First Line Security Risk Manager
New Yesterday
First Line Security Risk Manager
Department: IT Operations
Employment Type: Permanent - Full Time
Location: London
Reporting To: Kirsty Kelly
Description
You will report directly to the Group CISO and work closely with business units, IT, compliance, and audit to ensure security risks are effectively identified, assessed, documented, and mitigated in line with our overall risk appetite.
About the role
- Conducting and documenting security risk assessments across systems, projects, and processes.
- Owning and managing the Group security risk register, ensuring timely updates, mitigation tracking, and escalation where required.
- Working closely with the 2nd line to manage security risks across the group.
- Supporting the Group CISO in risk reporting to executive stakeholders.
- Managing the exception to security policy process, including risk-based reviews, documentation, approvals, and renewals.
- Liaising with business stakeholders to assess and document residual risk where security standards cannot be met
- Supporting the creation, maintenance, and review of security policies and procedures to ensure alignment with regulatory, industry, and business requirements.
- Mapping security policies to procedures and controls to ensure clear operational accountability.
- Facilitating awareness and compliance of security policies across business units
- And many other security-related activities!
About you
- Hands-on experience managing risk assessments, policy exceptions, and governance processes.
- Proven experience (minimum 5+ years) in security risk management, essential that this is within financial services or a regulated industry.
- Strong understanding of information security principles, standards (e.g., ISO 27001, NIST), and regulatory requirements (e.g., NYDFS, GDPR).
- Experience with risk and control frameworks (e.g., IRAM2, FAIR, COBIT) essential.
- Working knowledge of global regulations: GDPR, DORA, APRA CPS 234, CCPA, etc.
- Strong familiarity with UK and international regulatory frameworks in the US, Europe and Australia.
- Adept at translating complex regulatory or technical requirements into practical business-aligned risk management principles.
- Collaborative, adaptable, and capable of operating across time zones and cultures.
- Comfortable working with audit and compliance stakeholders during assessments, certifications, or investigations.
Core Values
We show up each day ready to take on the world. Our passion and intensity set us apart and makes the difference to our colleagues, customers, brokers and carriers.
Challenge everything:
We’re never afraid to question the way that things are done and we constantly challenge ourselves and others to makes things better.
Have fun, be good:
Insurance is a serious business, but we don’t take ourselves too seriously. We make it fun to work at CFC, we welcome all viewpoints, and we treat everyone how we would expect to be treated.
- Location:
- London, England, United Kingdom
- Salary:
- £150,000 - £200,000
- Job Type:
- FullTime
- Category:
- IT & Technology
We found some similar jobs based on your search
-
New Yesterday
First Line Security Risk Manager
-
London, England, United Kingdom
-
£150,000 - £200,000
- IT & Technology
First Line Security Risk Manager Department: IT Operations Employment Type: Permanent - Full Time Location: London Reporting To: Kirsty Kelly Description We are seeking a proactive and experienced First Line Security Risk Manager to lead the ...
More Details -
-
New Yesterday
First Line Security Risk Manager
-
London, England, United Kingdom
-
£150,000 - £200,000
- IT & Technology
Join to apply for the First Line Security Risk Manager role at CFC 2 days ago Be among the first 25 applicants Join to apply for the First Line Security Risk Manager role at CFC Get AI-powered advice on this job and more exclusive features. We ...
More Details -