National AI Awards 2025Discover AI's trailblazers! Join us to celebrate innovation and nominate industry leaders.

Nominate & Attend

First Line Security Risk Manager

CFC
London
1 week ago
Create job alert

First Line Security Risk Manager Department: IT Operations
Employment Type: Permanent - Full Time
Location: London
Reporting To: Kirsty Kelly

Description We are seeking a proactive and experienced First Line Security Risk Manager to lead the implementation and management of information security risk practices across our organisation. In this role, you will be the first line of defense for security risk management and play a critical part in ensuring security governance, policy compliance, and operational risk ownership across business functions.

You will report directly to the Group CISO and work closely with business units, IT, compliance, and audit to ensure security risks are effectively identified, assessed, documented, and mitigated in line with our overall risk appetite.
About the role The ideal manager for this position will lead and maintain the first line Information Security Risk Management function. Additionally, this person will be responsible for:

Conducting and documenting security risk assessments across systems, projects, and processes.
Owning and managing the Group security risk register, ensuring timely updates, mitigation tracking, and escalation where required.
Working closely with the 2nd line to manage security risks across the group.
Supporting the Group CISO in risk reporting to executive stakeholders.
Managing the exception to security policy process, including risk-based reviews, documentation, approvals, and renewals.
Liaising with business stakeholders to assess and document residual risk where security standards cannot be met
Supporting the creation, maintenance, and review of security policies and procedures to ensure alignment with regulatory, industry, and business requirements.
Mapping security policies to procedures and controls to ensure clear operational accountability.
Facilitating awareness and compliance of security policies across business units
And many other security-related activities!

About you The ideal candidate for this position will have: Hands-on experience managing risk assessments, policy exceptions, and governance processes.
Proven experience (minimum 5+ years) in security risk management, essential that this is within financial services or a regulated industry.
Strong understanding of information security principles, standards (e.g., ISO 27001, NIST), and regulatory requirements (e.g., NYDFS, GDPR).
Experience with risk and control frameworks (e.g., IRAM2, FAIR, COBIT) essential.
Working knowledge of global regulations: GDPR, DORA, APRA CPS 234, CCPA, etc.
Strong familiarity with UK and international regulatory frameworks in the US, Europe and Australia.
Adept at translating complex regulatory or technical requirements into practical business-aligned risk management principles.
Collaborative, adaptable, and capable of operating across time zones and cultures.
Comfortable working with audit and compliance stakeholders during assessments, certifications, or investigations.

Core Values Love what you do:
We show up each day ready to take on the world. Our passion and intensity set us apart and makes the difference to our colleagues, customers, brokers and carriers.

Challenge everything:
We’re never afraid to question the way that things are done and we constantly challenge ourselves and others to makes things better.

Have fun, be good:
Insurance is a serious business, but we don’t take ourselves too seriously. We make it fun to work at CFC, we welcome all viewpoints, and we treat everyone how we would expect to be treated.
#J-18808-Ljbffr

Related Jobs

View all jobs

Cyber Security Risk Manager - HMRC - SEO

Hr Advisor

Information Security Consultant - ISO27002 / GRC

Vulnerability Analyst

Cyber Security Analyst

IT Operations Manager - Fixed Term Contract

National AI Awards 2025

Subscribe to Future Tech Insights for the latest jobs & insights, direct to your inbox.

By subscribing, you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Jobs Careers

Return-to-Work Pathways: Relaunch Your Cyber Security Career with Returnships, Flexible & Hybrid Roles

Re-entering the workforce after a career break can feel especially challenging in a fast-moving field like cyber security. Whether you stepped away for parenting, caregiving or another life chapter, the UK’s cyber security sector now offers a range of return-to-work pathways—from structured returnships to flexible and hybrid roles. These programmes value the transferable skills and resilience you’ve developed during your break, pairing you with mentorship, upskilling opportunities and supportive networks to ease your transition back into cyber security. In this article, tailored for parents and carers, you’ll discover how to: Understand the growing demand for cyber security talent in the UK Translate your organisational, communication and problem-solving skills into cyber security roles Tackle common re-entry challenges with practical solutions Refresh your technical knowledge through targeted learning Access returnship and re-entry programmes specific to cyber security Find roles that accommodate family commitments—whether hybrid, flexible or full-time Balance your career relaunch with caring responsibilities Master applications, interviews and networking in cyber security Draw inspiration from real returner success stories Whether you aim to return as an analyst, penetration tester, security engineer or compliance specialist, this guide will equip you with the steps and resources to reignite your cyber security career.

Jobs

LinkedIn Profile Checklist for Cybersecurity Jobs: 10 Tweaks to Supercharge Recruiter Engagement

In the ever-evolving realm of cybersecurity, having a LinkedIn profile that reflects both your technical prowess and threat-hunting acumen is vital. Organisations are on the lookout for professionals skilled in penetration testing, incident response, security architecture and compliance. With hiring managers scanning dozens of profiles daily, your profile needs to not just rank in searches but convey your expertise in safeguarding digital assets. This step-by-step LinkedIn for cybersecurity jobs checklist offers ten practical tweaks to supercharge recruiter engagement. Whether you’re an aspiring security analyst, a seasoned penetration tester or a chief information security officer aiming for board-level roles, these actionable optimisations will sharpen your LinkedIn presence and position you as a top infosec candidate.

Education

Part-Time Study Routes That Lead to Cyber Security Jobs: Evening Courses, Bootcamps & Online Masters

The frequency and sophistication of cyber-attacks have exploded in recent years, making cyber security one of the UK’s most in-demand skill sets. From safeguarding NHS patient data to defending FTSE 100 financial systems, organisations across sectors require qualified professionals—penetration testers, security analysts, incident responders and security architects—to protect critical infrastructure. Yet many professionals cannot pause their careers to upskill full time. Fortunately, an ecosystem of part-time learning pathways—evening courses, intensive bootcamps and flexible online master’s programmes—enables you to learn cyber security while working. This comprehensive guide explores every route: foundational CPD, immersive bootcamps, accredited online MScs, plus funding options, planning strategies and a real-world case study. Whether you’re an IT support technician, a software developer or a compliance manager aiming to pivot into security, you’ll discover how to build expertise at your own pace.

🍪 We use cookies to enhance your browsing experience on our website. By continuing to use this site, you consent to the use of cookies as described in our Cookie Policy. You can review our Cookie Policy for more information.