Head of Cyber Risk

Posted 16 days 7 hours ago by Barclay Simpson

Permanent
Not Specified
Other
London, United Kingdom
Job Description

Head of Cyber Risk required for global financial services firm. You will lead the organization's efforts to identify, assess, and mitigate cyber-related risks across the enterprise. This role is responsible for developing and implementing a comprehensive cyber risk framework, aligning with business goals, regulatory expectations, and evolving threat landscapes. You will collaborate closely with IT, compliance, security, and executive leadership to ensure a strong cyber risk posture and informed decision-making. This is more hands-on as opposed to managerial. Key Responsibilities:

  • Strategic Leadership:
    • Develop and own the enterprise-wide cyber risk management strategy and roadmap.
    • Advise senior leadership and the board on emerging cyber risks, threats, and regulatory requirements.
    • Represent the cyber risk function in risk committees, regulatory meetings, and board-level discussions.
  • Risk Framework & Governance:
    • Design and maintain a cyber risk management framework that aligns with industry standards (eg, NIST, ISO 27005, FAIR).
    • Define and monitor key cyber risk indicators (KRIs) and risk appetite metrics.
    • Oversee regular cyber risk assessments, scenario planning, and risk reporting.
  • Operational Risk Management:
    • Collaborate with cybersecurity, IT, and business units to identify and remediate cyber risk exposures.
    • Ensure appropriate controls, policies, and procedures are in place and tested.
    • Lead cyber risk input into third-party risk, data privacy, and cloud governance programs.
  • Regulatory & Compliance:
    • Ensure compliance with relevant laws and frameworks (eg, GDPR, DORA, NIS2, SOX, PCI-DSS).
    • Prepare and support audits, risk assessments, and regulatory reviews.
  • Team & Culture Building:
    • Build and lead a high-performing cyber risk team.
    • Drive a risk-aware culture through training, awareness, and engagement across the organization.
  • Qualifications & Experience:
    • Experience in cybersecurity, risk management, or IT governance, with strong experience in a leadership role for a global financial organisation.
    • Strong understanding of cybersecurity frameworks, threat intelligence, and digital risk management.
    • Degree in Information Security, Risk Management, Computer Science, or a related field. Professional certifications such as CISSP, CISM, CRISC, or equivalent are highly desirable.