AVP, IT Security Specialist - RSA Archer, NIST, GRC - London - Hybrid

Join a leading security governance and risk team as an AVP, IT Security Specialist. You'll play a key role in ensuring robust security controls, compliance, and continuous risk reduction across a regulated enterprise environment.

Key Responsibilities:

• Maintain and evolve security policy, standards, procedures, and frameworks

• Align security practices with NIST CSF, NIST 800-53 and other industry standards

• Advise business and technology teams on information security best practices

• Conduct regular risk assessments and maintain a risk register in RSA Archer

• Identify, assess, and prioritize cybersecurity risks across assets and environments

• Track remediation efforts and ensure ongoing risk reduction to acceptable levels

• Support development of cybersecurity risk management strategies and reporting

• Represent security during internal and external audits and assessments

• Run lessons-learned forums and improve control effectiveness

• Produce detailed assurance reporting, metrics, and dashboards for stakeholders

Key Skills & Experience:

• Minimum 2 years' experience in Information or Cyber Security, ideally in financial services

• Solid understanding of security risk management principles and taxonomy

• Working knowledge of GRC platforms - RSA Archer preferred

• Familiarity with NIST CSF, NIST 800-53, ISO 27001, SOC 1 & 2

• Good written and verbal communication skills for technical and non-technical stakeholders

• Strong documentation and risk reporting skills

• Knowledge of vulnerability management and incident management practices

• Experience planning, analysing, and presenting data to support risk decisions

Desirable Certifications:

• CISM, CRISC, CISA, or MSc in Information Security

• Knowledge of Prince2, MSP, or APMQ beneficial

Location & Working Model:

• Based in London

• Hybrid working model - 2 days onsite per week