent to potential employers. Many companies, including SLR Consulting, love seeing candidates who actively engage in these challenges.
✨Tailor Your Online Presence
Make sure your LinkedIn and any professional profiles reflect your cybersecurity expertise. Share your projects, whether they’re personal or from a previous role, to catch the eye of hiring managers. This is how they’ll find your passion and commitment to the field!
✨Apply Directly Through SLR Consulting
Don’t forget to head straight to our website and check out any openings for cybersecurity roles at SLR Consulting. Applying directly can sometimes give you an edge, especially if you can mention that you've been following our work or engaging in the community.
We think you need these skills to ace Information Security Governance, Risk & Compliance (SGRC) Manager in England
Some tips for your application 🫡
Show off your technical skills:In cybersecurity, it's crucial to highlight your technical prowess. Make sure your CV showcases specific skills like network security, penetration testing, or threat analysis. If you have relevant certifications (like CEH or CISSP), pop those on the front page to grab attention!
Tailor your portfolio for the role:Even for a full-time role, a portfolio can set you apart. If you've worked on any cybersecurity projects—be it CTF challenges, security assessments, or research papers—include these in your application. This demonstrates not just your skills, but also your hands-on experience!
Use real-world examples:When writing your cover letter, don’t just stick to your qualifications. Share real-world examples of how you’ve tackled security issues or vulnerabilities. This gives the hiring team at SLR Consulting insight into your practical problem-solving abilities and makes your application memorable.
Demonstrate your passion for cybersecurity:Cybersecurity is an ever-evolving field, so show us that you’re always learning! Mention any recent courses, webinars, or industry events you’ve attended. This not only exhibits your enthusiasm but also signals to SLR Consulting that you’re committed to staying ahead in the game.
How to prepare for a job interview at SLR Consulting
✨Sharpen Your Technical Skills
For a role in cybersecurity, it’s essential to be up-to-date with the latest tools and techniques. Brush up on your knowledge of firewalls, intrusion detection systems, and vulnerability assessment tools. Be ready to discuss specific scenarios where you’ve applied these skills, as hands-on experience can really set us apart in interviews.
✨Prepare for Scenario-Based Questions
Expect the interviewers at SLR Consulting to throw in some hypothetical situations to see how you’d handle them. Think about common security breaches or incidents and be prepared to explain how you would respond. This not only shows your problem-solving skills but also your understanding of real-world cybersecurity challenges.
✨Highlight Your Certifications
Certifications like CompTIA Security+, CISSP, or CEH can give you a significant edge in a full-time role in cybersecurity. Make sure to mention these during your interview and be prepared to discuss what you learned through those certifications and how they relate to the position at SLR Consulting.
✨Show Your Passion for Cybersecurity
Since you’re going for a full-time gig, showing genuine enthusiasm for the field can make all the difference. Share any personal projects, blogs, or communities you’re part of that relate to cybersecurity. This not only showcases your passion but also your commitment to staying engaged in this ever-evolving field.
