IT Risk Manager

Overview

Insurance / Financial Services Up to £80,000
· London
· Hybrid (2 days on-site)
· Permanent

We're partnering with a global insurance business to find an IT Risk Manager for their technology function. This is a senior individual contributor role sitting between first and second line of defence - embedded within engineering, owning the risk process end-to-end.

The technology teams are first line. You sit just above them, providing the risk oversight that bridges engineering and the central risk function. All IT and data risk flows through this person. You'll chair the internal IT Risk Committee, produce and improve quarterly risk reporting packs, manage vulnerability remediation SLAs, and drive policy and controls work in support of DORA, ISO 27001, and GDPR compliance.

You'll work closely with the Head of Engineering and Group CISO. High autonomy, high ownership.

• Chair the internal IT Risk Committee
• Produce and improve quarterly risk reporting packs
• Manage vulnerability remediation SLAs
• Drive policy and controls work in support of DORA, ISO 27001, and GDPR compliance
• Collaborate with Head of Engineering and Group CISO
• Provide risk oversight across IT and data risk through the risk process end-to-end

• Genuine First Line of Defence experience (FLOD) - this is the defining requirement
• Cloud security awareness (AWS and/or Azure); comfortable with firewalls, IAM, SIEM, and vulnerability scanning
• Familiarity with ISO 27000, COBIT, NIST 800 and relevant regulations (FCA/PRA, DORA, GDPR)
• Strong reporting skills - you'll be presenting to committees and board level
• The pragmatism to build a risk function at the right pace for the business
• CISSP, CISM or CISA desirable but not essential

Above all, we're looking for someone who truly understands first line of defence (FLOD) - technically grounded enough to work alongside engineering teams, and risk-savvy enough to own the process with confidence. If that's you, we'd love to hear from you.