Information Security Risk and Compliance Manager

We are in search for a Technology Information Security Risk and Compliance Manager who will be responsible for technology information security risk management and security compliance management, supporting eMed’s Global Clinical Services / Babylon Healthcare Services Limited’s Information Security Management System (ISMS) is adopted and effectively implemented within the UK.

• Identify, assess and manage technology and information security risks in line with the Technology Risk Framework
• Partner with Cyber and Information Security teams to stay ahead of emerging threats and vulnerabilities
• Provide clear, timely risk insights to support informed business decisions and growth
• Build strong relationships with risk and control owners to ensure risks are understood and effectively managed
• Support prioritisation and delivery of risk mitigation plans within agreed timelines
• Define and track key risk and performance indicators (KRIs/KPIs), reporting insights to stakeholders and governance committees
• Monitor and report on risk treatment plans, non-conformities and overall performance
• Ensure compliance with legal, regulatory and industry standards (including ISO 27001, Cyber Essentials, SOC 2, PCI DSS and NHS DSP Toolkit)
• Support audits, assessments and relationships with external certification bodies
• Contribute to the development and maintenance of global security policies, processes and regional compliance requirements
• Support the ongoing improvement of security and compliance frameworks (including ISMS programmes)
• Promote a strong culture of security awareness across the business to minimise risk and ensure policy adherence
• Partner with commercial teams to support RFIs and bids with relevant security information
• Support the development, testing and maintenance of disaster recovery and resilience plans

• Degree-level education (or equivalent experience) in a relevant field
• Relevant qualification in risk, compliance or information security
• Background in Governance, Risk and Compliance (GRC), information security or computer science
• Strong understanding of technology risk and compliance within a business environment
• Proven experience managing compliance frameworks and Information Security Management Systems (e.g. ISO 27001)
• Experience supporting audits, assessments and implementation of security standards
• Solid operational and technology risk management experience, with the ability to identify areas for improvement
• Strong communication and stakeholder management skills, with the confidence to influence at all levels, including senior leadership
• Effective organisation and project management skills, with experience supporting business change initiatives
• Experience in team leadership and delivering high-quality outcomes
  Strong attention to detail, including experience with document and quality management processes
• Good commercial awareness, with the ability to align risk and compliance with business needs