Join our team at the Guardian and be a part of a diverse and inclusive global organisation that delivers fearless, investigative journalism, and holds power to account. Our team of award-winning journalists, cutting-edge commercial professionals, and industry-leading digital experts are committed to making a difference and represent a wide range of backgrounds and perspectives. We offer a challenging and exciting environment for career development, with a focus on training, growth and fostering an inclusive culture.
We are now looking for an Information Security GRC Risk Manager to join the Group Technology & Data team. You’ll support the Information Security (InfoSec) GRC Lead to deliver effective risk management, ensuring risks are consistently identified, assessed and managed and that appropriate governance, including policies and standards, supports effective risk mitigation across the organisation.
You’ll act as a key driver between InfoSec and the wider business, providing oversight and challenge to ensure risks are appropriately managed.
About the role
- Own and operate the Information Security risk management framework, ensuring alignment with enterprise risk management (ERM) practices
- Identify and manage emerging risks, including those associated with AI/ML systems (e.g. bias, privacy, security, and model integrity)
- Own and deliver risk reporting to senior stakeholders and governance forums, providing clear visibility of risk exposure and remediation progress
- Lead responses to information security risk queries, assessments, and assurance activities
- Deliver targeted risk training and awareness to embed a strong risk management culture
- Own and maintain the Information Security policy framework, ensuring policies and standards remain current, aligned to risk appetite, and meet regulatory requirements
- Highlight systemic issues, control weaknesses, and emerging threats, driving visibility and action at leadership level
- Benchmark practices against industry standards and evolving regulatory expectations, ensuring continuous improvement
About you
- Strong interpersonal skills with the ability to influence, challenge, and engage senior stakeholders, translating technical risk into clear business impact
- Strong experience in identifying, assessing, and managing information security risks, with the ability to apply structured risk methodologies and align to business risk appetite
- Highly disciplined and methodical approach to risk analysis, with the ability to break down complex issues and provide clear, actionable insights
- Experience producing clear, concise risk reporting, including KPIs/KRIs, and presenting insights to leadership
- Strong organisational skills with the ability to manage multiple priorities, maintain momentum on risk treatment, and ensure follow-through
- Awareness of emerging technology risks, including AI/ML-related risks, and the ability to incorporate these into risk assessments
- Working knowledge of industry frameworks and standards (e.g. ISO 27005, ISO 42001, NIST CSF 2.0, NIST 800-53) and relevant regulations (e.g. GDPR, EU AI Principles)
- Solid understanding of security controls and experience supporting or performing control assessments and testing, with the ability to identify gaps and track remediation
- Experience with GRC tools (e.g. Diligent One GRC etc.) and risk tracking systems
We actively encourage applications from groups traditionally underrepresented in the UK media.
Benefits at the Guardian
You'll have 30 days of annual leave per year (plus bank holidays) with the option to purchase an additional 5 days. Our pension scheme is generous; if you contribute 5% then we will contribute 8-12% (depending on your age). We believe in giving back, which is why employees are given 2 volunteering days annually and the option of payroll giving. Season ticket loans are also available.
You are entitled to private healthcare, life cover, income protection, and eye tests. You can also opt in to dental insurance.
We have enhanced maternity, paternity, adoption and shared parental leave policies in place. We also support our employees by offering an IVF, menopause, baby loss, and trans equality policy.
Learning and development
We encourage personal and professional growth. Employees have access to a broad range of tools and solutions, and we are happy to support the pursuit of professional qualifications through vocational courses and apprenticeships.
#J-18808-Ljbffr