Partnering with Business Capability Areas (BCAs) to both support and challenge effective operations from a governance and oversight perspective.
Driving continuous improvement of the information security management system (ISMS) to ensure it stays relevant considering evolving standards and security practices.
Oversee and manage assurance and other related actions within the GRAC module of ServiceNow.
Planning, scoping and conducting internal audits of the LI risk landscape to evaluate compliance (including with ISO27001) and identifying areas for enhancement.
Agreeing mitigation plans and timelines with stakeholders as required.
Supporting the wider GRAC function with the completion of a range of Knowledge and Information Management (KIM) tasks, including Data Protection Impact Assessments (DPIAs) and Information Asset Owner management.
Scrutinising Data Sharing Agreements and monitoring changes in legislative requirements.
Playing an important role in the review and challenge of policies, procedures and controls ensuring these are comprehensive and fit for purposes as part of the wider risk management framework.
Working alongside GRAC colleagues, develop and deliver induction and refresher training on GRAC topics helping to develop a risk aware culture within LI.

Requirements

A strong, working knowledge of information security and governance frameworks, including ISO27001, ISO20000, and the NCSC Cyber Assessment Framework.
Significant experience in a governance and oversight role, particularly within information security management and/or data protection.
Resilience and delivery-focus, with strong interpersonal skills to influence outcomes and embed effective business behaviours.
Proven ability to review, challenge, and improve policies, processes, procedures, standards, and guidelines.
Experience managing risk and assurance systems, such as ServiceNow or other SaaS-based Governance, Risk, Assurance, and Compliance platforms.
Strong analytical skills, with the ability to assess complex information, identify gaps, and implement practical, effective solutions.
Experience maintaining clear, accessible, and auditable documentation, policies, and supporting resources.
Excellent communication and problem-solving skills.

Benefits

A fully remote and flexible working set up
25 days annual leave, increasing by 1 day each year of service up to maximum of 30 days (plus Bank Holidays)
1 Privilege Day
4 x annual salary Life Assurance
Market leading pension scheme through Legal & General
Enhanced Family Friendly Policies
Excellent learning, training, and career development opportunities
24/7 access to our Employee Assistance Programme
A diverse and inclusive culture where everyone is respected and valued

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

information security managementgovernance frameworksISO27001ISO20000NCSC Cyber Assessment Frameworkrisk managementassurance systemsData Protection Impact Assessmentspolicies and procedures reviewanalytical skills

Soft Skills

interpersonal skillsresiliencedelivery-focusinfluence outcomesproblem-solving skillscommunication skillsability to challengeability to improve processescollaborationtraining delivery