Cyber Security Risk Manager

Cyber Security Risk Manager required to join a globally recognised SaaS company in Edinburgh, leading the governance, risk, and compliance (GRC) function and helping shape cyber security strategy in a cutting edge environment.

This is a modern, globally recognised SaaS company operating at the forefront of data analytics. Their datasets are relied upon by clients to make very high stakes decisions, making security critical both for the business and the clients it serves. With a strong focus on innovation, they deliver high value insights that enable fast, confident decision making in complex markets.

Security is integral to the company’s operations, safeguarding platforms, data, and users against evolving cyber threats. The business is currently enhancing its risk management program, providing a unique opportunity to shape processes, influence strategy, and drive tangible results. You’ll join a collaborative and transparent team that values open communication, shared success, and measurable impact.

As Cyber Risk Manager, you will lead the maturity and execution of the governance, risk, and compliance (GRC) function. You will ensure the business has clear visibility of its cyber risk exposure and the processes in place to respond effectively.

You will oversee the enterprise risk register, manage the risk exception process, and drive SOC 2 readiness initiatives. Partnering with IT, architecture, SRE, and procurement teams, you’ll translate complex technical risks into actionable business decisions and provide senior leaders with clear, data driven insights. You will also align the company with leading industry frameworks such as NIST CSF, NIST 800 53, and SOC 2, helping advance its risk maturity.

• Lead and continuously improve the cyber risk management program, including oversight of the enterprise risk register.
• Manage risk exceptions and ensure timely review, tracking, and remediation of risks.
• Drive SOC 2 readiness activities and collaborate with auditors and internal stakeholders to ensure compliance.
• Develop and enforce cybersecurity governance policies, standards, and procedures aligned with industry frameworks.
• Work with IT, SRE, Architecture, and Procurement teams to identify, assess, and mitigate technology and third party risks.
• Provide clear, actionable reporting and metrics to senior leadership, translating technical risks into business impact.
• Act as a trusted advisor to business leaders, balancing security requirements with operational objectives.

• We’re seeking a proactive cyber professional with proven experience in risk management ideally within a SaaS or technology environment. You’ll be confident managing enterprise risk registers, internal audits, and exception processes, with a strong ability to influence stakeholders across IT and the business.
• 5+ years in cybersecurity risk management, GRC, or equivalent senior role.
• Hands on experience with NIST CSF, NIST 800 53, SOC 2, and risk frameworks.
• Experience in SOC 2 audit readiness and execution.
• Knowledge of enterprise GRC tools such as ServiceNow, Archer, or Purview Compliance Manager.
• Strong analytical skills with the ability to turn data into actionable insights.
• Excellent communication skills, able to engage technical teams and senior business leaders.
• A collaborative, transparent, and solutions focused mindset.

You’ll receive a competitive salary of up to £70,000, plus bonus opportunity and a comprehensive benefits package including private healthcare, enhanced pension, generous leave, and wellness support.

The role offers flexible hybrid working, with just two days per week onsite in a modern, Edinburgh city centre office.

If this sounds of interest, please apply or reach out to Murray Simpson.