Head of Information Security GRC & Awareness
We are seeking an experienced Head of InfoSec GRC & Awareness to lead governance, risk, compliance, and security awareness initiatives across an organisation at a time of significant modernisation. This pivotal role ensures a robust security posture by developing and enforcing policies, standards, and training programmes aligned with business objectives and regulatory requirements.
Duration: 6 months. Rate: Inside IR35, rate to be discussed.
Key Responsibilities
- Lead the development and enforcement of enterprise-wide information security policies and standards.
- Drive security governance and cyber maturity through compliance, assurance reviews, and gap analysis.
- Oversee the Information Security Risk Management process.
- Conduct in‑depth supplier due diligence / third‑party assurance processes.
- Manage audit readiness and support internal/external audit activities.
- Own and deliver the organisation’s security awareness programme, including campaigns and tailored training.
- Depending on the candidate, also develop and implement an Operational Technology (OT) Security Assurance Framework.
Candidate Profile
- Professional certifications such as CISSP, CISM, ISO27001 Lead Auditor, CLAS, etc.
- Extensive experience in information security or IT governance within large, complex environments.
- Strong knowledge of security frameworks (ISO/IEC 27001, NIST CSF, CIS Controls, Cyber Essentials).
- Proven track record in risk management, policy development, and security awareness initiatives.
- Excellent communication, leadership, and influencing skills.
- Very strong experience of driving 3rd‑party due diligence.
- Experience in Technical Assurance, OT Security Assurance and Penetration Testing is a bonus.
This is an excellent opportunity to lead a critical function within a dynamic organisation, ensuring security resilience and cultural change across the enterprise.
For further information, please apply and I will be in touch.
#J-18808-Ljbffr