Information Security Risk Manager in London

Munich Re is seeking a highly skilled Information Security Risk Manager (ISRM) to act as the Information Security Subject Matter Expert for a number of UK entities, spanning the UK Specialty Global Markets, Life Branch and Great Lakes operations. This is a specialist role within the Second Line of Defence teams across three entities, offering high visibility across the organisation. You will provide independent oversight, challenge, and expert guidance on Information Security and Cyber risk, working across multiple UK-regulated entities operating within a global Group structure, with dotted-line reporting into Munich Re’s Group IRM function in Munich.

You will play a critical role in ensuring robust risk management practices that align with Group standards, UK regulatory expectations, and evolving cyber threats, while influencing senior stakeholders and shaping risk decisions. Whilst the role will collaborate with stakeholders across the organisation on a daily basis, there is no direct line management within the remit of the role.

Key Responsibilities

• Information Security Risk Oversight
  • Provide independent second line oversight on Information Security and Cyber risks across UK entities
  • Review and challenge first line (IT and business) controls, risk assessments, and remediation activities
  • Monitor risk exposure and ensure timely and effective closure of control gaps
• Framework & Governance
  • Drive the implementation and embedding of the Munich Re Group Information Security Management (ISM) framework
  • Ensure alignment with UK regulatory expectations (FCA, PRA, Lloyd’s) and internal policies
  • Translate regulatory and Group requirements into actionable control frameworks
• Information Security Officer (ISO) Role
  • Act as the ISO for UK entities, providing risk leadership on Information Security matters
  • Serve as a trusted advisor to senior stakeholders on cyber and information risk topics
• Risk Assessment & Advisory
  • Provide Information Security risk opinions on IT and cyber initiatives, e.g. gap analyses on new regulatory requirements
  • Business change programmes
  • Third-party relationships, e.g. critical IT related service providers – working closely with TRPM experts in the wider risk teams
  • Support entity-level risk identification, assessment, and treatment planning
• Incident & Resilience
  • Support management of cyber and information security incidents, providing independent risk input
  • Contribute to business impact assessments and operational resilience activities from a cyber security perspective
  • Ensure effective management of outsourcing and supplier cyber risks
• Reporting & Stakeholder Engagement
  • Deliver clear, insightful reporting to feed to governance committees and senior management, including entity Exco and Board forums
  • Communicate risk exposures, trends, and key issues with clarity and impact
  • Build strong relationships across IT, Risk, Compliance and business teams

What Success Looks Like

• Effective oversight and reduction of Information Security risk exposure
• Strong challenge and influence over first line risk practices
• High-quality, decision-enabling reporting to senior stakeholders
• Robust alignment with Group and UK regulatory expectations
• Successful navigation of a complex, multi-entity international environment

Experience & Expertise

• Experience in Information Security / Cyber Risk / IT Risk roles
• Strong background in Information Security frameworks (e.g. ISO 27001, NIST)
• Experience operating in a Second Line of Defence or advisory role
• Proven ability to provide independent challenge and constructive escalation to senior management
• Experience in complex, multi-entity or international organisations highly desirable
• Deep expertise in cybersecurity and information security risks
• Broad understanding of enterprise risk management frameworks
• Knowledge of operational resilience and third-party risk
• Strong influencing skills with the ability to challenge constructively
• Ability to present confidently to senior committees and leadership teams
• Degree in Information Security, IT, Computer Science or related field (or equivalent experience)
• Insurance or financial services experience beneficial but not essential

Application Encouragement

If you are excited about this role but your experience does not align perfectly with everything outlined, or you don’t meet every requirement, we encourage you to apply anyway. You might just be the candidate we are looking for!

Diversity, Equity & Inclusion

At Munich Re, Diversity, Equity, and Inclusion foster innovation and resilience and enable us to act braver and better. Embracing the power of DEI is at the core of who we are. We recognise diversity can be multi‑dimensional, intersectional, and complex, so we want to build a diverse workforce that includes a wide range of racial, ethnic, sexual, and gender identities; economic and geographic backgrounds; physical abilities; ages; life, school, and career experiences; and political, religious, and personal beliefs. Additionally, we are committed to building an equitable and inclusive work environment where this diversity is celebrated, valued, and has equitable opportunities to succeed. All candidates in consideration for any role can request a reasonable adjustment at any point in our recruitment process. You can request an adjustment by speaking to your Talent Acquisition contact.

Benefits

• 25 days Annual Leave + bank holidays
• 10% Non‑contributory Pension
• Eligibility for an Annual Bonus
• Private Medical + Dental Insurance
• Critical illness insurance + Life Assurance + Permanent Health Insurance
• Wellbeing and Development Scheme + EAP + Health Assessments (subject to scheme eligibility)
• Electric Vehicle Salary Sacrifice Scheme
• Study & continuing Professional Development Support
• Hybrid Working + IT Home Set‑up Support