More jobs:
Senior Cyber Security Risk Manager
Job in
Greater London, London, Greater London, W1B, England, UK
Listed on 2026-07-04
Listing for:
Al Rayan Bank
Full Time
position Listed on 2026-07-04
Job specializations:
-
IT/Tech
Cybersecurity, Information Security, Data Security
Job Description & How to Apply Below
We have a fantastic opportunity for a Senior Cyber Security Risk Manager at our London Office. The Senior Cyber Security Risk Manager will sit within the 2nd Line of Defence Risk team. The main purpose of the role is to provide advice, support, guidance, testing, reporting and challenge on the bank’s information security activities and control environment, operating with independence and with close liaison with the team(s) responsible for operating the bank’s security controls.
Increasingly, this will include involvement in setting and overseeing the bank’s approach to AI adoption as it develops, with particular focus on AI governance and standards proportionate to the bank.
- Manage and maintain cyber/IS policies, standards, and governance processes to set clear expectations for managing cyber/IS risks, in close liaison with 1st line teams to ensure alignment of expectations, deliverables and proportionate outcomes based upon a changing threat landscape.
- Provide independent second‑line oversight and challenge to cyber/IS threats, exposures, risks and controls, across infrastructure, cloud services, applications, digital banking services, and third‑party providers (including suppliers, cloud services and outsourced providers as applicable), ensuring alignment to the bank’s risk management processes.
- Review, support and challenge risk and control assessments, security exceptions, penetration testing outcomes and vulnerability management activities, and remediation plans.
- Provide second‑line oversight over the management of cyber/IS incidents, including escalation and reporting (internally and externally).
- Provide cyber/IS risk input into existing risk governance, committee and reporting structures to ensure alignment with the bank’s Risk Management Framework and Risk Appetite Statement.
- Coordinate and support assurance over cyber/IS risk, including execution of assurance reviews, commissioning of third‑party assurance reviews, and managing regulatory and audit engagements relating to cyber/IS risk.
- Assist with cyber/IS maturity assessments and benchmarking activities (e.g. CQUEST maturity questionnaire).
- Support security awareness and security culture initiatives across the organisation, including phishing tests, social engineering susceptibility and ‘red team’ security tests.
- In collaboration with IT colleagues, review the use of Artificial Intelligence and Generative AI solutions across the organisation (as applicable).
- Support the establishment and enhancement of the Bank’s AI governance and risk mgmt framework.
- Assess risks relating to AI adoption (e.g. data leakage, bias, explainability, model misuse, third‑party AI dependencies).
- Provide 2nd‑line oversight and challenge regarding AI‑related controls, policies, and risk assessments.
- Support alignment with emerging frameworks (e.g. NIST AI Risk Management Framework) and relevant regulatory guidance.
- Relevant and applicable professional certifications required (e.g. CISM, CISSP, CRISC, CISA).
- Significant experience in cybersecurity risk or information security governance within financial services.
- Knowledge of related security accreditations and standards, including NIST, CIS, DPA, ISO 27001, Cyber Essentials Plus and UK regulatory expectations stemming from PRA and/or FCA.
- Strong understanding of Second Line of Defence responsibilities and regulated banking environments.
- Demonstrable experience in process improvement and implementation, including behavioural change.
- Knowledge of ISO 27001, NIST CSF, operational resilience principles, and FCA/PRA expectations.
- Experience providing challenge and oversight to technology and security teams.
- Ability to communicate effectively with senior stakeholders and non‑technical audiences.
- Ability to build positive relationships with senior executives, cyber security SMEs, and across the wider organisation to instil an appropriate cyber security culture and behaviours.
- Demonstrable SME level expertise in respect to information security risk management processes, frameworks, and procedures within regulated Financial…
Position Requirements
10+ Years
work experience
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
Search for further Jobs Here:
×