First Line Security Risk Manager

Department: IT Operations

Employment Type: Permanent - Full Time

Location: London

Reporting To: Kirsty Kelly

• Conducting and documenting security risk assessments across systems, projects, and processes.
• Owning and managing the Group security risk register, ensuring timely updates, mitigation tracking, and escalation where required.
• Working closely with the 2nd line to manage security risks across the group.
• Supporting the Group CISO in risk reporting to executive stakeholders.
• Managing the exception to security policy process, including risk-based reviews, documentation, approvals, and renewals.
• Liaising with business stakeholders to assess and document residual risk where security standards cannot be met
• Supporting the creation, maintenance, and review of security policies and procedures to ensure alignment with regulatory, industry, and business requirements.
• Mapping security policies to procedures and controls to ensure clear operational accountability.
• Facilitating awareness and compliance of security policies across business units
• And many other security-related activities!

• Hands-on experience managing risk assessments, policy exceptions, and governance processes.
• Proven experience (minimum 5+ years) in security risk management, essential that this is within financial services or a regulated industry.
• Strong understanding of information security principles, standards (e.g., ISO 27001, NIST), and regulatory requirements (e.g., NYDFS, GDPR).
• Experience with risk and control frameworks (e.g., IRAM2, FAIR, COBIT) essential.
• Working knowledge of global regulations: GDPR, DORA, APRA CPS 234, CCPA, etc.
• Strong familiarity with UK and international regulatory frameworks in the US, Europe and Australia.
• Adept at translating complex regulatory or technical requirements into practical business-aligned risk management principles.
• Collaborative, adaptable, and capable of operating across time zones and cultures.
• Comfortable working with audit and compliance stakeholders during assessments, certifications, or investigations.