Cyber Risk Manager in London

We are seeking an experienced Cyber Risk Manager to join a critical infrastructure organisation operating within a highly regulated environment. This role is responsible for embedding effective cyber risk management practices across the organisation, ensuring that cyber risks are identified, assessed, and treated in alignment with business objectives and enterprise risk frameworks.

The Cyber Risk Manager will drive the development and application of risk methodologies, tools, and reporting to support informed decision-making. They will deliver operational risk assessments, engage with stakeholders across technical and business functions, and support continuous improvement of risk processes. Senior-level roles will provide strategic oversight, lead on complex risk areas, and support regulatory and executive engagement. Both levels contribute to strengthening cyber resilience, promoting risk awareness, and ensuring that cyber risk is managed proactively across the organisation.

• Conduct and support cyber risk assessments across systems, services, and projects.
• Maintain and update the cyber risk register, ensuring timely escalation of significant risks.
• Collaborate with ICT, business units, and project teams to embed cyber risk management practices.
• Support the development and implementation of cyber risk frameworks, tools, and methodologies.
• Provide expert advice on cyber risk mitigation strategies and treatment plans.
• Contribute to the development of risk reporting for governance forums and regulatory bodies.
• Monitor emerging threats and assess their potential impact on the organisation's risk posture.
• Promote cyber risk awareness and training across the organisation.

• Budget Responsibility: Contributes to cyber risk management activities within the overall budget.
• Line Management: Senior roles may matrix manage or act as a mentor.
• Decision-Making Authority: Authority to recommend risk treatment options and escalate risks.
• Reporting Line: Reports to Cyber Risk Team Lead.

• Essential: Experience in cyber risk management, ideally within a regulated or critical infrastructure environment.
• Understanding of cyber risk frameworks (e.g., ISO 27005, NIST, FAIR) and the NCSC CAF.
• Degree or equivalent in cyber security, risk management, or a related field.
• Relevant certifications (e.g., CRISC, CISSP, ISO 27005 Risk Manager).
• Desirable: Experience in the nuclear or CNI sector.
• Familiarity with ONR SyAPs, NISR 2003, and HMG SPF.
• Experience with risk quantification or risk tooling platforms.

This role operates within a complex, highly regulated, and security-critical environment where cyber resilience is essential to operational integrity and regulatory compliance. The postholder must navigate overlapping and evolving regulatory frameworks while balancing robust security controls with operational continuity. Key challenges include engaging with a wide range of stakeholders and translating technical cyber risks into clear, actionable business terms; maintaining a defensible and transparent cyber risk posture under scrutiny from internal governance bodies and external regulators; adapting to shifting threat landscapes, emerging technologies, and increasing regulatory expectations; and embedding a culture of cyber risk awareness across the organisation.