Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead security risk management and ensure compliance across the organisation.
- Company: Join a dynamic team at CFC, a leader in insurance innovation.
- Benefits: Enjoy a fun work culture, flexible hours, and opportunities for growth.
- Why this job: Make a real impact in security governance while working collaboratively with diverse teams.
- Qualifications: 5+ years in security risk management, preferably in financial services or regulated industries.
- Other info: Be part of a passionate team that values creativity and challenges the status quo.
The predicted salary is between 43200 - 72000 Β£ per year.
We are seeking a proactive and experienced First Line Security Risk Manager to lead the implementation and management of information security risk practices across our organisation. In this role, you will be the first line of defense for security risk management and play a critical part in ensuring security governance, policy compliance, and operational risk ownership across business functions.
You will report directly to the Group CISO and work closely with business units, IT, compliance, and audit to ensure security risks are effectively identified, assessed, documented, and mitigated in line with our overall risk appetite.
The ideal manager for this position will lead and maintain the first line Information Security Risk Management function. Additionally, this person will be responsible for:
- Conducting and documenting security risk assessments across systems, projects, and processes.
- Owning and managing the Group security risk register, ensuring timely updates, mitigation tracking, and escalation where required.
- Working closely with the 2nd line to manage security risks across the group.
- Supporting the Group CISO in risk reporting to executive stakeholders.
- Managing the exception to security policy process, including risk-based reviews, documentation, approvals, and renewals.
- Liaising with business stakeholders to assess and document residual risk where security standards cannot be met.
- Supporting the creation, maintenance, and review of security policies and procedures to ensure alignment with regulatory, industry, and business requirements.
- Mapping security policies to procedures and controls to ensure clear operational accountability.
- Facilitating awareness and compliance of security policies across business units.
The ideal candidate for this position will have:
- Hands-on experience managing risk assessments, policy exceptions, and governance processes.
- Proven experience (minimum 5+ years) in security risk management, essential that this is within financial services or a regulated industry.
- Strong understanding of information security principles, standards (e.g., ISO 27001, NIST), and regulatory requirements (e.g., NYDFS, GDPR).
- Experience with risk and control frameworks (e.g., IRAM2, FAIR, COBIT) essential.
- Working knowledge of global regulations: GDPR, DORA, APRA CPS 234, CCPA, etc.
- Strong familiarity with UK and international regulatory frameworks in the US, Europe and Australia.
- Adept at translating complex regulatory or technical requirements into practical business-aligned risk management principles.
- Collaborative, adaptable, and capable of operating across time zones and cultures.
- Comfortable working with audit and compliance stakeholders during assessments, certifications, or investigations.
Core Values
- Love what you do: We show up each day ready to take on the world. Our passion and intensity set us apart and makes the difference to our colleagues, customers, brokers and carriers.
- Challenge everything: Weβre never afraid to question the way that things are done and we constantly challenge ourselves and others to makes things better.
- Have fun, be good: Insurance is a serious business, but we donβt take ourselves too seriously. We make it fun to work at CFC, we welcome all viewpoints, and we treat everyone how we would expect to be treated.
First Line Security Risk Manager employer: Starr Underwriting
Contact Detail:
Starr Underwriting Recruiting Team
StudySmarter Expert Advice π€«
We think this is how you could land First Line Security Risk Manager
β¨Tip Number 1
Familiarise yourself with the specific security frameworks mentioned in the job description, such as ISO 27001 and NIST. Being able to discuss these frameworks in detail during your interview will demonstrate your expertise and understanding of the role.
β¨Tip Number 2
Network with professionals in the financial services sector who have experience in security risk management. Engaging with them can provide insights into the industry and may even lead to referrals or recommendations for your application.
β¨Tip Number 3
Prepare to discuss real-world examples of how you've managed security risks in previous roles. Highlighting specific situations where you successfully identified and mitigated risks will showcase your hands-on experience and problem-solving skills.
β¨Tip Number 4
Stay updated on current trends and changes in global regulations related to information security. Being knowledgeable about recent developments will not only help you in interviews but also show your commitment to staying relevant in the field.
We think you need these skills to ace First Line Security Risk Manager
Some tips for your application π«‘
Tailor Your CV: Make sure your CV highlights relevant experience in security risk management, especially within financial services or regulated industries. Use specific examples that demonstrate your hands-on experience with risk assessments and governance processes.
Craft a Compelling Cover Letter: Write a cover letter that showcases your understanding of information security principles and regulatory requirements. Mention your familiarity with frameworks like ISO 27001 and NIST, and explain how your skills align with the responsibilities of the First Line Security Risk Manager role.
Highlight Relevant Certifications: If you have any certifications related to information security or risk management, such as CISSP, CISM, or CRISC, be sure to include them in your application. This will strengthen your profile and show your commitment to the field.
Showcase Soft Skills: In addition to technical skills, emphasise your collaborative and adaptable nature. Provide examples of how you've successfully worked with diverse teams across different time zones and cultures, as this is crucial for the role.
How to prepare for a job interview at Starr Underwriting
β¨Understand the Role Thoroughly
Before the interview, make sure you have a solid grasp of what a First Line Security Risk Manager does. Familiarise yourself with the key responsibilities mentioned in the job description, such as conducting risk assessments and managing the security risk register.
β¨Showcase Relevant Experience
Be prepared to discuss your hands-on experience in security risk management, especially within financial services or regulated industries. Highlight specific examples where you've successfully managed risk assessments or policy exceptions.
β¨Familiarise Yourself with Regulations
Since the role requires knowledge of various regulations like GDPR and ISO 27001, brush up on these standards. Be ready to explain how you've applied these principles in past roles and how they relate to the position you're applying for.
β¨Demonstrate Collaborative Skills
This role involves working closely with various stakeholders, so be prepared to discuss your collaborative experiences. Share examples of how you've effectively communicated and worked with audit and compliance teams during assessments or investigations.
