Information Security Lead (GRC, Standards & Assurance)
Job Summary
Roles & Responsibilities
- Own and continuously improve information security policies standards and control frameworks ensuring they remain relevant and effective.
- Align and map security controls to regulatory requirements and industry frameworks maintaining strong governance coverage.
- Lead risk assessments define pragmatic treatment plans and drive remediation actions based on business impact and priority.
- Partner closely with first and second lines of defence to support audit readiness assurance activities and compliance obligations.
- Provide clear ongoing assurance on the effectiveness of controls identifying gaps and driving meaningful improvements.
- Work in close coordination with Enterprise Architecture and Cyber teams to ensure security is embedded in design and delivery.
- Oversee and track control exceptions risk acceptances and remediation actions through to completion.
- Support separation activities and Day1 readiness by ensuring required controls and evidence are in place.
- Operate with a high degree of independence managing competing priorities while confidently engaging stakeholders and influencing risk-based decisions.
Qualifications :
Qualifications
- Degree-level education (or equivalent) in IT Information Security or a related field is required.
- Professional certifications such as CISA CRISC or ISO 27001 Lead Auditor are desirable but not essential.
- 46 years experience across information security GRC IT controls or audit in a global complex environment.
- Hands-on experience with audits control testing and remediation with a strong understanding of how frameworks operate in practice.
- Familiarity with recognised standards such as ISO 27001 NIST CMMC or Cyber Essentials.
- Strong grounding in information security assurance and governance with the ability to translate technical concepts into clear business-focused language.
- Proven ability to manage stakeholders produce high-quality documentation and navigate complex organisational structures.
- Sound judgement in prioritising risk recommending improvements and strengthening control maturity in a practical outcome-focused way.
Additional Information :
Job Purpose: The Information Security Lead is responsible for governance risk compliance and assurance ensuring that security controls are defined implemented and auditable. The role provides confidence to executives auditors and regulators particularly during separation.
Join us and work for a world-leader with the benefits and training to reward your dedication and skills. Be part of a team where we are making the world a safer place.
We believe that different perspectives and backgrounds are what make a company flourish. All qualified applicants will receive equal consideration for employment regardless of color religion sex sexual orientation gender identity national origin economic status disability age or any other legally protected characteristics. We are proud to be an inclusive company with values grounded in equality and ethics where we celebrate support and embrace diversity.
At no time during the hiring process will Smiths Group nor any of our recruitment partners ever request payment to enable participation including but not limited to interviews or testing. Avoid fraudulent requests by applying jobs directly through our careers website (Careers - Smiths Group plc)
Remote Work :
No
Employment Type :
Full-time
About Company
Smiths Group is a global technology company that delivers solutions for the worlds evolving challenges. With a history spanning over 170 years, we operate across multiple sectors, including healthcare, energy, defense, and manufacturing. Our five divisionsJohn Crane, Smiths Detectio ... View more