About the business This is a £1bn+ UK technology services organisation experiencing continued organic growth. It also has a strong reputation as an employer, regularly recognised as one of the top UK businesses for work-life balance.
About the role The position sits within the second line and is focused on IT and Information Security risk oversight. Reporting into the Head of Risk & Assurance, you’ll play a key role in strengthening how technology and cyber risks are identified, managed and communicated across the organisation.
You’ll be responsible for shaping and enhancing IT and infosec risk and control frameworks, working with standards such as ISO 27001, ITIL, ISO 22301 and NIST to ensure alignment with regulatory expectations and business priorities. The role also includes ownership of IT Risk & Control Matrices (RCMs), ensuring they remain robust, up to date and audit-ready.
About you * At least 5 years’ experience in second-line risk or internal audit, with a clear IT / Information Security focus

* Background in consulting or professional services would be advantageous, particularly where you’ve supported transformation or change programmes

* Proven experience leading IT risk or audit initiatives, managing deliverables and influencing outcomes

* Strong understanding of recognised frameworks and regulations, including ISO 27001, NIST, CIS Controls and GDPR

* Confident stakeholder manager, able to build credibility and challenge effectively across IT, security and the wider business

This is a hybrid role, with an expectation of three days per week in the office.