Information Security Governance and Risk Manager

Company: Jobtailor
Apply for the Information Security Governance and Risk Manager
Location: Swindon
Job Description:

Responsibilities

  • Own and lead UKRI’s Information Security Governance, Risk and Assurance framework.
  • Own, operate and continuously improve the Information Security Management System (ISMS).
  • Provide end-to-end security assurance for cloud and enterprise services (AWS and Azure).
  • Define and maintain UKRI’s security policy and control framework.
  • Enable and support risk ownership across UKRI’s federated technology and business teams.
  • Develop and maintain meaningful security metrics, dashboards and management information.
  • Define, deliver and track a multi-year security governance, risk and assurance roadmap.
  • Lead security assessment, testing and remediation activity.
  • Provide ongoing oversight of supplier and third-party security risk.
  • Establish and maintain enterprise visibility of assets, services and data risk context.
  • Provide governance leadership across incident management, people, suppliers and assurance partnerships.
  • Ensure governance-level oversight of significant security incidents.

Qualifications

  • Degree in a related subject or relevant comparable education.
  • A professional qualification (e.g., CISM, CISSP, CCSP, ISO 27001 Lead Implementer/Lead Auditor).
  • Effective decision-making, communication and interpersonal skills, with the ability to adapt communication style and approach to different environments and audiences.
  • Self-motivated, shows initiative and works with minimal direction, demonstrating strong customer focus.
  • Changing and improving processes, systems, and people to achieve positive outcomes.
  • Strong knowledge of information security governance, risk management and compliance, including operating within an ISO/IEC 27001 management system.
  • In-depth understanding of cloud security principles and practices for AWS and Azure, including secure configuration, identity, logging, network controls and data protection.
  • Ability to coordinate and communicate security risk issues at a senior level and propose solutions that are appropriate, proportionate and effective.
  • Strong problem-solving and analytical skills, including interpreting technical evidence and translating it into business risk.

#J-18808-Ljbffr…

Posted: July 11th, 2026