Information Security Risk Manager

Job Title: Information Security Risk Manager

Location: London

About Our Client: We are working with one of the UK's leading pensions insurance specialist, dedicated to protecting pension schemes and their members' pensions.

Role Overview: The Information Security Risk Manager will play a pivotal role in supporting their Information Security and Technology Governance and Risk functions. This position is part of the Chief Information Security Office and is crucial in implementing their firmwide strategy within the Information Security team. The role involves managing security standards across processes, systems, and third parties, ensuring assurance checks on external supply chains and internal controls. One of the main focuses will be to drive the development of their proprietary systems both locally and in the cloud, ensuring they remain at the forefront of security and innovation in the pensions insurance sector.

Key Responsibilities:

• Oversee daily Information Security Risk processes, focusing on risk identification and reduction activities.
• Support compliance efforts, including ISO22301 and ISO27001 re-certification.
• Review and develop security policies and standards in line with industry standards, regulatory requirements, and the current threat environment.
• Implement security processes for assurance activities, including risk issue management, third-party risk assurance, and security criteria for projects.
• Produce regular security reporting dashboards and packs for governance groups.
• Develop, monitor, and report key indicators (KPIs/KRIs/KCIs).
• Assist with compliance and legal initiatives related to Information Security and operational risk processes such as RCSA, Threat Modelling, and Incident Management.
• Evaluate and procure new security services, technologies, and systems.

Skills and Experience:

• In-depth knowledge of Information Security, data privacy, and risk management principles.
• Familiarity with regulations, audit, and certification processes.
• Understanding of modern Internet technologies and ability to assess technical findings in a broader organizational context.
• Capability to develop security standards and guidelines based on best practices, regulatory requirements, and industry standards.
• Insight into threat vectors and Security Risks across different IT environments.
• Strong understanding of effective cyber risk management.
• Proficient project management skills.
• Knowledge of industry standards/frameworks (e.g., ISO, NIST, COBIT, ITIL).

Qualifications:

• Experience with security frameworks and standards.
• Certifications such as CISA, CRISC, CISSP are desirable but not required.
• Degree, diploma, or equivalent experience in a technology-related field is advantageous but not mandatory.