Information Security Governance, Risk, and Compliance (GRC) Manager

Trainline connects millions of travelers with rail and coach tickets, offering a range of options through its app, website, and B2B channels. With a focus on making travel simpler and more sustainable, Trainline partners with over 270 transport companies in 40 countries. The company processes more than 135 million visits monthly and handles £6.3 billion in ticket sales each year. Headquartered in London and present in major European cities, Trainline's team includes more than 1,000 people from 50+ nationalities. The Security team works to strengthen risk management as technology and AI risks change. Collaboration with teams across the business helps keep systems and data secure. Role overview The Senior Information Security Risk Analyst, based in London and reporting to the GRC Manager, will play a key role in advancing Trainline’s security risk management program. This position focuses on addressing both established and emerging risks, particularly those related to AI and cloud technologies. What you will do Manage information security risks, including traditional cyber threats and AI-specific risks such as data quality and model bias. Align risk management activities with Trainline’s business risk appetite. Work with Engineering, Data Science, Legal, and Internal Audit teams to maintain a broad perspective on information, cyber, and AI risks. Promote strong risk governance in a cloud-first, AI-driven environment. Conduct risk assessments for both existing and new AI use cases. Collaboration This role requires frequent interaction with both technical and business teams. The aim is to make sure risk management practices are practical and integrated into daily operations.

Join Trustpilot as an Information Security Governance, Risk, and Compliance Analyst, where you'll play a pivotal role in enhancing our security posture. In this dynamic position, you will be responsible for identifying, assessing, and managing security risks while ensuring compliance with relevant regulations and best practices. You'll collaborate with cross-functional teams to promote a culture of security awareness and implement effective governance frameworks.

Join Shawbrook Bank as an IT Risk and Controls Analyst, where you'll play a pivotal role in strengthening our information security framework. We are seeking a detail-oriented professional with a solid understanding of IT risk management and control processes. You will be responsible for identifying vulnerabilities, assessing risks, and ensuring compliance with regulatory standards. If you’re passionate about safeguarding digital assets and enhancing our security posture, we want to hear from you!

Join our dynamic team at bmlltech as a Senior Information Security Analyst specializing in ISMS Management. You will play a crucial role in safeguarding the integrity and confidentiality of our information assets. Your expertise will help us to establish, implement, and maintain an effective Information Security Management System (ISMS) that aligns with international standards.As part of your responsibilities, you will conduct risk assessments, develop security policies, and collaborate with cross-functional teams to ensure compliance with data protection regulations. You will also lead security awareness initiatives and provide guidance on best practices to enhance our security posture.

Join Smartdesc as an Information Security ConsultantLocation: Field-based, primarily in the London areaEmployment Type: Full-timeSalary: £70,000 - £80,000As an Information Security Consultant at Smartdesc, you will collaborate with the Information Security and technical delivery teams to implement robust security solutions for our clients.Your role will involve providing strategic guidance on Information Security, aiding clients in enhancing their security posture, and overseeing a variety of security projects. This includes assisting clients in implementing security controls, conducting assessments based on industry best practices, and delivering assessment reports to Senior Leadership Teams to bolster their security measures.The position encompasses a diverse array of responsibilities, from strategic governance and risk management to advising non-profit organizations on maximizing the value of Microsoft Business Premium, E3, and E5 security solutions. You should be comfortable presenting security information to varied audiences, from part-time volunteers to executive boards.This customer-facing role demands a meticulous eye for detail and a proven track record in delivering exemplary Information Security practices.Key ResponsibilitiesAssess and identify steps organizations must take to enhance their security posture, creating roadmaps for continuous improvement while maximizing existing Microsoft licensing.Align security practices with frameworks and standards such as Cyber Essentials, NCSC CAF, and ISO 27001.Own or oversee key Information Security processes and procedures.Manage the Smartdesc MDR management service.Implement and oversee Information Security Risk Management programs.Identify and manage remediation actions to mitigate risks.Develop and maintain Information Security Policies.Create and deliver general and role-specific Information Security Training and Awareness programs.Raise, investigate, and manage IT Security incidents, ensuring appropriate follow-up actions.Provide IT security support to various business functions, including digital teams, IT infrastructure, and IT Service Desk.Develop and oversee Information Security Internal Audit programs.Supervise ongoing security testing, reviews, and audits.

Join Catapult Sports as a Security & Compliance Analyst and play a crucial role in safeguarding our organization's data and compliance with industry regulations. You will work closely with various teams to identify security vulnerabilities, implement effective controls, and ensure compliance with relevant standards.

Role Overview Evelyn Partners is looking for an Information Security Compliance Analyst in London. This position helps ensure the company’s security policies and procedures meet government regulations and industry standards. The analyst works closely with teams across the business to strengthen security practices. What You Will Do Monitor and assess compliance with security policies and procedures Support risk assessments and internal audits Participate in compliance reviews to identify gaps and recommend improvements Work with other departments to build awareness and improve security controls

AJ Bell seeks a Senior Information Security Engineer to strengthen the protection of company information systems and support compliance initiatives. The position is offered as a hybrid role, with the option to work from either the Manchester or London office and some flexibility for remote work. Key responsibilities Identify and assess security vulnerabilities within company systems Implement and maintain security controls to protect data and infrastructure Collaborate with teams across the business to promote effective security practices Assist in maintaining compliance with relevant regulations and internal policies Location This role is based in Manchester or London with a hybrid work arrangement, allowing for both office presence and remote work.

Control Risks is seeking an experienced Senior Regional Security Manager to spearhead security initiatives for a prominent multinational consumer goods organization across the Europe, Middle East, and Africa (EMEA) region. This pivotal role will align security strategies with corporate objectives and operational priorities, ensuring effective communication with regional business leaders and compliance with global security programs tailored to local needs.The successful candidate will be based in the client’s London office, with access to Control Risks offices as necessary.Key Responsibilities:Conduct thorough risk and threat assessments to create comprehensive Site Security Plans, enhancing our security posture to safeguard personnel, facilities, and business interests in collaboration with business leaders and external partners.Design and execute robust security strategies that effectively mitigate risks while aligning with business goals and industry best practices.Perform regular security audits to ensure program integrity and adherence to security standards.Lead security investigations involving internal and external resources, support compliance inquiries, and oversee the Threat Management Team's efforts in addressing workplace violence threats and incidents.Manage the implementation of security standards, optimizing resource allocation and promoting cost-effective solutions.Guide the activities of Security Champions and Security Suppliers to ensure comprehensive security coverage across all regional facilities, enforce compliance with the Security Guard Force Standard, and collaborate with Mill Managers and Business Segment Leaders to develop improvement strategies.Oversee Executive Protection functions, including the physical security of the CEO’s office and residences, security awareness training, and security arrangements for Board of Director/Special meetings.Work alongside the Program Owner, Leadership Team, and key stakeholders to drive enhancements in the Physical Security Program, including systems, security guard force, and Global Security Operations Center.Stay abreast of cutting-edge trends and technologies in security management relevant to the industry and region.Build and maintain strong relationships with senior law enforcement, intelligence, and private sector counterparts.Provide briefings to senior executives on security incidents and participate in business segment committees and working groups.

About the Opportunity At Contentful, we are dedicated to establishing a secure and reliable service, investing substantial resources in our security initiatives. Our Security team plays a pivotal role in corporate-wide information security management programs and collaborates closely with various internal teams. We believe that security should be deeply rooted in DevOps principles, supported by robust and repeatable processes. We are in search of a passionate and results-oriented Senior Security Analyst who possesses a strong background in analyzing and managing information security incidents, along with a proven track record of contributing to the development and design of security programs. In this role, you will be responsible for daily alert investigations and incident response, while also being empowered to proactively influence changes that will enhance our Security program. The ideal candidate will have experience in triaging new and unfamiliar alerts, leading technical workstreams during incidents, and managing medium-scale incidents. You should be adept at creating and maintaining high-quality threat detection mechanisms and demonstrate a solid understanding of common Information Security principles and frameworks, paired with excellent communication skills and a continuous eagerness to learn and grow. As a Senior Security Analyst, you will work independently and as part of a globally distributed team, collaborating with stakeholders across the organization to ensure comprehensive risk mitigation while minimizing impacts on end users.

Kroo Bank is redefining banking by creating a customer-centric experience that prioritizes responsible financial management and leverages technology to simplify, democratize, and enhance transparency in everyday banking. As a fully regulated UK bank, we are supported by dedicated investors and are on a mission to grow our customer base while pursuing ambitious goals. Our commitment to excellence is evident in our fast-paced operations, thoughtful decision-making, and adherence to the highest standards of service, product development, risk management, and employee care.Job Overview:We are seeking a dynamic Head of Information Security (HoIS) to lead our IT security strategy and safeguard the organization against security threats targeting our digital assets. In this role, you will direct the security strategy, oversee operations, and drive product development to protect our enterprise information. Your responsibilities will include fostering security awareness, managing security operations, and ensuring robust policies and procedures are in place.Key Responsibilities:Oversee the daily operations and execution of the information security strategy.Design and maintain a proactive security roadmap encompassing cloud, mobile, AI, and software platforms.Work collaboratively with technology leaders to implement innovative security technologies and next-generation solutions.Guarantee secure configurations and ensure continuous compliance across IaaS, PaaS, and SaaS environments.Conduct ongoing assessments of existing security practices and systems, identifying and addressing areas for enhancement.Perform security audits and risk assessments, providing recommendations to mitigate threats and vulnerabilities.Manage the Information Security Management System (ISMS) and uphold ISO 27001 certification.Ensure adherence to relevant compliance and governance standards.Collaborate with operational teams to develop, implement, and test business continuity plans for security breaches and disaster recovery scenarios.Safeguard the organization's intellectual property consistently.Monitor security vulnerabilities and potential hacking threats across network and host systems.Lead security operations, including Managed SOC, threat intelligence, detection, and response capabilities.Establish KPIs and KRIs to measure security maturity and provide consistent security reporting to Executive and Board stakeholders.Manage and nurture the information security team.Promote and educate the organization on the latest security strategies and technologies.Oversee the IT security budget and communicate effectively with stakeholders.

AJ Bell seeks an Information Security Architect to safeguard digital assets and advance security practices. This hybrid role is available in either Manchester or London. Key responsibilities Design and implement security frameworks that protect company systems and sensitive data. Identify vulnerabilities across digital platforms, providing recommendations to address risks. Ensure security measures align with industry standards and compliance requirements. Collaborate with teams throughout the business to shape security strategies that support organizational objectives. Location This position offers a hybrid work model, with the option to be based in Manchester or London.

Role overview The Chief Information Security Officer at mangroup will lead information security efforts from the London office. This executive position carries responsibility for shaping the overall security strategy, protecting digital assets, and managing risks throughout the company. Key responsibilities Direct the creation and rollout of cybersecurity programs Safeguard company data and digital systems from security threats Identify, evaluate, and manage information security risks Work closely with senior leadership to ensure security initiatives support business objectives Maintain compliance with applicable regulations and industry standards Location This position is based in London.

Starling Bank is a digital bank based in the UK, with teams in London, Southampton, Cardiff, and Manchester. The company combines technology-driven innovation with the reliability of a fully licensed bank. Over 3,000 professionals work together at Starling, guided by values like Listen, Keep It Simple, Do The Right Thing, Own It, and Aim For Greatness. Role Overview The Director of Information Security will report to the Chief Information Security Officer (CISO) and lead the Office of the CISO. This position manages a team of Information Security analysts and plays a central role in strengthening Starling’s security capabilities and governance. This role suits an experienced information security leader with a track record in building teams and driving improvement. Candidates interested in progressing toward a future CISO role will find room to grow here. Main Responsibilities Oversee the Information Security Policy Framework, ensuring it meets the needs of Starling Group and its stakeholders while staying compliant with legislation and industry standards. Develop and maintain standards for implementing security controls and procedures. Work closely with external organizations and regulatory bodies to strengthen Starling’s security posture. Location This position is based in London, England, United Kingdom.

Maven Securities Holding Ltd is a cutting-edge proprietary trading firm established in 2011, with a global presence that includes offices in London, Amsterdam, Chicago, New York, Hong Kong, and Monaco. We pride ourselves on having a team of exceptionally skilled traders, developers, engineers, and operational staff who execute a wide variety of market-making and position-taking strategies across global derivatives, equities, and debt instruments. Our culture is relaxed and informal, yet we are fiercely dedicated to high performance and rewarding excellence. The Risk team at Maven is at the forefront of innovative risk management practices, overseeing the extensive trading operations across our organization. We are a cohesive global unit that integrates risk management, technology, and development to create and implement advanced systems while ensuring meticulous monitoring of trading exposures across the firm. This Risk Analyst position offers a unique opportunity for an outstanding individual with specialized expertise in options risk management. Based in our London office, you will collaborate with experienced risk team members from our Hong Kong and Chicago locations. The successful candidate will gain insights into our diverse business activities and strategies while serving as the first line of risk management oversight for critical trading functions. The proprietary risk systems we utilize set the parameters for effective risk management, and as Maven grows and diversifies our strategies, our risk monitoring systems and processes evolve in complexity and sophistication. The Risk Analyst will be tasked with updating and managing daily risk processes and conducting thorough risk monitoring—an essential responsibility given the volume and variety of trades processed. Additionally, you will be involved in interpreting and developing risk metrics, contributing to the enhancement of our risk management practices, and collaborating with the wider team to refine our systems, controls, and procedures. Communication with traders across Europe and our global trading hubs will also be a key aspect of this role. If you excel in a dynamic environment, possess a natural curiosity for the financial markets, and have a foundational understanding of trading and risk concepts, we are committed to helping you evolve into a leading Risk Analyst in the industry.

Genius Sports combines technology and live data to change how fans connect with sports worldwide. The company aims to create interactive, personalized experiences that keep audiences engaged. More information is available at geniussports.com. Role overview The Cyber Risk Manager plays a key part in strengthening Genius Sports’ ability to identify, assess, and manage cyber risks across the organization. Reporting to the VP of Cyber Security within the Information Security division, this role works closely with the GRC Manager. The focus goes beyond compliance, addressing security risk as a core business issue. This position guides the creation and improvement of frameworks and practices that help teams make risk-aware decisions. The Cyber Risk Manager translates evolving threats into clear risk assessments, ensures consistent risk treatment and accountability, and supports the company’s growth with scalable risk management processes. Key responsibilities Establish and manage the cyber risk program, adapting it to organizational growth and shifting threats. Develop and maintain frameworks for identifying and assessing cyber risks across all business areas. Promote risk awareness, enabling teams to make informed cybersecurity decisions. Collaborate with the GRC Manager to address security risk as a business challenge, not just a technical or compliance issue. Translate complex threats into actionable risk assessments for stakeholders at every level. Drive consistent risk treatment and accountability throughout the organization. Location This role is based in London, England, United Kingdom.

m-kopa is hiring a Senior Analyst - Credit Risk & Eligibility in London. This position centers on analyzing credit risk and evaluating eligibility for the company’s financial products. Role overview This role focuses on assessing credit risk and supporting the development of credit assessment processes. The Senior Analyst will help refine how eligibility is determined, contributing to improvements that support m-kopa’s goal of expanding access to financial solutions. Key responsibilities Analyze credit risk for a range of financial products. Evaluate eligibility criteria and recommend process enhancements. Support ongoing improvements in credit assessment methods. Impact This work directly supports m-kopa’s mission to provide financial access in underserved markets. The Senior Analyst’s insights will help shape the company’s future approach to credit risk and eligibility.

Blockchain.com is at the forefront of the future of finance, connecting individuals globally to the world of cryptocurrency. As the most trusted and rapidly expanding global crypto platform, we empower millions to securely access crypto assets. Since our inception in 2011, we have gained the confidence of over 90 million wallet holders and more than 40 million verified users, facilitating over $1 trillion in cryptocurrency transactions.As the leading software platform for digital assets, Blockchain.com fuels the largest production blockchain platform worldwide. Our mission is to innovate, code, and construct an inclusive and fair financial ecosystem, one line of code at a time.As we expand our platform to cater to millions daily, we are looking for a Cyber Security Analyst to become a vital part of our dedicated security team.At Blockchain.com, security transcends mere policies; it embodies our core philosophy. In a continuously evolving crypto landscape, you will confront some of the most intricate challenges related to securing a decentralized financial platform. The Security team plays a pivotal role in shaping and implementing secure systems throughout the organization. Employing a wide array of tools and methodologies, we proactively identify and mitigate security risks to safeguard our users, stakeholders, and systems.

Role Overview:Join the dynamic team at Brook Green Supply, a leading independent B2B energy supply company based in London. As a Senior Credit Risk Analyst, you will be part of a seasoned team committed to fostering growth and success within the energy sector. This role presents an excellent opportunity for a motivated and adaptable professional looking to advance their career in an innovative environment.In this pivotal position within the Credit Risk team under the Commercial department, you will collaborate with internal account managers, coordinators, and trading desk members, as well as external clients and credit stakeholders. Your focus will be on evaluating data and contracts, managing counterparty credit risks associated with physical power and gas supply, and supporting sustainable business growth through effective credit management practices.Your responsibilities will include managing complex credit exposures and collateral arrangements, and shaping reporting and risk-mitigation frameworks to enhance overall operational efficiency.