Information Security Lead (GRC, Standards & Assurance)

Requirements

• Degree-level education (or equivalent) in IT, Information Security, or a related field is required.
• Professional certifications such as CISA, CRISC, or ISO 27001 Lead Auditor are desirable but not essential.
• 4-6 years' experience across information security, GRC, IT controls, or audit in a global, complex environment.
• Hands-on experience with audits, control testing, and remediation, with a strong understanding of how frameworks operate in practice.
• Familiarity with recognised standards such as ISO 27001, NIST, CMMC, or Cyber Essentials.
• Strong grounding in information security assurance and governance, with the ability to translate technical concepts into clear, business-focused language.
• Proven ability to manage stakeholders, produce high-quality documentation, and navigate complex organisational structures.
• Sound judgement in prioritising risk, recommending improvements, and strengthening control maturity in a practical, outcome-focused way.
• Job Purpose: The Information Security Lead is responsible for governance, risk, compliance, and assurance, ensuring that security controls are defined, implemented, and auditable. The role provides confidence to executives, auditors, and regulators, particularly during separation.
• Join us and work for a world-leader, with the benefits and training to reward your dedication and skills. Be part of a team where we are making the world a safer place.

Additional Information

Roles & Responsibilities Own and continuously improve information security policies, standards, and control frameworks, ensuring they remain relevant and effective. Align and map security controls to regulatory requirements and industry frameworks, maintaining strong governance coverage. Lead risk assessments, define pragmatic treatment plans, and drive remediation actions based on business impact and priority. Partner closely with first and second lines of defence to support audit readiness, assurance activities, and compliance obligations. Provide clear, ongoing assurance on the effectiveness of controls, identifying gaps and driving meaningful improvements. Work in close coordination with Enterprise Architecture and Cyber teams to ensure security is embedded in design and delivery. Oversee and track control exceptions, risk acceptances, and remediation actions through to completion. Support separation activities and Day‑1 readiness by ensuring required controls and evidence are in place. Operate with a high degree of independence, managing competing priorities while confidently engaging stakeholders and influencing risk-based decisions.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Smithsgroup2? Share your experience