CFC

Security Risk Manager, First Line

CFC

full-time

Posted on:

Origin:  • 🇬🇧 United Kingdom

Visit company website
AI Apply
Apply

Job Level

Mid-LevelSenior

About the role

  • Lead and maintain the first line Information Security Risk Management function across the organisation.
  • Act as the first line of defense for security risk management, ensuring security governance, policy compliance, and operational risk ownership across business functions.
  • Report directly to the Group CISO and work closely with business units, IT, compliance, and audit to ensure security risks are effectively identified, assessed, documented, and mitigated in line with risk appetite.
  • Conduct and document security risk assessments across systems, projects, and processes.
  • Own and manage the Group security risk register, ensuring timely updates, mitigation tracking, and escalation where required.
  • Work closely with the 2nd line to manage security risks across the group and support risk reporting to executive stakeholders.
  • Manage the exception to security policy process, including risk-based reviews, documentation, approvals, and renewals.
  • Liaise with business stakeholders to assess and document residual risk where security standards cannot be met.
  • Support the creation, maintenance, and review of security policies and procedures and map policies to procedures and controls to ensure operational accountability.
  • Facilitate awareness and compliance of security policies across business units.

Requirements

  • Hands-on experience managing risk assessments, policy exceptions, and governance processes.
  • Proven experience (minimum 5+ years) in security risk management, essential that this is within financial services or a regulated industry.
  • Strong understanding of information security principles, standards (e.g., ISO 27001, NIST), and regulatory requirements (e.g., NYDFS, GDPR).
  • Experience with risk and control frameworks (e.g., IRAM2, FAIR, COBIT) essential.
  • Working knowledge of global regulations: GDPR, DORA, APRA CPS 234, CCPA, etc.
  • Strong familiarity with UK and international regulatory frameworks in the US, Europe and Australia.
  • Adept at translating complex regulatory or technical requirements into practical business-aligned risk management principles.
  • Collaborative, adaptable, and capable of operating across time zones and cultures.
  • Comfortable working with audit and compliance stakeholders during assessments, certifications, or investigations.
CFC

Security Risk Manager, First Line

CFC
Mid · Seniorfull-time🇬🇧 United Kingdom
Posted: 21 days agoSource: cfc.pinpointhq.com
CFC

First-Line Security Risk Manager

CFC
Mid · Seniorfull-time🇬🇧 United Kingdom
Posted: 21 hours agoSource: cfc.pinpointhq.com
CFC

Security Risk Manager – First Line

CFC
Mid · Seniorfull-time🇬🇧 United Kingdom
Posted: 20 days agoSource: cfc.pinpointhq.com
CFC

First-Line Security Risk Manager

CFC
Mid · Seniorfull-time🇬🇧 United Kingdom
Posted: 26 days agoSource: cfc.pinpointhq.com
Doppel

Senior GRC Analyst

Doppel
Seniorfull-time$120k–$140k / year🇺🇸 United States
Posted: 7 days agoSource: jobs.ashbyhq.com
AWSAzureCloudCyber SecurityGoogle Cloud PlatformSDLC