Senior Information Security Specialist

As the Senior Information Security Specialist, you will be the cornerstone of our Governance, Risk, and Compliance (GRC) function. This pivotal role involves leading the development, maintenance, and continuous improvement of our Information Security Management System (ISMS). You will act as the primary subject matter expert for our entire security governance framework, ensuring our policies, standards, and controls are robust, auditable, and effectively manage risk across the business.

• Lead the development, management, and continuous improvement of the Information Security Management System (ISMS), aligning it with relevant frameworks and standards.
• Update and maintain the Information Security Risk Register, facilitating risk assessments, identifying treatment plans, and reporting risk posture to stakeholders.
• Develop and oversee the internal security audit schedule, coordinating technical control testing and compliance reviews to ensure effectiveness and identify areas for improvement.
• Act as the subject matter expert for data classification and data protection, defining policies and guiding the business on correct data handling procedures.
• Lead the formal security response for client due diligence questionnaires (DDQs) and support the review of security clauses within commercial contracts.

• Manage the end to end third party risk management (TPRM) programme, including supplier due diligence, risk assessment, and ongoing performance monitoring.
• Act as the primary point of contact for information security queries from the business, providing expert guidance to both technical and non technical stakeholders.
• Translate complex technical and security risks into clear, business-focused language and recommendations.
• Develop, manage, and deliver the security culture, awareness, and training programme across the organisation.

• Define, maintain, and improve the Incident Response call tree and incident communication roles and processes.
• Support and guide incident response activities from a governance, risk, and communications perspective, ensuring roles, responsibilities, and escalation paths are clear and effective.
• Provide security leadership, coaching, and mentoring to junior members of the security team and guidance to wider technical and non-technical staff.
• Act as a trusted authority on GRC matters, helping to drive a strong and sustainable security culture across the business.

• Demonstrable experience in two or more major information security domains, with strong focus on Governance, Risk, and Compliance (GRC).
• Proven experience designing, implementing, and operating an ISMS aligned to recognised frameworks (e.g., ISO 27001, NIST, etc.).
• Strong experience in risk management, audit, compliance, and third-party risk management.
• Experience handling client security questionnaires (DDQs) and reviewing security-related contractual requirements.
• Experience supporting or governing incident response, including escalation models, call trees, and communication structures.

• Excellent written and verbal communication skills, with the ability to explain complex security topics in clear business terms.
• Strong planning, organisation, and documentation skills.
• Stakeholder management across technical and non-technical audiences.
• Risk assessment, control design, and policy/standard development.
• Coaching, mentoring, and influencing skills.

• Trusted advisor mindset with strong professional judgement.
• High attention to detail with a pragmatic, risk based approach.
• Confident decision-maker who can balance security, business needs, and delivery.
• Collaborative, proactive, and comfortable operating with autonomy.
• Committed to continuous improvement and raising organisational security maturity.