Information Security Lead (GRC, Standards & Assurance)

Roles & Responsibilities

• Own and continuously improve information security policies, standards, and control frameworks, ensuring they remain relevant and effective.
• Align and map security controls to regulatory requirements and industry frameworks, maintaining strong governance coverage.
• Lead risk assessments, define pragmatic treatment plans, and drive remediation actions based on business impact and priority.
• Partner closely with first and second lines of defence to support audit readiness, assurance activities, and compliance obligations.
• Provide clear, ongoing assurance on the effectiveness of controls, identifying gaps and driving meaningful improvements.
• Work in close coordination with Enterprise Architecture and Cyber teams to ensure security is embedded in design and delivery.
• Oversee and track control exceptions, risk acceptances, and remediation actions through to compl...