Information Security Technical Lead – Governance, Risk & Compliance

My client is seeking an experienced Information Security Manager to take strategic ownership of security governance, risk oversight, and audit readiness across the organisation. This role is accountable for maintaining continuous compliance while enabling teams to deliver quickly and securely within a regulated environment.

The successful candidate will guide and mature the information security function, partnering closely with technical and operational teams to embed practical, outcome‑driven security practices.

Key Responsibilities

• Own information security governance and the ISMS lifecycle end‑to‑end, including risk registers, policies, internal audits, management reviews, and external certification audits.
• Lead compliance efforts across recognised security standards (including ISO 27001) and expand governance into additional frameworks as needed.
• Build and maintain a robust, audit‑ready evidence pipeline with clear accountability.
• Maintain an accurate, decision‑focused risk register with defined mitigation actions and responsible owners.
• Run pragmatic policy lifecycle, exception management, and governance processes.
• Define assurance and evidence expectations for technical security controls.
• Validate control effectiveness and ensure constant audit readiness.
• Support vendor and customer security assessments and due‑diligence requests.
• Participate in incident response activities, ensuring corrective actions are tracked and resolved.
• Design and deliver organisation‑wide security awareness and education programmes.
• Maintain clear, accessible security guidance and best‑practice materials for all teams.
• Lead and develop the information security function, collaborating with engineering, IT, operations, and governance stakeholders.
• Contribute to resilience, reliability, and continuous‑improvement initiatives from a risk and compliance perspective.

Qualifications and Experience

• 7+ years’ experience in information security, GRC, or ISMS leadership roles.
• Proven experience owning ISO 27001 end‑to‑end, including internal and external audit cycles.
• Strong background in managing evidence, documentation, and compliance artefacts.
• Ability to translate technical security controls into audit‑ready, defensible compliance evidence.
• Demonstrated ability to influence and collaborate effectively across the organisation.

Preferred

• Exposure to additional frameworks such as SOC 2, ISO 27701, CIS Controls, or similar.
• Professional security certifications (e.g., CISSP, CISM, ISO 27001 Lead Auditor/Implementer).
• Experience partnering with security engineering, platform, or cloud teams.
• Background working in fast‑paced, scaling, or tech‑driven environments.