Information Security GRC Manager

TL;DR

Information Security GRC Manager (Cybersecurity): Managing and reporting information security risks, developing policies aligned with ISO27001/2, and supporting audit and risk management activities with an accent on regulatory compliance and third-party security posture. Focus on coordinating remediation plans, risk profiling, and ensuring protection of customer data within a financial services environment.

Location: Hybrid in Manchester or London, United Kingdom

Company

hirify.global is a FTSE 250 investment platform business headquartered in the UK, offering award-winning financial solutions to a broad customer base including professional advisers and DIY investors.

What you will do

• Develop and deliver information security policies aligned to industry frameworks such as ISO27001/2.
• Manage exception to policy processes and report on information security status and change programmes.
• Partner with business and technology teams to develop and track remediation plans for identified risks.
• Evaluate and support the security posture of key third parties and suppliers.
• Undertake risk profiling of information and technology assets.
• Support regulatory compliance including consumer duty requirements.

Requirements

• Location: Hybrid working model with 3-4 days per week in office in Manchester or London, UK.
• Minimum 5 years’ experience in information security, preferably in financial services.
• Strong knowledge of information security risk management tools, standards, and frameworks (ISO27001, NIST).
• Understanding of IT General Controls and operational risk management processes.
• Effective communication skills and ability to work independently.
• Attained or working towards CISM certification.

Culture & Benefits

• Competitive starting salary and discretionary bonus scheme.
• Generous holiday entitlement with buy and sell scheme.
• Pension schemes with matched contributions up to 8%.
• Health cash plan, private healthcare, dental plan, and free gym access.
• Employee assistance programme and various social events.
• Hybrid working with initial full-time office onboarding period.