Information Security GRC Risk Manager

Join our team at the Guardian and be a part of a diverse and inclusive global organisation that delivers fearless, investigative journalism, and holds power to account. Our team of award-winning journalists, cutting-edge commercial professionals, and industry-leading digital experts are committed to making a difference and represent a wide range of backgrounds and perspectives. We offer a challenging and exciting environment for career development, with a focus on training, growth and fostering an inclusive culture.

We are now looking for an Information Security GRC Risk Manager to join the Group Technology & Data team. You’ll support the Information Security (InfoSec) GRC Lead to deliver effective risk management, ensuring risks are consistently identified, assessed and managed and that appropriate governance, including policies and standards, supports effective risk mitigation across the organisation.

You’ll act as a key driver between InfoSec and the wider business, providing oversight and challenge to ensure risks are appropriately managed.

About the role

Own and operate the Information Security risk management framework, ensuring alignment with enterprise risk management (ERM) practices

Identify and manage emerging risks, including those associated with AI/ML systems (e.g. bias, privacy, security, and model integrity)

Own and deliver risk reporting to senior stakeholders and governance forums, providing clear visibility of risk exposure and remediation progress

Lead responses to information security risk queries, assessments, and assurance activities

Deliver targeted risk training and awareness to embed a strong risk management culture

Own and maintain the Information Security policy framework, ensuring policies and standards remain current, aligned to risk appetite, and meet regulatory requirements

Highlight systemic issues, control weaknesses, and emerging threats, driving visibility and action at leadership level

Benchmark practices against industry standards and evolving regulatory expectations, ensuring continuous improvement

About you

Strong interpersonal skills with the ability to influence, challenge, and engage senior stakeholders, translating technical risk into clear business impact

Strong experience in identifying, assessing, and managing information security risks, with the ability to apply structured risk methodologies and align to business risk appetite

Highly disciplined and methodical approach to risk analysis, with the ability to break down complex issues and provide clear, actionable insights

Experience producing clear, concise risk reporting, including KPIs/KRIs, and presenting insights to leadership

Strong organisational skills with the ability to manage multiple priorities, maintain momentum on risk treatment, and ensure follow-through

Awareness of emerging technology risks, including AI/ML-related risks, and the ability to incorporate these into risk assessments

Working knowledge of industry frameworks and standards (e.g. ISO 27005, ISO 42001, NIST CSF 2.0, NIST 800-53) and relevant regulations (e.g. GDPR, EU AI Principles)

Solid understanding of security controls and experience supporting or performing control assessments and testing, with the ability to identify gaps and track remediation

Experience with GRC tools (e.g. Diligent One GRC etc.) and risk tracking systems

We actively encourage applications from groups traditionally underrepresented in the UK media

We operate in a hybrid environment working 3 days a week from our offices in Kings Cross and 2 days a week remotely.

We value and respect all differences (seen and unseen) in all people. We aspire to have inclusive working experiences and an environment that reflects the audience we serve, where our people have equal access to career development opportunities, their voices are heard and can contribute to our future. We actively encourage applications from people of all backgrounds. Many of our staff work flexibly and we will consider all requests for flexible working arrangements.

How to apply

To apply, please upload your latest CV and a cover letter which outlines why you’d love to take on this role, and why you’re a great match for what we’re looking for.

We appreciate the time taken to prepare each application we receive. We do not use AI-assisted technology to review applications; every application is reviewed by a member of our recruitment team.

The closing date for applications is Monday 11th May 2026.

All roles at the Guardian are open for everybody to apply. It is important to us that you feel supported and comfortable throughout your recruitment process, in order to perform your best. Please let us know if there are any changes we could make to help your application, this includes providing documents in accessible formats or personalising the process to better support your needs. Please contact Anna Vipers on anna.vipers@theguardian.com to discuss further so we can work with you to support you throu