Information Security Risk Manager

Information Security Risk Manager

Full-Time 60000 - 80000 £ / year (est.) No working from home possible
Munich Re Specialty - Global Markets, Syndicate

At a Glance

  • Tasks: Oversee Information Security risks and provide expert guidance across UK entities.
  • Company: Join Munich Re, a leader in insurance and risk management.
  • Benefits: Enjoy 25 days annual leave, private medical insurance, and a non-contributory pension.
  • Other info: Diverse and inclusive workplace with opportunities for professional development.
  • Why this job: Make a real impact on cybersecurity while influencing senior stakeholders.
  • Qualifications: Experience in Information Security and strong communication skills required.

The predicted salary is between 60000 - 80000 £ per year.

Munich Re is seeking a highly skilled Information Security Risk Manager (ISRM) to act as the Information Security Subject Matter Expert for a number of UK entities, spanning the UK Specialty Global Markets, Life Branch and Great Lakes operations. This is a specialist role within the Second Line of Defence teams across three entities, offering high visibility across the organisation. You will provide independent oversight, challenge, and expert guidance on Information Security and Cyber risk, working across multiple UK-regulated entities operating within a global Group structure, with dotted-line reporting into Munich Re’s Group IRM function in Munich. You will play a critical role in ensuring robust risk management practices that align with Group standards, UK regulatory expectations, and evolving cyber threats, while influencing senior stakeholders and shaping risk decisions. Whilst the role will collaborate with stakeholders across the organisation on a daily basis, there is no direct line management within the remit of the role.

Key Responsibilities

  • Information Security Risk Oversight
    • Provide independent second line oversight on Information Security and Cyber risks across UK entities
    • Review and challenge first line (IT and business) controls, risk assessments, and remediation activities
    • Monitor risk exposure and ensure timely and effective closure of control gaps
  • Framework & Governance
    • Drive the implementation and embedding of the Munich Re Group Information Security Management (ISM) framework
    • Ensure alignment with UK regulatory expectations (FCA, PRA, Lloyd’s) and internal policies
    • Translate regulatory and Group requirements into actionable control frameworks
  • Information Security Officer (ISO) Role
    • Act as the ISO for UK entities, providing risk leadership on Information Security matters
    • Serve as a trusted advisor to senior stakeholders on cyber and information risk topics
    • Provide Information Security risk opinions on IT and cyber initiatives, business change programmes, and third-party relationships
    • Support entity-level risk identification, assessment, and treatment planning
    • Support management of cyber and information security incidents, providing independent risk input
    • Contribute to business impact assessments and operational resilience activities from a cyber security perspective
    • Ensure effective management of outsourcing and supplier cyber risks
  • Reporting & Stakeholder Engagement
    • Deliver clear, insightful reporting to feed to governance committees and senior management
    • Communicate risk exposures, trends, and key issues with clarity and impact
    • Build strong relationships across IT, Risk, Compliance and business teams

What Success Looks Like

  • Effective oversight and reduction of Information Security risk exposure
  • Strong challenge and influence over first line risk practices
  • High-quality, decision-enabling reporting to senior stakeholders
  • Robust alignment with Group and UK regulatory expectations
  • Successful navigation of a complex, multi-entity international environment

Experience & Expertise

  • Experience in Information Security / Cyber Risk / IT Risk roles
  • Strong background in Information Security frameworks (e.g. ISO 27001, NIST)
  • Experience operating in a Second Line of Defence or advisory role
  • Proven ability to provide independent challenge and constructive escalation to senior management
  • Experience in complex, multi-entity or international organisations highly desirable
  • Deep expertise in cybersecurity and information security risks
  • Broad understanding of enterprise risk management frameworks
  • Knowledge of operational resilience and third-party risk
  • Strong influencing skills with the ability to challenge constructively
  • Ability to present confidently to senior committees and leadership teams
  • Degree in Information Security, IT, Computer Science or related field (or equivalent experience)
  • Insurance or financial services experience beneficial but not essential

Diversity, Equity & Inclusion

At Munich Re, Diversity, Equity, and Inclusion foster innovation and resilience and enable us to act braver and better. Embracing the power of DEI is at the core of who we are. We recognise diversity can be multi-dimensional, intersectional, and complex, so we want to build a diverse workforce that includes a wide range of racial, ethnic, sexual, and gender identities; economic and geographic backgrounds; physical abilities; ages; life, school, and career experiences; and political, religious, and personal beliefs. Additionally, we are committed to building an equitable and inclusive work environment where this diversity is celebrated, valued, and has equitable opportunities to succeed.

Benefits

  • 25 days Annual Leave + bank holidays
  • 10% Non-contributory Pension
  • Eligibility for an Annual Bonus
  • Private Medical + Dental Insurance
  • Critical illness insurance + Life Assurance + Permanent Health Insurance
  • Wellbeing and Development Scheme + EAP + Health Assessments (subject to scheme eligibility)
  • Electric Vehicle Salary Sacrifice Scheme
  • Study & continuing Professional Development Support
Munich Re Specialty - Global Markets, Syndicate

Contact Details:

Munich Re Specialty - Global Markets, Syndicate Recruitment Team

We think you need these skills to ace Information Security Risk Manager

Information Security Expertise
Cyber Risk Management
ISO 27001
NIST Framework
Second Line of Defence Experience
Risk Assessment and Management
Stakeholder Engagement