Information Security GRC Manager (FTC)

Career Opportunities: Information Security GRC Manager (FTC) (10652)

Requisition ID 10652 - Posted - Technology - London

JOB TITLE: INFORMATION SECURITY GRC MANAGER
DEPARTMENT: TECHNOLOGY

LOCATION: MARBLE ARCH, LONDON

REPORTING TO: HEAD OF INFORMATION SECURITY

TYPE OF CONTRACT: 12 MONTH FTC

PLACES, PEOPLE, PREFER

Our purpose is to create and manage outstanding places which deliver positive outcomes for all our stakeholders on a long-term, sustainable basis.

We are a FTSE 100 business with a strong balance sheet and £13bn of assets under management. But with just 600 employees, you're given the ability to make a big impact and elevate your career quickly.

Our diverse, passionate team of experts works on some of the most ambitious, innovative, and sustainable projects in the country - from our high-quality campuses across central London to some of the top retail schemes in the UK - providing a rewarding career journey where you can shape how you grow.

We believe in shared success and enabling people to be themselves. If you want to feel listened to and understood in an environment where your opinions count and bright ideas are encouraged, you've come to the right place!

In our recent engagement survey, 93% of our employees stated they were proud to work for British Land!

THE ROLE

Reporting to the Head of Information Security, the primary responsibility of this role is to oversee the development, implementation, and management of British Land's information security governance, risk, and compliance programs. This role ensures that the organisation's information security practices align with regulatory requirements, industry standards, and best practices. The GRC Manager will work closely with various departments to identify, assess, and mitigate information security risks.

The ideal candidate will have proven experience in cyber security principles and be proactive in identifying and responding to security threats.

WHAT YOU'LL DO

Assisting with the support of technologies in the following categories:

Governance:

• Develop and maintain information security policies, standards, and procedures.
• Ensure alignment of security policies with business objectives and regulatory requirements.
• Monitor compliance with policies and conduct regular reviews and updates of security policies and procedures.
• Complete security assessments for third-party suppliers, assets (buildings/Retail), and projects to ensure adherence to cyber security policies and standards.
• Deliver and maintain the Supplier Risk Assessment process.
• Identify and assess information security risks across the organisation and maintain the risk register.
• Develop and implement risk mitigation strategies and action plans.
• Conduct regular risk assessments and audits to ensure compliance with security policies and standards.
• Monitor and report on the status of risk management activities.

Compliance:

• Ensure compliance with relevant laws, regulations, and industry standards (e.g., GDPR, ISO 27001).
• Coordinate and support internal and external audits and assessments.
• Develop and deliver security awareness and training programs to employees.
• Maintain documentation and evidence of compliance activities.

ADVOCACY:

• Articulate the need for information security and compliance.
• Build strong stakeholder relationships across the business to enable effective communication and delivery of infosec objectives.
• Responsible for delivery of infosec controls which are effectively designed and implemented.
• Identify security gaps and work with stakeholders to clearly define remediation actions.
• Provide guidance and support to business units on security-related matters.
• Manage security awareness training courses, rollout, liaison with the Training team, arrange phishing tests and metrics, and provide remediation training in person to required employees.
• Manage Information Security SteerCo meetings, take minutes, organize meetings and actions, and support the committee in the role of Secretary.
• Support Technology projects with security analysis on any proposed solutions and ensure any risks are highlighted and addressed as part of the project.
• Liaise with stakeholders regarding cyber security issues and provide future recommendations.
• Research and generate reports for both technical and non-technical staff and stakeholders.
• Provide advice and guidance to staff on information security related issues.
• Define and monitor security policies and best practice standards.

ABOUT YOU

• Strong written and oral communication skills.
• Passionate about Information Security and proactive in recommending ways to further improve our security posture.
• Self-motivated problem solver.
• Strong time management and organisational skills.
• Pragmatic - making the best of the tools that we have and getting the best out of them. Recognise the balance between security and productivity.
• Understanding of Information Security Risk Management concepts.
• Experience of working collaboratively within an IT department.

OUR SHARED VALUES
Our values are what we stand for at British Land; they're not just a label on the door; they connect us every day to our vision, purpose, and strategy. They help us to promote an inclusive, positive, and collaborative culture.

Our People - Just ask anyone why they love working here and they will tell you it's the people. They're highly talented, passionate, and collaborative! We thank our people with rewards that feel rewarding; you can review our market-leading benefits here.

OUR RECRUITMENT PROCESS

If you enjoy bringing your whole self to work, share our values, and are excited about our purpose, we'd love to hear from you! We are committed to providing an accessible and inclusive process; learn more about our selection process here.

Please note that we endeavour to get back to all applicants within 28 days. If you haven't heard from us within this period, please assume that you have been unsuccessful on this occasion.