Overview

Join to apply for the Information Security Manager role at Specialist Risk Group

The IT Risk Manager is responsible leading the development, implementation, and maintenance of a robust information security programme in alignment with regulatory requirements, industry best practices, and business objectives. The ideal candidate will have deep expertise in risk management, compliance, cybersecurity frameworks, and technology governance, in a regulated financial services industry.

Responsibilities

• Information Security Programme Management
  
  
  
  • Develop, implement, and maintain security policies, standards, and procedures in line with ISO 27001, NIST, FFIEC, and other relevant frameworks.
  
  
  • Ensure alignment of security strategies with business goals and regulatory obligations (e.g., FCA, PRA, GDPR, SOX, GLBA).
  
  
  • Manage the company’s information security risk register and conduct regular risk assessments.
  
  
  • Lead internal and external security audits, and ensure timely remediation of findings.
  
  
  • Monitor and enforce compliance with data protection regulations and cybersecurity laws.
  
  
  • Lead incident response efforts, including detection, investigation, containment, and recovery.
  
  
  • Coordinate with legal, compliance, and executive teams during security incidents or data breaches.
  
  
  • Conduct post-incident reviews and implement lessons learned.
  
  
  
  


• Third-Party Risk Management
  
  
  
  • Oversee vendor security assessments and ensure third-party providers meet security requirements.
  
  
  • Review and negotiate security clauses in contracts and SLAs.
  
  
  
  


• Security Operations
  
  
  
  • Oversee daily security operations including vulnerability management, access control, endpoint security, and network monitoring.
  
  
  • Collaborate with IT and infrastructure teams to implement technical controls and solutions (e.g., SIEM, DLP, EDR, IAM).
  
  
  • Build and develop a (new) information security team.
  
  
  • Manage and mentor security analysts or junior team members.
  
  
  • Drive security awareness training and phishing simulations across the organisation.
  
  
  
  


• Reporting & Metrics
  
  
  
  • Prepare and deliver regular reports on security posture, incidents, and KPIs to senior leadership and regulatory bodies.
  
  
  • Advise executives on emerging threats and risk mitigation strategies.
  
  
  
  

Skills & Experience

• Strong leadership and stakeholder management skills.


• Excellent analytical and problem-solving abilities.


• Strong written and verbal communication; able to articulate complex issues to both technical and non-technical audiences


• Proven ability to manage multiple priorities and projects in a fast-paced, high-stakes environment.


• High level of integrity and discretion when handling sensitive information.


• Bachelor’s degree in Information Security, Computer Science, or related field.


• 5+ years of experience in information security, including at least 2 years in a managerial or leadership role.


• Experience working in a regulated financial services environment.


• Knowledge of relevant regulations and standards (e.g., FCA, PRA, GDPR, PCI-DSS, SOX, DORA).


• Master’s degree or MBA with a focus on information assurance or risk management.


• Experience with cloud security (AWS, Azure) and DevSecOps.


• Familiarity with identity and access management (IAM), security architecture, and threat intelligence.


• Experience of delivering operational resilience programmes.

What We Offer

• Competitive salary and benefits package


• Opportunity to work in a growing, digitally-focused brokerage


• Professional development and training support


• Hybrid working model and flexible hours