Overview

We are seeking a highly motivated and experienced Senior Manager of Risk to lead our cyber risk and third-party risk management functions within the Cyber Governance, Risk & Compliance (GRC) team. This individual will manage a small team of risk professionals and be responsible for building, embedding, and continuously improving the organisation’s cyber risk management framework, ensuring effective oversight of third-party and supplier risks, and supporting executive and board-level reporting.

Key Responsibilities

Cyber Risk Management

• Lead the development, implementation, and ongoing maturity of the cyber risk management framework.
• Oversee risk identification, assessment, treatment, and monitoring across all cyber domains.
• Provide risk insights and reporting to senior leadership, risk committees, and the board.
• Partner with business and technology teams to ensure risks are effectively understood, prioritised, and mitigated.
• Drive risk culture awareness, ensuring risk management principles are embedded across the organisation.

Third-Party Risk Management

• Oversee the third-party risk management (TPRM) programme, including onboarding, due diligence, and ongoing monitoring of suppliers.
• Define risk appetite, assurance requirements, and contractual controls for third-party cyber security.
• Partner with procurement, legal, and business teams to ensure suppliers meet security and compliance requirements.
• Provide risk assessments, recommendations, and remediation guidance to business stakeholders.
• Escalate material supplier risks and lead risk acceptance discussions where required.

Leadership & Team Management

• Manage, coach, and develop a small team of cyber risk and third-party risk professionals.
• Allocate workload effectively and foster a high-performance culture.
• Support professional development and provide clear career growth pathways.
• Act as a senior subject matter expert and escalation point within the Cyber GRC function

Key Skills & Experience

• Proven experience in cyber risk management and/or third-party risk management, ideally within financial services, technology, or a regulated industry.
• Strong understanding of risk management frameworks (e.g., ISO 31000, NIST CSF, FAIR, ISO 27005).
• Experience in third-party/vendor risk management practices, frameworks, and tools.
• Excellent leadership, team management, and stakeholder engagement skills.
• Strong analytical, problem-solving, and decision-making abilities.
• Ability to produce clear, concise, and executive-ready risk reporting.
• Professional certifications desirable (e.g., CRISC, CISM, CISSP, CISA).

Who we are

At Pearson, our purpose is simple: to help people realize the life they imagine through learning. We believe that every learning opportunity is a chance for a personal breakthrough. We are the world's lifelong learning company. For us, learning isn't just what we do. It's who we are. To learn more: We are Pearson.

Equal Opportunity Statement

Pearson is an Equal Opportunity Employer and a member of E-Verify. Employment decisions are based on qualifications, merit and business need. Qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, sexual orientation, gender identity, gender expression, age, national origin, protected veteran status, disability status or any other group protected by law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act.

If you are an individual with a disability and are unable or limited in your ability to use or access our career site as a result of your disability, you may request reasonable accommodations by emailing TalentExperienceGlobalTeam@grp.pearson.com.