Information Security GRC Risk Manager

Information Security GRC Risk ManagerNorth London (Hybrid - 3 days onsite)Permanent 35 hours per week£ plus benefitsAbout the RoleWe''re seeking an experienced Information Security GRC Risk Manager to take ownership of our client''s growing security risk capability.This is a hands-on risk practitioner role with senior leadership exposure, not a purely strategic GRC position. You will run and mature an established risk framework, ensuring it is embedded effectively across the business while driving real outcomes.Reporting to the Information Security GRC Lead, you will own the risk function end-to-end, engaging senior stakeholders (including ExCo), challenging risk positions, and shaping how risk is understood and managed.The GRC function is still evolving (2-3 years old), offering a unique opportunity to build, refine, and embed risk practices in a low-to-mid maturity environment.Key ResponsibilitiesRisk Management and GovernanceOwn and operate the Information Security risk framework aligned to enterprise riskLead risk identification, assessment, and treatment across the organisationMaintain and enhance the risk register and supporting artefactsFacilitate workshops and validate risk positions and remediation plansDrive risk-based decisions and escalate material risks to leadershipIdentify emerging risks, including AI/ML-related threatsReporting and InsightDeliver clear, concise reporting to senior stakeholders and ExCoDefine and track KPIs/KRIs to measure programme ..... full job details .....