Summary: The Information Security GRC Manager is responsible for managing governance, risk, and compliance functions within client organizations, ensuring adherence to legal and regulatory standards. This role involves advising senior leadership on risk-related issues and implementing strategies to enhance the organization's security posture. The manager will engage with stakeholders, oversee compliance audits, and develop security policies while promoting a culture of security awareness. The ideal candidate will possess relevant industry certifications and a proven track record in a similar role.

Key Responsibilities:

• Lead and oversee the organization's information security governance framework, ensuring compliance with relevant standards such as ISO 27001, NIST, and GDPR.
• Identify, assess, and monitor security risks and ensure proper risk management strategies are implemented.
• Develop and maintain risk registers and facilitate risk assessments across the organization.
• Advise senior stakeholders (C-suite, department heads) on the potential impact of security risks and recommend appropriate mitigation strategies.
• Manage the organization's compliance with legal, regulatory, and contractual obligations related to information security (eg, GDPR, CCPA, HIPAA, SOX).
• Ensure that appropriate internal controls, audits, and assessments are conducted regularly to verify compliance with external regulations and internal policies.
• Lead and coordinate internal and external audits to validate compliance and identify areas for improvement.
• Regularly engage with senior stakeholders to communicate risk exposure, provide recommendations, and report on the status of the security program.
• Prepare and deliver executive-level reports and presentations on security risks, compliance status, and mitigation efforts to the Board of Directors and C-suite.
• Act as a liaison between technical teams, management, and external parties (eg, regulators, auditors) on matters related to security governance, risk, and compliance.
• Develop, implement, and update information security policies, procedures, and guidelines to align with industry best practices and regulatory requirements.
• Promote a culture of security awareness across the organization, ensuring policies are understood and adhered to at all levels.
• Collaborate with the incident response team to ensure that information security incidents are properly managed, documented, and reported in line with governance frameworks.
• Assist in the identification of vulnerabilities and develop strategies for responding to and recovering from security incidents.
• Stay abreast of the latest information security threats, trends, and compliance requirements.
• Identify areas for continuous improvement in governance, risk management, and compliance processes and implement appropriate changes.

Key Skills:

• Industry certification such as CISSP/CISM/CRISC.
• Proven track record of delivering in a similar role.
• Strong understanding of information security governance frameworks and compliance standards.
• Experience in risk management and compliance management.
• Excellent communication and stakeholder management skills.
• Ability to develop and implement security policies and procedures.
• Experience in conducting audits and assessments.
• Knowledge of incident response and crisis management.
• Ability to promote a culture of security awareness.
• Continuous improvement mindset in governance, risk, and compliance processes.

Salary (Rate): undetermined

City: Belfast

Country: UK

Working Arrangements: undetermined

IR35 Status: outside IR35

Seniority Level: undetermined

Industry: Other