Risk & Assurance Manager - IT & Infosec

• Partnering with senior IT, Security, and business leaders to embed risk management practices into operational processes and strategic initiatives
• Owning and maintaining IT Risk and Control Matrices (RCMs), ensuring they remain current, comprehensive, and aligned with industry standards and audit expectations
• Reviewing effectiveness of first line functions in testing and validation of key IT controls (e.g., access management, change control, incident response, vulnerability management), ensuring effectiveness and consistency
• Leading in the review and enhancement of IT and infosec risk and control frameworks (e.g., ISO 27001, ITIL, ISO22301, NIST), ensuring alignment with business objectives and regulatory requirements
• Coordinating and representing IT risk in internal, external audits and certification processes (e.g., ISO 27001, Cyber Essentials, ISO22301, etc.), acting as the primary point of contact

• Minimum 5 years of experience in second-line risk management or internal audit, with a strong focus on IT or Information Security
• Experience in consultancy or professional services, with a proven ability to support complex transformation or change programmes is preferred
• Demonstrated leadership in delivering IT risk or audit initiatives, including managing projects, mentoring team members, and driving outcomes
• Strong knowledge of industry frameworks and standards, such as ISO 27001, NIST, CIS Controls, and regulatory requirements like GDPR
• Proven ability to engage and influence stakeholders across IT, Information Security, and business functions, building trusted relationships at all levels

Experience in consultancy or professional services, with a proven ability to support complex transformation or change programmes

• Pension
• Share incentive plan
• Life Assurance
• Healthcare
• Holiday
• Trips
• Vouchers
• Partner/family Benefits
• Perklife
• Maternity, Paternity and Adoption support