National AI Awards 2025Discover AI's trailblazers! Join us to celebrate innovation and nominate industry leaders.

Nominate & Attend

First Line Security Risk Manager...

CFC
London
2 days ago
Create job alert

First Line Security Risk Manager

Department: IT Operations

Employment Type: Permanent - Full Time

Location: London

Reporting To: Kirsty Kelly

Description

We are seeking a proactive and experienced First Line Security Risk Manager to lead the implementation and management of information security risk practices across our organisation. In this role, you will be the first line of defense for security risk management and play a critical part in ensuring security governance, policy compliance, and operational risk ownership across business functions.

You will report directly to the Group CISO and work closely with business units, IT, compliance, and audit to ensure security risks are effectively identified, assessed, documented, and mitigated in line with our overall risk appetite.

About the role

The ideal manager for this position will lead and maintain the first line Information Security Risk Management function. Additionally, this person will be responsible for:

  • Conducting and documenting security risk assessments across systems, projects, and processes.
  • Owning and managing the Group security risk register, ensuring timely updates, mitigation tracking, and escalation where required.
  • Working closely with the 2nd line to manage security risks across the group.
  • Supporting the Group CISO in risk reporting to executive stakeholders.
  • Managing the exception to security policy process, including risk-based reviews, documentation, approvals, and renewals.
  • Liaising with business stakeholders to assess and document residual risk where security standards cannot be met
  • Supporting the creation, maintenance, and review of security policies and procedures to ensure alignment with regulatory, industry, and business requirements.
  • Mapping security policies to procedures and controls to ensure clear operational accountability.
  • Facilitating awareness and compliance of security policies across business units
  • And many other security-related activities!

    About you

    The ideal candidate for this position will have:

  • Hands-on experience managing risk assessments, policy exceptions, and governance processes.
  • Proven experience (minimum 5+ years) in security risk management, essential that this is within financial services or a regulated industry.
  • Strong understanding of information security principles, standards (e.g., ISO 27001, NIST), and regulatory requirements (e.g., NYDFS, GDPR).
  • Experience with risk and control frameworks (e.g., IRAM2, FAIR, COBIT) essential.
  • Working knowledge of global regulations: GDPR, DORA, APRA CPS 234, CCPA, etc.
  • Strong familiarity with UK and international regulatory frameworks in the US, Europe and Australia.
  • Adept at translating complex regulatory or technical requirements into practical business-aligned risk management principles.
  • Collaborative, adaptable, and capable of operating across time zones and cultures.
  • Comfortable working with audit and compliance stakeholders during assessments, certifications, or investigations.

    Core Values

    Love what you do:
    We show up each day ready to take on the world. Our passion and intensity set us apart and makes the difference to our colleagues, customers, brokers and carriers.

    Challenge everything:
    We’re never afraid to question the way that things are done and we constantly challenge ourselves and others to makes things better.

    Have fun, be good:
    Insurance is a serious business, but we don’t take ourselves too seriously. We make it fun to work at CFC, we welcome all viewpoints, and we treat everyone how we would expect to be treated.

    #J-18808-Ljbffr

Related Jobs

View all jobs

IT & Cyber Security Risk Manager

Principal Security Consultant (1-year Fixed Term)...

Third Party Risk Management Specialist

Security Operations Manager

Technical IT Manager

Cyber Vulnerability Analyst

National AI Awards 2025

Subscribe to Future Tech Insights for the latest jobs & insights, direct to your inbox.

By subscribing, you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Jobs

Cyber Security Jobs Salary Calculator 2025: Check Your Market Value in Seconds

Why yesterday’s pay survey no longer protects you. “Could I earn more at a managed SOC?” “Is that fintech’s offer really competitive?” Every UK cyber‑security professional asks some version of those questions—usually after another colleague lands a pay rise, a recruiter sends a tempting JD, or a fresh breach makes headline news. Yet salary guides published even last year feel as out‑of‑date as a forgotten antivirus signature. Since 2024, ransomware gangs switched to double‑extortion, deepfake phishing exploded, & the EU’s NIS2/DORA regulations bled into UK contracts despite Brexit. With each shift, salary bands move. To cut through stale averages, CybersecurityJobs.tech distilled a three‑factor formula that lets you estimate a realistic 2025 salary in under a minute. Feed in your role, your UK region, & your seniority level. The output arms you with data‑driven leverage for your next appraisal, job application, or freelance rate card. This article explains the formula, reveals the forces pushing cyber pay ever higher, & outlines five practical moves to boost your market value within ninety days.

Careers

How to Present Cyber Security Solutions to Non-Technical Audiences: A Public Speaking Guide for Job Seekers

Cyber security is no longer just an IT issue—it’s a board-level priority. Whether you’re applying for a role in penetration testing, security operations, risk management, or compliance, your ability to clearly explain cyber threats and solutions to non-technical stakeholders is vital. This guide will help cyber security job seekers develop one of the most in-demand soft skills in the industry: public speaking. You’ll learn how to simplify complex concepts, structure effective presentations, use storytelling and analogies, and handle common stakeholder questions with confidence.

Jobs

Cyber Security Jobs Employer Hotlist 2025: 50 UK Companies Actively Hiring Right Now

Bookmark this guide—refreshed every quarter—so you always know who’s really expanding their cyber security teams. Ransomware payouts broke records in 2024, the UK’s new Cyber Security Bill imposed mandatory breach disclosure, and the National Cyber Force’s move to Samlesbury has super‑charged the northern skills market. Result? Demand for security architects, SOC analysts, penetration testers, cloud‑security engineers, threat hunters & GRC specialists is at an all‑time high in 2025. Below you’ll find 50 organisations that have posted UK‑based cyber security vacancies or announced head‑count growth during the past eight weeks. They’re organised into five quick‑scan categories. For every employer you’ll see: Main UK hub Example live or recent vacancy Why it’s worth a look (tech stack, culture, mission) Search any company on CyberSecurityJobs.tech to view current ads, or set a free alert so fresh openings land straight in your inbox.

🍪 We use cookies to enhance your browsing experience on our website. By continuing to use this site, you consent to the use of cookies as described in our Cookie Policy. You can review our Cookie Policy for more information.