Head of Information Security GRC

Package Description:

• Bonus scheme
• Cycle to work scheme
• 25 days annual leave plus bank holidays, plus each year you will have the option to buy and sell leave
• Enhanced maternity and paternity leave
• Wellbeing Scheme, provided through Health Shield, giving every colleague – and their dependents – unlimited access to GPs and counselling, as well as cash back on a wide range of health and wellbeing treatment
• Employee Support to include Life Assurance and critical illness pay
• 24/7 Colleague Assistance Programme and Financial Wellbeing Support – access to affordable loans, savings accounts, advanced earned pay, and financial education via salary finance
• Online savings- major retailers, utilities, entertainment plus many more!

We are seeking a technically proficient and strategically minded Head of Information Security Governance, Risk and Compliance (GRC) to lead our governance, risk, and compliance functions. This role is ideal for a seasoned security professional with a strong technical foundation who can bridge the gap between security operations and enterprise risk management. You will be responsible for developing and maintaining a robust GRC framework that aligns with business objectives, regulatory requirements, and industry best practices.

You’ll lead the governance, risk, and compliance functions across the enterprise, balancing strategic oversight with technical depth. This includes:

• Designing and maintaining an enterprise-wide security governance framework.
• Creating, enforcing, and monitoring security policies, standards, and procedures.
• Embedding security into business strategy and culture through close collaboration with senior leadership.
• Owning the organisation’s risk register and assessment processes.
• Leading technical risk assessments across infrastructure, applications, and third parties.
• Overseeing threat modelling and vulnerability management initiatives.
• Providing risk-based recommendations to mitigate threats and vulnerabilities.
• Leading internal and external audits, including managing remediation plans.
• Reporting on compliance posture to executive stakeholders.
• Acting as a bridge between technical teams, legal, audit, and business units.

You’re an experience professional with a strong technical background who can think strategically and act decisively. You combine deep GRC knowledge with the ability to engage business leaders and influence at board level.

• Proven experience in information security, with strong technical expertise in areas such as infrastructure, cloud, or application security.
• Deep understanding of GRC frameworks, methodologies, and risk assessment techniques.
• Familiarity with key security technologies (SIEM, DLP, IAM, vulnerability scanners).
• Strong knowledge of regulatory and compliance standards.
• Demonstrated experience leading teams and managing cross-functional projects.
• Relevant experience in CISSP, CISM, CRISC, ISO 27001 Lead Implementer/Auditor (or equivalent).
• Demonstrable experience in information security, including experience in a GRC leadership role.

Our purpose is to create a future where the materials we use don’t need to be extracted from the planet.

At EMR, we give new life to unwanted materials. Every year, we recycle 10 million tonnes of metals and plastics, saving 19 million tonnes of carbon from entering the Earth’s atmosphere, diverting waste from landfill and protecting resources and habitats.

We couldn’t do any of this without our team members. In return for all they do, we do everything we can to create an environment of belonging, value, support and growth. We’re proud to have achieved Great Place To Work status, but it’s about so much more than a badge. It’s about being recognised by our people for the continuous work we do to do better for them:

• “The people who work here are from varied backgrounds and have a variety of beliefs, all of which are accepted and respected.”
• “I’m encouraged to keep a healthy work-life balance so that I can be performing at my best.”
• “I’ve been supported every step of the way in my career progression.”
• “EMR offers a fantastic and inclusive environment; collaboration across the whole business, humility and hard work.”

We couldn’t do any of this without our team members. In return for all they do, we do everything we can to create an environment of belonging, value, support and growth, underpinned by our Company values of We Care and We Do.

• We Care
  • Integrity – our people are Respectful and Honest
  • Trust – our people are Collaborative and Genuine
• We Do
  • Accountable – our people are Determined and Responsible
  • Innovative – our people have a Growth Mind-set and are Progressive

If you want to be part of something bigger than yourself, have a role that really makes a difference and work with likeminded people towards the same purpose, click the link to apply.

Recruitment Agencies
We operate a strict Preferred Supplier List (PSL) and do not accept speculative CVs. Any unsolicited CVs, whether related to a specific position or submitted speculatively, will not be considered.