{ “@context”: “http://schema.org”, “@type”: “JobPosting”, “title”: “Information Security GRC Specialist”, “description”: “
Information Security GRC Specialist – Permanent – Hybrid
My client is a leading global investment management organisation seeking a Cyber GRC Specialist to join its Global Technology function in London.
This is a senior hire within the Information Security GRC function, acting as deputy to the Head of Information Security & GRC, supporting the leadership and day‑to‑day running of the team. The role combines hands‑on delivery with leadership responsibility, operating in a 1.5 line capacity – working closely with technology teams while maintaining strong governance oversight.
The Information Security GRC Specialist is expected to:
- Act as second‑in‑command within the GRC function, supporting the Head of Information Security & GRC across BAU, projects, and stakeholder engagement.
- Operate in a hands‑on 1.5 line capacity, working closely with SecOps, IAM, and cloud teams to ensure controls are effective in practice.
- Lead cyber risk assessments and control reviews, identifying gaps and driving remediation through to closure.
- Act as a bridge between GRC and technical teams, confidently challenging and validating control design and implementation.
- Support board‑level reporting and risk metrics, translating technical issues into clear, business‑focused insights.
- Contribute to the development and rollout of GRC tooling, with a focus on automation, reporting, and adoption across technical teams.
- Support incident response oversight, including post‑incident reviews and control improvements.
- Maintain and enhance security policies, standards, and frameworks aligned to ISO 27001 and NIST.
- Work across Technology, Risk, Compliance, and Audit to embed security into business processes and decision‑making.
The successful Information Security GRC Specialist will possess:
- Proven experience within financial services.
- Proven experience in Information Security, Cyber GRC, or Technology Risk within a regulated environment.
- Experience operating in a hands‑on capacity across both governance and technical security domains (e.g. vulnerability management, SIEM/SOC, IAM, cloud security).
- Strong understanding of security frameworks such as ISO 27001 and/or NIST.
- Ability to engage with and challenge technical teams, ensuring controls are implemented effectively rather than existing as policy only.
- Experience producing senior‑level reporting, including risk metrics and board‑facing outputs.
- Exposure to GRC tooling and/or automation initiatives.
- Strong stakeholder management skills, with the ability to work across technical and non‑technical audiences.
- Certifications (e.g. CISSP, CISM) are not essential – practical, real‑world experience is key.
Company: Morson Edge (Financial Services)
Location: London
Job Description:
Information Security GRC Specialist – Permanent – Hybrid
My client is a leading global investment management organisation seeking a Cyber GRC Specialist to join its Global Technology function in London.
This is a senior hire within the Information Security GRC function, acting as deputy to the Head of Information Security & GRC, supporting the leadership and day‑to‑day running of the team. The role combines hands‑on delivery with leadership responsibility, operating in a 1.5 line capacity – working closely with technology teams while maintaining strong governance oversight.
The Information Security GRC Specialist is expected to:
- Act as second‑in‑command within the GRC function, supporting the Head of Information Security & GRC across BAU, projects, and stakeholder engagement.
- Operate in a hands‑on 1.5 line capacity, working closely with SecOps, IAM, and cloud teams to ensure controls are effective in practice.
- Lead cyber risk assessments and control reviews, identifying gaps and driving remediation through to closure.
- Act as a bridge between GRC and technical teams, confidently challenging and validating control design and implementation.
- Support board‑level reporting and risk metrics, translating technical issues into clear, business‑focused insights.
- Contribute to the development and rollout of GRC tooling, with a focus on automation, reporting, and adoption across technical teams.
- Support incident response oversight, including post‑incident reviews and control improvements.
- Maintain and enhance security policies, standards, and frameworks aligned to ISO 27001 and NIST.
- Work across Technology, Risk, Compliance, and Audit to embed security into business processes and decision‑making.
The successful Information Security GRC Specialist will possess:
- Proven experience within financial services.
- Proven experience in Information Security, Cyber GRC, or Technology Risk within a regulated environment.
- Experience operating in a hands‑on capacity across both governance and technical security domains (e.g. vulnerability management, SIEM/SOC, IAM, cloud security).
- Strong understanding of security frameworks such as ISO 27001 and/or NIST.
- Ability to engage with and challenge technical teams, ensuring controls are implemented effectively rather than existing as policy only.
- Experience producing senior‑level reporting, including risk metrics and board‑facing outputs.
- Exposure to GRC tooling and/or automation initiatives.
- Strong stakeholder management skills, with the ability to work across technical and non‑technical audiences.
- Certifications (e.g. CISSP, CISM) are not essential – practical, real‑world experience is key.
#J-18808-Ljbffr…
Posted: May 6th, 2026