CFC

Security Risk Manager, First Line

CFC

full-time

Posted on:

Origin:  • 🇬🇧 United Kingdom

Visit company website
AI Apply
Manual Apply

Job Level

Mid-LevelSenior

About the role

  • Lead the implementation and management of information security risk practices across the organisation.
  • Act as the first line of defense for security risk management and ensure security governance, policy compliance, and operational risk ownership across business functions.
  • Report directly to the Group CISO and work closely with business units, IT, compliance, and audit to ensure security risks are effectively identified, assessed, documented, and mitigated.
  • Conduct and document security risk assessments across systems, projects, and processes.
  • Own and manage the Group security risk register, ensuring timely updates, mitigation tracking, and escalation where required.
  • Work closely with the 2nd line to manage security risks across the group.
  • Support the Group CISO in risk reporting to executive stakeholders.
  • Manage the exception to security policy process, including risk-based reviews, documentation, approvals, and renewals.
  • Liaise with business stakeholders to assess and document residual risk where security standards cannot be met.
  • Support the creation, maintenance, and review of security policies and procedures to ensure alignment with regulatory, industry, and business requirements.
  • Map security policies to procedures and controls to ensure clear operational accountability.
  • Facilitate awareness and compliance of security policies across business units.

Requirements

  • Hands-on experience managing risk assessments, policy exceptions, and governance processes.
  • Proven experience (minimum 5+ years) in security risk management, essential that this is within financial services or a regulated industry.
  • Strong understanding of information security principles, standards (e.g., ISO 27001, NIST), and regulatory requirements (e.g., NYDFS, GDPR).
  • Experience with risk and control frameworks (e.g., IRAM2, FAIR, COBIT) essential.
  • Working knowledge of global regulations: GDPR, DORA, APRA CPS 234, CCPA, etc.
  • Strong familiarity with UK and international regulatory frameworks in the US, Europe and Australia.
  • Adept at translating complex regulatory or technical requirements into practical business-aligned risk management principles.
  • Collaborative, adaptable, and capable of operating across time zones and cultures.
  • Comfortable working with audit and compliance stakeholders during assessments, certifications, or investigations.