Information Security GRC Risk Manager

Join our team at the Guardian and be a part of a diverse and inclusive global organisation that delivers fearless investigative journalism and holds power to account. Our team of award-winning journalists cutting-edge commercial professionals and industry-leading digital experts are committed to making a difference and represent a wide range of backgrounds and perspectives. We offer a challenging and exciting environment for career development with a focus on training growth and fostering an inclusive culture.

We are now looking for an Information Security GRC Risk Manager to join the Group Technology & Data team. Youll support the Information Security (InfoSec) GRC Lead to deliver effective risk management ensuring risks are consistently identified assessed and managed and that appropriate governance including policies and standards supports effective risk mitigation across the organisation.

Youll act as a key driver between InfoSec and the wider business providing oversight and challenge to ensure risks are appropriately managed.

About the role

• Own and operate the Information Security risk management framework ensuring alignment with enterprise risk management (ERM) practices
• Identify and manage emerging risks including those associated with AI/ML systems (e.g. bias privacy security and model integrity)
• Own and deliver risk reporting to senior stakeholders and governance forums providing clear visibility of risk exposure and remediation progress
• Lead responses to information security risk queries assessments and assurance activities
• Deliver targeted risk training and awareness to embed a strong risk management culture
• Own and maintain the Information Security policy framework ensuring policies and standards remain current aligned to risk appetite and meet regulatory requirements
• Highlight systemic issues control weaknesses and emerging threats driving visibility and action at leadership level
• Benchmark practices against industry standards and evolving regulatory expectations ensuring continuous improvement

About you

• Strong interpersonal skills with the ability to influence challenge and engage senior stakeholders translating technical risk into clear business impact
• Strong experience in identifying assessing and managing information security risks with the ability to apply structured risk methodologies and align to business risk appetite
• Highly disciplined and methodical approach to risk analysis with the ability to break down complex issues and provide clear actionable insights
• Experience producing clear concise risk reporting including KPIs/KRIs and presenting insights to leadership
• Strong organisational skills with the ability to manage multiple priorities maintain momentum on risk treatment and ensure follow-through
• Awareness of emerging technology risks including AI/ML-related risks and the ability to incorporate these into risk assessments
• Working knowledge of industry frameworks and standards (e.g. ISO 27005 ISO 42001 NIST CSF 2.0 NIST 800-53) and relevant regulations (e.g. GDPR EU AI Principles)
• Solid understanding of security controls and experience supporting or performing control assessments and testing with the ability to identify gaps and track remediation
• Experience with GRC tools (e.g. Diligent One GRC etc.) and risk tracking systems

We actively encourage applications from groups traditionally underrepresented in the UK media

We operate in a hybrid environment working 3 days a week from our offices in Kings Cross and 2 days a week remotely.

We value and respect all differences (seen and unseen) in all people. We aspire to have inclusive working experiences and an environment that reflects the audience we serve where our people have equal access to career development opportunities their voices are heard and can contribute to our future. We actively encourage applications from people of all backgrounds. Many of our staff work flexibly and we will consider all requests for flexible working arrangements.

How to apply

To apply please upload your latest CV and a cover letter which outlines why youd love to take on this role and why youre a great match for what were looking for.

We appreciate the time taken to prepare each application we receive. We do not use AI-assisted technology to review applications; every application is reviewed by a member of our recruitment team.

The closing date for applications is Monday 11th May 2026.

All roles at the Guardian are open for everybody to apply. It is important to us that you feel supported and comfortable throughout your recruitment process in order to perform your best. Please let us know if there are any changes we could make to help your application this includes providing documents in accessible formats or personalising the process to better support your needs. Please contact Anna Vipers on to discuss further so we can work with you to support you through your application.

Benefits at the Guardian

Youll have 30 days of annual leave per year (plus bank holidays) with the option to purchase an additional 5 days. Our pension scheme is generous; if you contribute 5% then we will contribute 8-12% (depending on your age). We believe in giving back which is why employees are given 2 volunteering days annually and the option of payroll giving. Season ticket loans are also available.

You are entitled to private healthcare life cover income protection and eye tests. You can also opt in to dental insurance.

We have enhanced maternity paternity adoption and shared parental leave policies in place. We also support our employees by offering an IVF menopause baby loss and trans equality policy.

Culture and wellbeing

We want everyone to feel like they belong at the Guardian and we champion diversity of thought. Our various employee forums provide a platform to use their voice to foster an inclusive workplace. We became the first major media organisation to achieve B Corp status.

We offer tools to help you prioritise your wellbeing including access to our employee benefits platform which provides tailored support for health and addition we also offer free yoga and pilates classes. These run alongside our corporate gym membership and cycle to work scheme.

Our canteen has views overlooking the Regents Canal and caters for breakfast lunch and dinner.

Learning and development

We encourage personal and professional growth. Employees have access to a broad range of tools and solutions and we are happy to support the pursuit of professional qualifications through vocational courses and apprenticeships.