13th March 2026
Information Security Risk & Control Auditor (Vice President)
Information Security
London
Up to £130,000 + bonus and Benefits
Job Title: Information Security Risk & Control Auditor (Vice President)
Location: London (Hybrid – 2 days on-site per week)
Salary : up to £130,000 + bonus and Benefits
About the Role
This robust Financial Services Business are seeking an experienced and motivated Information Security Risk & Control Auditor to join their team as they expand their risk function. As a dedicated first-line risk and control function, the this newly-formed team plays a vital role in strengthening non-financial risk management across the organisation. This opportunity has arisen due to growing responsibilities within the team, offering the successful candidate a chance to meaningfully shape and influence the evolution of our risk and control framework.
This role is well-suited for candidates currently working in the 2nd or 3rd Line of Defence and looking to move into a dynamic 1LOD position, particularly thouse who have come from a technology risk and audit background.
You will work closely with the Information Security department within Technology, providing expert oversight and validation of Information Security risks and controls, ensuring these remain effective and aligned with our risk appetite.
What You Will Be DoingStrategic Responsibilities
- Develop and implement a consistent and efficient approach to managing and overseeing Information Security risks and controls.
- Identify and embed best practices in Information Security control standards across the organisation.
- Lead Technology’s engagement with Internal Audit, serving as a key liaison with 2LOD Risk and Compliance teams.
Operational Responsibilities
- Support the identification and assessment of Information Security risks and controls across the first line.
- Review and challenge self-identified issues and remediation plans, ensuring appropriate risk assessment, design considerations, and operating effectiveness.
- Contribute to the drafting and review of corrective actions for Internal Audit findings.
- Validate the completion and effectiveness of remediation actions ahead of 2LOD/Audit sign-off, reporting status to governance forums.
- Identify, assess, and document operational risk events, particularly related to security incidents.
- Contribute to risk appetite statements, emerging risk reviews, and ongoing assessments.
- Review Key Risk Indicators (KRIs), ensuring metrics are meaningful, breaches are understood, and lessons learned are embedded.
- Consolidate and report on risk and control outcomes to senior stakeholders, escalating where required.
Leadership Responsibilities
- Support cross-Technology control initiatives and drive continuous improvement.
- Build strong, collaborative relationships with stakeholders across Technology and the wider business.
- Share expertise within the team to drive consistency, best practices, and added value.
- Establish positive working relationships with senior business leaders and influence risk-aware behaviours.
What We’re Looking ForEssential Skills & Experience
- Strong experience in Internal Audit engagement, control remediation, and audit validation-either in 1LOD control ownership or 2LOD/3LOD assurance roles.
- Deep understanding of Information Security risks, controls, and processes within Financial Services.
- Minimum 5+ years’ experience in one or more of the following areas:
- Information Security Risk & Control Management
- Internal Audit
- Second Line of Defence
- Experience within Financial Services, Financial Market Utilities, or similarly regulated sectors.
- Understanding of regulatory expectations relating to Information Security and technology risk.
Desirable Qualifications
Certifications in any of the following areas are beneficial but not essential:
- Risk Management: eg, CRISC
- Internal Audit: eg, CISA
- Information Security Governance: eg, CISSP, CISM
- Compliance/Project Management qualifications
We invite individuals from underrepresented groups to apply for any of our roles and are committed to supporting accessibility needs.
Consultant - Abigail Moss
Telephone: 0207 392 7516
Email: abigail.moss@spencer-rose.com
Share This Position