Head of Governance, Risk and Compliance - Info Sec - 12 Month FTC

Position Title: Head of Governance, Risk and Compliance (GRC), Info Sec – 12 Month FTC

Reports to: Global CISO

Location: London

Summary of Position:

This position will report directly to the global CISO and be responsible for managing a small in-house team that plans, schedules, monitors, and reports on activities related to information and cyber security. The role will collaborate with Information Technology, Group Risk and Compliance, HR, Facilities, and third parties.

Key Responsibilities & Accountabilities:

• Support the Global CISO in maintaining and implementing the cyber security strategy
• Take overall responsibility for information security risk and compliance
• Manage the BMS Information Security Control Framework
• Develop and maintain the Information Security governance and oversight target operating model
• Create policies and supporting governance materials
• Own the Information Security Risk management processes
• Identify information security threats and coordinate with technical teams to understand BMS exposure
• Provide specialist Information Security input to IT and business operations
• Ensure information security initiatives are current and security risks are identified and managed
• Investigate, analyze, and review Information Security breaches, including near misses, and recommend control improvements
• Build strong relationships with key internal users, senior managers, and external suppliers
• Coordinate security plans with third-party vendors and ensure security service outputs are acted upon
• Manage cyber events, including notification, escalation, response, and post-incident review
• Adhere to company and regulatory policies, procedures, and mandatory training

Information Security Experience:

• Experience managing information security services related to service design and ongoing management
• Experience developing and maintaining security controls, compliance monitoring, and treatment strategies
• Knowledge of Information Security risk management concepts
• Experience with Information Security transformation programmes
• Experience supporting incident management frameworks
• Knowledge of security frameworks such as NIST CSF/ISO-27001

Functional & Behavioural Competencies:

• Proven leadership skills in a similar Information Security role
• Experience in nurturing and retaining talent
• Proven experience in information security
• Excellent writing and communication skills
• Experience in third-party supplier and vendor management
• Ability to manage multiple issues and prioritize effectively
• Understanding of culture change techniques for security improvements
• Ability to assess implications of process changes on business strategies
• Capability to manage incident processes and coordinate sensitive investigations

Demonstrate the five BMS values and ensure team alignment:

• Accountable
• Entrepreneurial
• Collaborative
• Empowering
• Disciplined