I am looking for a Cyber & Information Security Risk Manager to join a highly impactful organisation operating within a regulated environment. This is a Permanent role, base in London and is Hybrid with around 1 day per week in the office.
This role sits within a risk function and focuses on providing independent oversight of cyber and information security risks. You will work closely with teams across the business to ensure that risks are properly identified, assessed, and managed in line with regulatory expectations and industry standards.
This is not a hands-on security operations role. Instead, the focus is on governance, controls, and risk assurance.
Key responsibilities include:
- Owning and developing cyber and information security policies and frameworks
- Supporting the business in embedding and operationalising these controls
- Conducting control assurance and thematic reviews across functions
- Providing second-line oversight and challenge on security risk activities
- Assessing supplier and third-party security risk
- Monitoring incidents, tracking remediation, and identifying lessons learned
- Reviewing security aspects of business and technology change initiatives
- Producing risk reporting and MI for senior stakeholders
- Supporting risk appetite definition and control maturity assessments
I am looking for someone with:
- 10 Years experience in compliance roles within the remit of the FCA
- Strong experience in cyber or information security risk within a second-line function
- Background in financial services, payments, or another regulated environment
- Knowledge of frameworks such as ISO 27001, NIST, or CIS
- Experience with RCSAs, control assurance, and risk reviews
- Ability to engage effectively with senior stakeholders and auditors
- A pragmatic, delivery-focused approach with strong ownership
This is an opportunity to play a key role in strengthening security risk governance in a complex and evolving environment.
...