Risk & Assurance Manager - IT & Cyber

As a Risk & Assurance Manager, you'll be responsible for and have ownership for:

• Partnering with senior IT, Security, and business leaders to embed risk management practices into operational processes and strategic initiatives.
• Owning and maintaining IT Risk and Control Matrices (RCMs), ensuring they remain current, comprehensive, and aligned with industry standards and audit expectations.
• Reviewing effectiveness of first line functions in testing and validation of key IT controls (e.g., access management, change control, incident response, vulnerability management), ensuring effectiveness and consistency.
• Leading in the review and enhancement of IT and infosec risk and control frameworks (e.g., ISO 27001, ITIL, ISO22301, NIST), ensuring alignment with business objectives and regulatory requirements.
• Coordinating and representing IT risk in internal, external audits and certification processes (e.g., ISO 27001, Cyber Essentials, ISO22301, etc.), acting as the primary point of contact.

• Minimum 5 years of experience in second-line risk management or internal audit, with a strong focus on IT or Information Security.
• Experience in consultancy or professional services, with a proven ability to support complex transformation or change programmes is preferred.
• Demonstrated leadership in delivering IT risk or audit initiatives, including managing projects, mentoring team members, and driving outcomes.
• Strong knowledge of industry frameworks and standards, such as ISO 27001, NIST, CIS Controls, and regulatory requirements like GDPR.
• Proven ability to engage and influence stakeholders across IT, Information Security, and business functions, building trusted relationships at all levels.

Flexibility

• Hybrid working - 3 days in the office and 2 days working from home
• Working flexible hours - flexing the times you start and finish during the day
• Flexibility around school pick up and drop offs