Cyber Governance & Risk Enablement Lead in City of London

About the Organisation

The organisation operates across multiple regions and delivers technology‑enabled services to customers in both regulated and non‑regulated markets. It prioritises secure operations, responsible technology adoption, and a forward‑looking approach to risk management that supports growth and digital transformation.

Role Purpose

This role is responsible for building and maintaining the organisation's cybersecurity governance model, ensuring that security expectations are clearly defined, easily understood, and consistently applied across all teams. You will oversee the development of security policies and control frameworks, coordinate risk and compliance activity, and act as a partner to technology, operations, product, and risk teams. Your purpose is to enable secure decision‑making, not simply enforce rules - balancing risk, business needs, and practical implementation.

What You'll Do

• Establish and maintain the organisation's cybersecurity governance framework, including policies, control sets, and operating standards.
• Convert high‑level principles into clear, practical guidance for engineering, operations, and business teams.
• Lead the organisation's cybersecurity risk assessment processes, reviewing threats, control gaps, and remediation plans.
• Coordinate activity required for external reviews, assessments, or certifications aligned to recognised security frameworks.
• Evaluate the effectiveness of existing controls and ensure remediation activities are tracked and closed.
• Produce risk insights, metrics, and reporting for senior leadership and governance forums.
• Provide governance oversight for technology change, digital projects, and third‑party engagements.
• Perform assessments of internal systems, applications, vendors, and service providers where required.
• Partner with teams across the organisation to embed secure‑by‑design thinking and risk‑aware decision‑making.
• Support business continuity, incident readiness, and broader operational resilience initiatives.

Skills & Experience

Must Have

• Strong background in cybersecurity governance, technology risk, or information assurance.
• Experience writing, implementing, or managing security policies and control frameworks.
• Ability to interpret high‑level security concepts and translate them into usable, pragmatic controls.
• Knowledge of recognised frameworks (e.g., ISO 27001, NIST CSF, SOC 2) without needing to be tied to specific industry implementations.
• Comfortable engaging with senior stakeholders and presenting risk and security themes with clarity.
• Good understanding of audit processes, risk assessments, and control testing.
• Strong organisational and communication skills with the ability to work independently.

Nice to Have

• Security or risk certifications (e.g., CISSP, CISA, CRISC, Security+).
• Experience with GRC platforms or building governance processes.
• Background in a regulated, technology‑driven, or large‑scale environment.
• Experience leading small teams or mentoring colleagues.
• Formal education in cybersecurity, IT, assurance, or similar disciplines (beneficial but not essential).

McGregor Boyall is an equal opportunity employer and do not discriminate on any grounds.