Information Technology Security Specialist

Location: Central London (Hybrid - 2/3 days per week on site)

About the Role

We’re looking for an experienced Information Security Governance, Risk & Compliance Specialist to join a high-performing global technology team. This role is ideal for someone who enjoys working at the intersection of cybersecurity, risk management, and regulatory compliance, with the opportunity to influence security strategy across both technical and business functions.

You’ll play a key role in strengthening security posture, embedding best practices, and ensuring compliance with evolving regulatory requirements within a complex, fast-paced environment.

Key Responsibilities

Governance & Policy

• Develop, maintain, and enhance cybersecurity policies, standards, and procedures
• Ensure alignment with industry frameworks such as ISO 27001 and NIST
• Support integration of security controls across technical and non-technical teams
• Conduct risk assessments to identify vulnerabilities and threats
• Support and oversee implementation of mitigation strategies
• Define and evaluate control effectiveness through meaningful metrics
• Embed cyber risk into enterprise risk frameworks and reporting

Compliance & Regulation

• Ensure adherence to internal policies and external regulatory requirements
• Work closely with Technology, Legal, Compliance, and Audit teams
• Produce clear and detailed reports for senior stakeholders
• Monitor regulatory developments and support compliance planning
• Contribute to cybersecurity awareness programmes
• Promote a strong security culture across the organisation
• Provide guidance on cybersecurity best practices to wider teams
• Assist in responding to security incidents
• Support post-incident reviews and reporting
• Help implement improvements to strengthen future resilience

Stakeholder Engagement

• Communicate effectively with stakeholders at all levels
• Provide subject matter expertise on security, risk, and compliance
• Collaborate cross-functionally to deliver security objectives

Skills & Experience

• 5+ years’ experience in Information Security, ideally within a GRC-focused role
• Strong understanding of security frameworks (e.g. ISO 27001, NIST)
• Experience with risk assessment and compliance processes
• Knowledge of financial services regulations (e.g. FCA, DORA, SEC, MAS)
• Familiarity with cloud security (AWS, Azure, SaaS, PaaS, IaaS)
• Understanding of IAM principles (SSO, MFA, RBAC)
• Solid knowledge of network security fundamentals (firewalls, TCP/IP, DNS, etc.)
• Exposure to DevSecOps / CI/CD governance is advantageous
• Relevant certifications such as CISSP, CISM, or CISA preferred
• Degree in Cybersecurity, IT, or related field (or equivalent experience)

What You’ll Bring

• Strong analytical and problem-solving skills
• Ability to communicate complex security concepts clearly
• Collaborative mindset with the ability to influence stakeholders
• Proactive approach to identifying and addressing risk

What’s on Offer

• Hybrid working environment
• Opportunity to work in a global, collaborative team
• Exposure to complex regulatory and security challenges
• Career development within a growing cybersecurity function

#J-18808-Ljbffr