Information Risk Recruitment

Our unparalleled industry reputation, market knowledge and network enable us to deliver strategic recruitment solutions with clarity and discretion. Forming consultative partnerships with clients, we operate across EMEA, within vendor, reseller, consultancy and end user.


Information has a considerable influence on the way any modern business operates. Managed correctly, the right data can give companies a window into the way their customers operate – informing key decisions and helping to shape overall strategy. Managed incorrectly, it can cause significant damage to the business.

Recent high profile data leakages and breaches have only illuminated these potential dangers. Proper information risk recruitment can be the first line of defence against these threats.

Why information risk professionals are important

An information risk professional’s central duty is to help a business design and implement a framework to protect its data. To identify potential red flags in the organisation’s technology and processes, a degree of technical competency is essential, and in some instances, qualifications such as CISA, QiCA, or similar will be a prerequisite.

But while this competency is vital, in many respects, communication is the most critical part of the job. The issues that cause data loss and corruption are complex and may seem incomprehensible to the average person, so it becomes necessary to express them in a simplified, digestible format. 

In most c-suites, there will be few (if any) board members with the knowhow to understand the precise implications of poor information risk management. Human error is still the primary cause of data loss: when someone tries to compromise a system, they usually receive an unintentional helping hand from someone inside the business. To counteract this, it’s necessary to introduce a culture of vigilance and protection – to introduce best practices that serve to minimise any potential damage and negate certain threats entirely.

Consequently, the best information risk professionals are also educators. It’s as much about getting the company (and its leadership) on the same page as it is about audits and countermeasures. A business security officer should be able to sit down in front of an organisation’s executives and explain, in language they’ll understand, the importance of data privacy and information protection – not just in terms of the potential consequences to employees and customers, but in terms of the company’s assets and bottom line. 

For any company looking to properly protect either, it’s imperative to take the right approach to information risk recruitment.

Why Stott and May?

At Stott and May, we have a history of sustained success with information risk recruitment. We take the time to understand the specific needs of our clients, and we take great pride in our superior knowledge of every market we service: if your company doesn’t have the right IT or security literacy, rest assured – we do.

We have the most knowledgeable, experienced, and well-connected consultants in the cyber staffing world: if your ideal hire can be found through traditional means, we’ll find them before anyone else; if they can’t, we’ll throw the playbook out and find a creative, tailor-made solution.  

Led by Farhan Khan, our IT security recruitment team covers all sectors, including banking, financial services, foreign exchange, telecommunications, retail, oil and gas, and consultancy. Some of the information risk roles we recruit for are:

  • Information risk manager

  • Information risk officer

  • Chief information risk officer (CIRO)

  • Supplier risk/assurance specialist

  • Audit risk manager

  • IT risk specialist (all levels)

  • Information security manager (risk)

And if your staffing needs are more diverse, our information security recruitment also covers ISO 27001 and security architect recruitment.

To discuss your information risk recruitment needs, get in touch

Partnering with an experienced information risk recruitment agency is imperative to your company’s future safety and success. Contact us today to discuss your IT security requirements and find out how our specialist IT security recruitment team can help.


Thames Valley

New York