Overview

Information Security GRC Manager | ISO27001, SOC2, Azure Security | Global Trading Platform£70–80k base + 10% bonusHybrid in LondonTraining budget for certifications + conference attendanceStrong emphasis on professional autonomy and ethical leadershipA newly created opportunity to lead and shape the GRC function of a global financial group at a pivotal time, supporting the secure rollout of U.S. banking operations, driving ISO27001 and SOC2 maturity, and mentoring an evolving InfoSec team.This is a hands-on manager-level role with real scope: oversight of policy, third-party risk, architectural reviews, and cloud compliance. You''ll work closely with the Head of InfoSec to maintain audit readiness, improve security posture, and influence business-wide awareness and accountability.What you’ll bring

5+ years in InfoSec, IT Security or Ops

within a regulated environmentCertification required:

CISSP, CISM, CRISC, or equivalentStrong knowledge of

ISO27001:2022, SOC2 Type II, NIST CSF, PCI DSS, GDPR, DORAConfident with

security risk assessments, audit responses, and policy governanceHands-on cloud security experience:

ideally with Azure and the Shared Responsibility ModelComfort with complexity:

able to analyze architecture, track metrics, and translate acronyms into actionable plansMentorship ability:

ready to step up, guide analysts, and model high-integrity InfoSec practiceWhat you’ll be doing

GRC ownership:

maintain ISO27001 and SOC2 certifications, policies, and the Information Security Management SystemThird-party risk management:

oversee supplier assessments, support junior analysts, and guide reviews via PanoraysSecurity awareness and training:

manage phishing simulations and content using ProofpointSecurity architecture reviews:

support technical assessments of new systems and servicesData protection and cloud security:

drive governance for Azure, Purview, and shared responsibility modelsTeam leadership:

mentor two analysts and deputize for the Head of InfoSec when requiredProject support:

direct InfoSec involvement in the U.S. banking expansion and business unit reviewsTech and tools you’ll use

Protecht

– Enterprise risk and audit managementPanorays

– Third-party risk toolingRapid7 / Armis

– Vulnerability management and threat detectionProofpoint

– Phishing and awareness platformMicrosoft Purview

– Data governance and complianceAzure and AWS

– Cloud IAM, encryption, monitoring (Sentinel experience valued)Why this role?

High-impact GRC project work tied to new market expansionStrong internal security culture: backed by a collaborative team and engaged InfoSec leadershipA clear opportunity to stretch across awareness, compliance, and operational domains

#J-18808-Ljbffr