First Line Security Risk Manager

First Line Security Risk Manager

We are seeking a proactive and experienced First Line Security Risk Manager to lead the implementation and management of information security risk practices across our organisation. In this role, you will be the first line of defense for security risk management and play a critical part in ensuring security governance, policy compliance, and operational risk ownership across business functions.

You will report directly to the Group CISO and work closely with business units, IT, compliance, and audit to ensure security risks are effectively identified, assessed, documented, and mitigated in line with our overall risk appetite. Department IT Operations Employment Type Permanent - Full Time Location London Workplace type Hybrid Reporting To Kirsty Kelly

About the role

The ideal manager for this position will lead and maintain the first line Information Security Risk Management function. Additionally, this person will be responsible for:


Conducting and documenting security risk assessments across systems, projects, and processes.

Owning and managing the Group security risk register, ensuring timely updates, mitigation tracking, and escalation where required.

Working closely with the 2nd line to manage security risks across the group. 

Supporting the Group CISO in risk reporting to executive stakeholders.

Managing the exception to security policy process, including risk-based reviews, documentation, approvals, and renewals.

Liaising with business stakeholders to assess and document residual risk where security standards cannot be met

Supporting the creation, maintenance, and review of security policies and procedures to ensure alignment with regulatory, industry, and business requirements.

Mapping security policies to procedures and controls to ensure clear operational accountability.

Facilitating awareness and compliance of security policies across business units

And many other security-related activities!

About you

The ideal candidate for this position will have:

Hands-on experience managing risk assessments, policy exceptions, and governance processes.

Proven experience (minimum 5+ years) in security risk management, essential that this is within financial services or a regulated industry.

Strong understanding of information security principles, standards (e.g., ISO 27001, NIST), and regulatory requirements (e.g., NYDFS, GDPR).

Experience with risk and control frameworks (e.g., IRAM2, FAIR, COBIT) essential. 

Working knowledge of global regulations: GDPR, DORA, APRA CPS 234, CCPA, etc.

Strong familiarity with UK and international regulatory frameworks in the US, Europe and Australia.

Adept at translating complex regulatory or technical requirements into practical business-aligned risk management principles.

Collaborative, adaptable, and capable of operating across time zones and cultures.

Comfortable working with audit and compliance stakeholders during assessments, certifications, or investigations.

Core Values

Love what you do:
We show up each day ready to take on the world. Our passion and intensity set us apart and makes the difference to our colleagues, customers, brokers and carriers.

Challenge everything:
We’re never afraid to question the way that things are done and we constantly challenge ourselves and others to makes things better.

Have fun, be good:
Insurance is a serious business, but we don’t take ourselves too seriously. We make it fun to work at CFC, we welcome all viewpoints, and we treat everyone how we would expect to be treated.

About CFC

CFC is a specialist insurance provider, pioneering emerging risk and market leader in cyber. Our global insurance platform uses cutting-edge technology and data science to deliver smarter, faster underwriting and protect customers from today's most critical business risk.


Headquartered in London with offices in New York, Austin, Brussels and Brisbane, CFC has over 950 staff and is trusted by more than 100,000 businesses across 90 countries.


At CFC, insurance isn't just about underwriting. From data science to software development, and digital marketing design, we've got something for everyone. We're passionate about pushing boundaries, thinking differently and building the insurance company of the future.

CFC is committed to the principles of equal opportunities and creating an environment in which all individuals are always treated with dignity and respect. We encourage a diverse corporate culture of openness and appreciation to create an environment in which your talent can be developed in the best possible way. Should you require any reasonable adjustments at any stage of the recruitment process please let us know.

Our Hiring Process

Stage 2:

Phone screening

Stage 3:

First stage interview

Stage 4:

Second stage interview

Stage 5:

Hired

Stage 1:

Applied

Stage 2:

Phone screening

Stage 3:

First stage interview

Stage 4:

Second stage interview

Stage 5:

Hired

Stage 1:

Applied

Stage 2:

Phone screening

Stage 3:

First stage interview

Stage 4:

Second stage interview

Stage 5:

Hired

Don't worry if you don't see any roles you want to apply for now. Register your interest so we can contact you when a suit role comes along