Head of Cyber Risk

Sorry, applications for this particular Job have now closed.

Head of Cyber Risk required for global financial services firm. You will lead the organization’s efforts to identify, assess, and mitigate cyber-related risks across the enterprise. This role is responsible for developing and implementing a comprehensive cyber risk framework, aligning with business goals, regulatory expectations, and evolving threat landscapes. You will collaborate closely with IT, compliance, security, and executive leadership to ensure a strong cyber risk posture and informed decision-making. This is more hands-on as opposed to managerial.

• Strategic Leadership:
  • Develop and own the enterprise-wide cyber risk management strategy and roadmap.
  • Advise senior leadership and the board on emerging cyber risks, threats, and regulatory requirements.
  • Represent the cyber risk function in risk committees, regulatory meetings, and board-level discussions.
• Design and maintain a cyber risk management framework that aligns with industry standards (eg, NIST, ISO 27005, FAIR).
• Define and monitor key cyber risk indicators (KRIs) and risk appetite metrics.
• Oversee regular cyber risk assessments, scenario planning, and risk reporting.
• Collaborate with cybersecurity, IT, and business units to identify and remediate cyber risk exposures.
• Ensure appropriate controls, policies, and procedures are in place and tested.
• Lead cyber risk input into third-party risk, data privacy, and cloud governance programs.
• Regulatory & Compliance:
  • Ensure compliance with relevant laws and frameworks (eg, GDPR, DORA, NIS2, SOX, PCI-DSS).
  • Prepare and support audits, risk assessments, and regulatory reviews.
• Team & Culture Building:
  • Build and lead a high-performing cyber risk team.
  • Drive a risk-aware culture through training, awareness, and engagement across the organization.
• Qualifications & Experience:
  • Experience in cybersecurity, risk management, or IT governance, with strong experience in a leadership role for a global financial organisation.
  • Strong understanding of cybersecurity frameworks, threat intelligence, and digital risk management.
  • Degree in Information Security, Risk Management, Computer Science, or a related field. Professional certifications such as CISSP, CISM, CRISC, or equivalent are highly desirable.

We seek individuals from a diverse talent pool and encourage applicants from underrepresented groups to apply to our vacancies. Our commitment to fair recruitment processes means that we welcome applicants from all backgrounds, regardless of their lived experience or personal characteristics. We also invite applicants who meet most of the listed requirements, even if not all, to apply. If you require any adjustments to the application process, please let us know.

Barclay Simpson acts as an Employment Agency for permanent positions and an Employment Business for temporary/contract engagements.