Security Risk Manager – Part Time

Senior Security Risk Manager required for market-leading financial services firm. You will be responsible for managing the organisation’s cyber security risk services within the CISO function. The role is key in providing a holistic view of the organisation’s cyber risks across all security domains and across the entire business. The primary focus will be maintaining the risk register and leading on collating information for cyber audits.

Outline:

Operational Cyber Risk Management: Be a key cyber risk partner to Business Departments. Ensure the organisation’s cyber risks are identified, kept up to date and are being acted on by the right people. Enable this through a Framework of policy and process, underpinned by IT tools and expert personnel.

Third-Party Cyber Risk Management:  Design and run an overarching Framework for managing the organisation’s third-party cyber risks. Enable all functions operating any third-party risk services to align with this cyber framework. Run an annual review of key suppliers to ensure their security obligations to the organisation are being delivered.

Cyber Audits: Lead the engagement with external partners of the firm who need to audit or assess the firm’s cyber capabilities.  Promote and provide a holistic and positive perspective of cyber security.

The role will support the Head of Cyber Risk and lead a small internal team augmented and complemented by security services and resources supplied by both the broader CISO function and strategic external security partners.

Responsibilities:

• Ensure Cyber Security operational risks are understood and adequately managed
• Update and ensure the accuracy of the risk register
• Produce reports, generate metrics, and ensure QA on risks.
• Liaise with internal teams and face off with internal and external auditors
• Manage the risks associated with the use of third parties and their obligations towards affinity partner
• Deliver reviews of key third-party suppliers
• Develop and operate the framework for Operational Cyber Risk Management

As an ideal candidate, you will have an industry certification such as CISSP/CISM/CRISC and have expert knowledge of Information Security Risk.  You will also have a proven track record of successful delivery in a similar role.

Please note: This is a part-time role with a 2-3 day a week commitment. There is flexibility on which days as long as deadlines are met. The contract length is estimated at 2 months.