Information Security GRC Manager

Job Description Information Security GRC Manager We're recruiting an Information Security GRC Manager to support the Senior Manager and Chief Information Security Officer in managing and reporting information security risks across Technology Services and the wider business. You'll work closely with stakeholders to ensure appropriate controls, policies, and procedures are in place, aligned to industry best practice and regulatory requirements. You'll also support internal and external audits, as well as due diligence activities with partners and suppliers. Key responsibilities Develop and maintain information security policies aligned to recognised frameworks (e.g. ISO27001/2) Manage and report on policy exceptions Produce management reporting on information security and change programmes Partner with business and technology teams to track remediation of risks and issues Support the assessment of third-party security posture Undertake risk profiling of information and technology assets, The Information Security GRC Manager will support senior management in managing and reporting information security risks across Technology Services and the wider business. Key duties include developing security policies aligned with frameworks, managing exceptions, producing management reports, and supporting audit and due diligence activities.

Information Security Risk Management, Policy Development, Management Reporting, Risk Remediation Tracking, Third-Party Security Assessment, Risk Profiling, Audit Support, Supplier Due Diligence, Regulatory Requirements, ISO27001, NIST, Attention To Detail, Communication Skills, CISM, Operational Risk, RCSA Processes, Support audit activity and supplier due diligence processes Ensure all activities support customer protection and regulatory requirements, including Consumer Duty Technical skills Strong knowledge of information security risk management tools and techniques Experience with security frameworks and standards Understanding of the threat landscape Awareness of security technologies (e.g. SIEM, endpoint protection, email/web gateways) Knowledge of IT General Controls frameworks Awareness of operational risk and RCSA processes Skills and experience Experience working within frameworks such as ISO27001, NIST or similar Ideally 5+ years' experience in an information security role within financial services Strong attention to detail and ownership of tasks Confident challenging approaches to improve security outcomes Self-motivated, organised, and able to work independently Strong communication skills Ability to manage multiple priorities in a fast-paced environment CISM certification (achieved or

in progress) preferred About us AJ Bell is one of the UK's fastest-growing investment platforms, serving over 644,000 customers and managing £103.3 billion in assets. Our award-winning platform supports everyone from financial advisers to first-time investors, making it easier to take control of their financial future. With over 1,500 employees across Manchester, London, and Bristol, we're a FTSE 250 company and have been recognised as one of the UK's Best 100 Companies to Work For for six consecutive years, as well as a Great Place to Work® in 2025 and 2026. What we offer Competitive salary 27 days' holiday (rising to 31) + buy/sell scheme Pension with matched contributions up to 8% Discretionary bonus and annual share awards Health cash plan and discounted private healthcare Free gym and wellbeing support Enhanced family leave and sick pay Season ticket loans and bike scheme Regular social events and volunteering opportunities Personal development programmes tailored to your career goals Hybrid working We offer a hybrid model with 50% office-based working each month. New joiners will spend an initial period in the office to support onboarding and relationship building. AJ Bell is committed to creating an inclusive environment where everyone can thrive. All hiring decisions are based on merit, skills, and business need. If this sounds like the right opportunity for you, we'd love to hear from you. Business Areas: Technology Services Location: Manchester or London Department: Information Security