We are currently looking for a Security Risk Manager for one of our key clients in financial services. The role reports to the Head of Cyber Security Risk within the CISO function. This is a part time position, 2-3 days per week and will be fully remote.
The Security Risk Manager will be responsible for managing cyber security risk services within the CISO function. As CISO is a team of teams of specialists, the Risk role is therefore key in providing a holistic view of cyber risks across all security domains and across the entire Business, helping to make better, more informed decisions.
The role is responsible for managing, developing and delivering the following services:
- Operational Cyber Risk Management: Be the key cyber risk partner and ensure cyber risks are identified, kept up to date and are being acted on by the right people. Enable this through a Framework of policy and process, underpinned by IT tools and expert personnel.
- Third Party Cyber Risk Management: Design and run an overarching Framework for managing third-party cyber risks. Enable all functions operating any third-party risk services to align with this cyber Framework.
- Cyber Audits: Lead the engagement with external partners who need to audit or assess cyber capabilities.
Responsibilities
- Developing and operating a framework for Operational Cyber Risk Management.
- Managing the risks associated with the use of third parties
- Cyber Security operational risks as understood and adequately managed
- Third party obligations are understood and adequately managed
- Will provide recommendations and influence our strategy and approach to management of cyber risk
Skills and Experience Required
- A strong track record of managing cyber security risk in a technologically diverse organisation.
- Experience of managing third party cyber security risks in a medium to large organisation, including contractual security obligations.
- Strong understanding of risk management frameworks