Senior Manager Information Security

Role Overview

We are seeking a highly motivated and experienced Senior Manager of Risk to lead our cyber risk and third-party risk management functions within the Cyber Governance, Risk & Compliance (GRC) team. This individual will manage a small team of risk professionals and be responsible for building, embedding, and continuously improving the organisation's cyber risk management framework, ensuring effective oversight of third-party and supplier risks, and supporting executive and board-level reporting.

• Lead the development, implementation, and ongoing maturity of the cyber risk management framework.
• Oversee risk identification, assessment, treatment, and monitoring across all cyber domains.
• Provide risk insights and reporting to senior leadership, risk committees, and the board.
• Partner with business and technology teams to ensure risks are effectively understood, prioritised, and mitigated.
• Drive risk culture awareness, ensuring risk management principles are embedded across the organisation.

• Oversee the third-party risk management (TPRM) programme, including onboarding, due diligence, and ongoing monitoring of suppliers.
• Define risk appetite, assurance requirements, and contractual controls for third-party cyber security.
• Partner with procurement, legal, and business teams to ensure suppliers meet security and compliance requirements.
• Provide risk assessments, recommendations, and remediation guidance to business stakeholders.
• Escalate material supplier risks and lead risk acceptance discussions where required.

• Manage, coach, and develop a small team of cyber risk and third-party risk professionals.
• Allocate workload effectively and foster a high-performance culture.
• Support professional development and provide clear career growth pathways.
• Act as a senior subject matter expert and escalation point within the Cyber GRC function

• Proven experience in cyber risk management and/or third-party risk management, ideally within financial services, technology, or a regulated industry.
• Strong understanding of risk management frameworks (e.g., ISO 31000, NIST CSF, FAIR, ISO 27005).
• Experience in third-party/vendor risk management practices, frameworks, and tools.
• Excellent leadership, team management, and stakeholder engagement skills.
• Strong analytical, problem-solving, and decision-making abilities.
• Ability to produce clear, concise, and executive-ready risk reporting.
• Professional certifications desirable (e.g., CRISC, CISM, CISSP, CISA).