Head of Safety and Security
ARK
First-Line Security Risk Manager
CFC
full-time
Posted on:
Location Type: Hybrid
Location: London • 🇬🇧 United Kingdom
Visit company websiteJob Level
Mid-LevelSenior
About the role
- Lead implementation and management of information security risk practices as the first line of defense across the organisation.
- Report directly to the Group CISO and work closely with business units, IT, compliance, and audit to manage security risk.
- Conducting and documenting security risk assessments across systems, projects, and processes.
- Own and manage the Group security risk register, ensuring timely updates, mitigation tracking, and escalation where required.
- Work closely with the 2nd line to manage security risks across the group and support Group CISO in risk reporting to executive stakeholders.
- Manage the exception to security policy process, including risk-based reviews, documentation, approvals, and renewals.
- Liaise with business stakeholders to assess and document residual risk where security standards cannot be met.
- Support the creation, maintenance, and review of security policies and procedures; map policies to procedures and controls to ensure operational accountability.
- Facilitate awareness and compliance of security policies across business units and perform other security-related activities.
Requirements
- Hands-on experience managing risk assessments, policy exceptions, and governance processes.
- Proven experience (minimum 5+ years) in security risk management, within financial services or a regulated industry.
- Strong understanding of information security principles, standards (e.g., ISO 27001, NIST), and regulatory requirements (e.g., NYDFS, GDPR).
- Experience with risk and control frameworks (e.g., IRAM2, FAIR, COBIT).
- Working knowledge of global regulations: GDPR, DORA, APRA CPS 234, CCPA, etc.
- Strong familiarity with UK and international regulatory frameworks in the US, Europe and Australia.
- Adept at translating complex regulatory or technical requirements into practical business-aligned risk management principles.
- Collaborative, adaptable, and capable of operating across time zones and cultures.
- Comfortable working with audit and compliance stakeholders during assessments, certifications, or investigations.
Benefits
- Love what you do: We show up each day ready to take on the world. Our passion and intensity set us apart and makes the difference to our colleagues, customers, brokers and carriers.
- Challenge everything: We’re never afraid to question the way that things are done and we constantly challenge ourselves and others to makes things better.
- Have fun, be good: Insurance is a serious business, but we don’t take ourselves too seriously. We make it fun to work at CFC, we welcome all viewpoints, and we treat everyone how we would expect to be treated.
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
security risk managementrisk assessmentspolicy exceptionsgovernance processesinformation security principlesISO 27001NISTrisk and control frameworksIRAM2FAIR
Soft skills
collaborativeadaptablecommunicationoperating across time zonestranslating complex requirements
Similar jobs on JobTailor
Senior Cloud Security Engineer
Freetrade
CloudCyber SecurityGoGoogle Cloud PlatformPythonSDLC
Senior Security Engineer – Developer
Our Future Health UK
AWSAzureCloudDockerGoogle Cloud PlatformKubernetesPythonTerraform
Staff Security Engineer
Codat
AWSAzureCloudDNSTerraform
Cyber Security Architect
UBDS
AWSAzureCloudFirewallsMicroservices