Ref.: 7298-3932

Security Risk Management Lead - GBP95, 000 - London


  • Other Puesto
  • Competencias: Security Risk Manager Risk Management Lead CISM CISSP
  • Nivel: Senior

Descripción del puesto

Security Risk Management Lead - GBP95, 000 - London


Job Description

We are looking for an experienced and outcome-driven Security Risk Management Lead with excellent stakeholder management skills to join our fast-growing Security function.

In this role you'll be primarily responsible for designing and embedding the framework for managing security risks, developing security policy suite and setting out appropriate governance structures.

You'll build and manage a small team to drive the underlying activities

Role & Responsibilities

  • Build and manage a small team of security risk analysts

  • Design, embed and manage a scalable security risk management framework, taking into account business context and relevant industry standards, regulatory requirements and stakeholder expectations

  • Develop and update security policies, standards and guidance in collaboration with business stakeholders

  • Create and manage a security risk acceptance process and relevant governance structures

  • Assess security risks and track exposure and remediation activities

  • Produce and deliver management reporting of security risks and metrics to relevant committees and stakeholders

  • Drive and maintain compliance with industry standards such as PCI-DSS, ISO27001 and SOC2

  • Organise relevant security awareness training

Skills & Qualifications

  • Significant experience in security risk management in a fast paced business, ideally a public technology company or in a regulated industry

  • Previously defined policies, processes and procedures for managing security risk

  • Expertise in performing security risk assessments in a cloud environment

  • Previously been responsible for defining security metrics and producing security risk management reporting

  • Good people management skills

  • Comfortable having difficult risk management conversations with different stakeholders across the business in both technical/engineering and non-technical role

  • Experience working with enterprise-grade integrated risk management or GRC solutions (eg OneTrust)

  • Familiar with security standards such as PCI-DSS, NIST, ISO27001 and SOC2

Nice to have

  • A mix of consulting and industry experience in a relevant role

  • Relevant industry certifications such as CISM, CRISC, CISA, CISSP

Click 'apply now' or get in touch with Emmabelle Nwadikwa on (0)203 909 9490 or

Nigel Frank International is the global leader in Microsoft Recruitment. We are unparalleled in our ability to match skilled Azure/M365 professionals with exciting, challenging roles all across the UK and abroad due to many clients trusting us exclusively with filling their vacancies. We deal with both Microsoft Partners and End Users throughout the UK and Europe and we have never had more live requirements jobs for Azure/M365 professionals. Please see for more fantastic Azure/M365 opportunities. Nigel Frank International Ltd is acting as an Employment Agency in relation to this vacancy.