Information Security GRC Manager – Milton Keynes
We're looking for an Information Security GRC Manager to join our team in Milton Keynes on a permanent basis. This role offers a salary of £75,000 – £84,000 with a hybrid working pattern.
The Information Security GRC Manager is a hands‑on leader who will be responsible for the development, implementation and maintenance of the organisation's Information Security Governance, Risk Management and Compliance framework across the ICAEW business. The role will ensure alignment with ICAEW Information Security strategy and all relevant legislative, regulatory and industry standards. The role requires collaboration with senior leadership, technology teams, legal, DPO and wider business stakeholders to embed a strong security and compliance culture across the business.
What you will be doing
- The end-to-end design, implementation and maintenance of an ISO27001 complaint Information Security Management System.
- Ownership, delivery and maintenance of Cyber Essentials certification.
- The implementation of an effective Third-Party Risk Management strategy to mitigate supplier and vendor risks.
- Driving adoption of Information Security Governance, Risk, Compliance requirements within the organisation.
- The development and implementation of information security policies, standards and guidelines.
- The provision of InfoSec advice for new and on‑going projects
- Tracking InfoSec risk metrics, monitoring compliance and escalation of exceptions where necessary.
- Liaison with internal & external auditors; ensure remediation of findings.
- Monitoring emerging Information Security threats and trends.
- Proven experience in the hands‑on delivery of GRC strategies in complex environments.
- Intrinsic knowledge of ISO 27001, CE & PCI
- Engagement with external auditors
- Certification is desirable: ISO 27001 Lead Auditor; ISO 27001 Implementor; CISM, CRISC, CISA, CISSP
- Desirable: Experience in the Financial or other regulated sector
Personal Attributes
- Calm and decisive under pressure, with a focus on outcomes and collaboration.
- Strong presence with the ability to engage and influence across the business.
- Analytical and disciplined, with a commitment to operational excellence.
- Continuously improves capability through reflection, feedback, and innovation.
What you can expect from us
- Private Medical Insurance
- 24 days’ holiday, and the option to buy or sell extra days
- Flexible and hybrid working to help you find the right balance
- Everyday savings through gym discounts, travel loans, and retail perks
- Enhanced family leave, including up to 6 months on full pay
- Ongoing wellbeing support, including access to CABA
- A paid day each year to volunteer for a cause that matters to you
Information Security GRC Manager – Milton Keynes
We’re looking for an Information Security GRC Manager to join our team in Milton Keynes on a permanent basis. This role offers a salary of £75,000 – £84,000 with a hybrid working pattern.
The Information Security GRC Manager is a hands‑on leader who will be responsible for the development, implementation and maintenance of the organisation’s Information Security Governance, Risk Management and Compliance framework across the ICAEW business. The role will ensure alignment with ICAEW Information Security strategy and all relevant legislative, regulatory and industry standards. The role requires collaboration with senior leadership, technology teams, legal, DPO and wider business stakeholders to embed a strong security and compliance culture across the business.
What you will be doing
- The end-to-end design, implementation and maintenance of an ISO27001 complaint Information Security Management System.
- Ownership, delivery and maintenance of Cyber Essentials certification.
- The implementation of an effective Third-Party Risk Management strategy to mitigate supplier and vendor risks.
- Driving adoption of Information Security Governance, Risk, Compliance requirements within the organisation.
- The development and implementation of information security policies, standards and guidelines.
- The provision of InfoSec advice for new and on‑going projects
- Tracking InfoSec risk metrics, monitoring compliance and escalation of exceptions where necessary.
- Liaison with internal & external auditors; ensure remediation of findings.
- Monitoring emerging Information Security threats and trends.
- Proven experience in the hands‑on delivery of GRC strategies in complex environments.
- Intrinsic knowledge of ISO 27001, CE & PCI
- Engagement with external auditors
- Certification is desirable: ISO 27001 Lead Auditor; ISO 27001 Implementor; CISM, CRISC, CISA, CISSP
- Desirable: Experience in the Financial or other regulated sector
Personal Attributes
- Calm and decisive under pressure, with a focus on outcomes and collaboration.
- Strong presence with the ability to engage and influence across the business.
- Analytical and disciplined, with a commitment to operational excellence.
- Continuously improves capability through reflection, feedback, and innovation.
What you can expect from us
- Private Medical Insurance
- 24 days’ holiday, and the option to buy or sell extra days
- Flexible and hybrid working to help you find the right balance
- Everyday savings through gym discounts, travel loans, and retail perks
- Enhanced family leave, including up to 6 months on full pay
- Ongoing wellbeing support, including access to CABA
- A paid day each year to volunteer for a cause that matters to you
#J-18808-Ljbffr…