Information Security Business Partner (GRC)
Posted Today by DVF Recruitment
Negotiable
Outside
Undetermined
London Area, United Kingdom
Summary: The Information Security Business Change Partner (GRC) role at a leading law firm focuses on supporting strategic transformation initiatives and business-as-usual changes while ensuring compliance with Information Security policies and governance frameworks. This position requires acting as the primary security representative for assigned projects, managing risks, and collaborating with various stakeholders. The role is essential for embedding security best practices throughout the project lifecycle. Proven experience in information security and strong stakeholder management skills are critical for success in this position.
Key Responsibilities:
- Act as the single point of contact for information security across assigned projects
- Identify, assess, and manage security considerations throughout project delivery
- Ensure projects are delivered in line with the firm’s Change Governance Framework (including engagement, planning, build, assurance, delivery, and transition)
- Conduct and manage risk assessments, including tracking and mitigating residual risks post-project
- Produce clear, concise reports and updates for senior leadership
- Collaborate with cross-functional teams to embed secure-by-design principles
Key Skills:
- Proven experience in information security within project or change environments
- Strong understanding of risk management and governance frameworks
- Experience working within professional services or regulated environments (legal, financial services preferred)
- Excellent stakeholder management and communication skills
- Ability to translate complex security concepts into clear business language
- Relevant certifications (e.g., CISSP, CISM, CRISC) are advantageous
Salary (Rate): undetermined
City: London
Country: United Kingdom
Working Arrangements: undetermined
IR35 Status: outside IR35
Seniority Level: undetermined
Industry: Legal
(Outside IR35 Contract) We are seeking an experienced Information Security Business Change Partner (GRC) to join a leading law firm, supporting both strategic transformation initiatives and business-as-usual (BAU) change. This role is critical in ensuring that all projects are delivered securely and in alignment with established Information Security policies, standards, and governance frameworks.
The Role As the Information Security Business Change Partner, you will act as the primary security representative across assigned projects, embedding security best practices throughout the full project lifecycle. You will work closely with stakeholders across technology, business teams, and leadership to ensure risk is effectively managed and communicated.
Key Responsibilities
- Act as the single point of contact for information security across assigned projects
- Identify, assess, and manage security considerations throughout project delivery
- Ensure projects are delivered in line with the firm’s Change Governance Framework (including engagement, planning, build, assurance, delivery, and transition)
- Conduct and manage risk assessments , including tracking and mitigating residual risks post-project
- Produce clear, concise reports and updates for senior leadership
- Collaborate with cross-functional teams to embed secure-by-design principles
About You Proven experience in information security within project or change environments Strong understanding of risk management and governance frameworks Experience working within professional services or regulated environments (legal, financial services preferred) Excellent stakeholder management and communication skills Ability to translate complex security concepts into clear business language Relevant certifications (e.g., CISSP, CISM, CRISC) are advantageous