Information Security GRC Manager

Job Description

Are you an Information Security expert looking to work for one of the UK's largest charities?

British Heart Foundation (BHF) is undergoing a digital transformation and seeking an Information Security Manager to oversee Governance, Risk, and Compliance (GRC) within the security team and ensure regulatory and policy compliance.

Joining a dynamic and growing information security team at an exciting point in the charities history you’ll collaborate with teams across British Heart Foundation (BHF) to protect BHF’s objectives and integrity. Responsibilities include risk identification, assessment, mitigation, and maintaining a robust governance framework.

Managing the Information Security GRC team, you'll enhance security, compliance, and risk posture in line with industry standards while maintaining ethical practices.

Working arrangements

This is a blended role, where your work will be dual located between your home and our London office.

At BHF we believe in the power of being together, so our colleagues on blended contracts can expect to spend some time in their office, at least one day each week, on average. The use of our office spaces is driven in part by your role and the activities you need to do. This may vary from time to time, so you will need to work in a flexible way to unlock your best work for our cause.

About you

This opportunity would suit an experienced GRC professional who excels in a collaborative environment and has hands-on risk management and reporting experience.

With previous experience managing and leading an InfoSec GRC team, you’ll have strong knowledge and experience of working with the following:

1. Payment Card Industry Data Security Standard (PCI-DSS) for a Tier 1 merchant
2. General Data Protection Regulation (GDPR)
3. NIST Cybersecurity Framework (CSF) v2.0
4. Critical Security Controls Libraries such as CIS Controls
5. Cyber Essential Plus (CEP)

With proven experience in managing and delivering complex GRC activities within a fast-paced and dynamic security domain, you’ll have previous experience of working within a risk management framework as well as Cloud Security governance.

To be successful in this role you’ll also have the following skills and experience:

1. Effective at building relationships across a large complex organisation and influencing stakeholders.
2. Excellent communication and presentation skills, able to translate complex security-related matters into terms that are easily understood by colleagues.
3. Planning skills to develop a governance risk and compliance roadmap to be executed by the GRC team.
4. Excellent analytical and problem-solving skills.
5. Able to manage multiple tasks and meet deadlines in a fast-paced environment.

About us

At BHF, we are focused on the urgent need to fund more research into heart and circulatory diseases like heart diseases, stroke, vascular dementia and the conditions that cause them, to find answers fit for 21st century challenges. We are independent, have more than fifty years of breakthroughs under our belts and we won’t stop until we beat heartbreak forever.

We value and respect every individual’s unique contribution, celebrate, and make part of what we do every day.

Our Equality, and (EDI) Strategy, Igniting Change, along with our internal EDI group, Kaleidoscope, and a growing number of employee network groups (our Affinity Groups), help us create an environment where all our colleagues and volunteers can succeed.

How to apply

It’s quick and easy to apply for a role at BHF. Just click through to our careers site to apply. All you’ll need is an up-to-date CV and a supporting statement, outlining your interest in the role and how you meet the role’s criteria.

As part of our commitment to be an inclusive employer and ensure fairness and consistency in selecting the best candidate for this role, the BHF will use anonymous CV software as part of the application journey.

Should you need any adjustments to the recruitment process, at either application or interview, please contact us.