Information Risk Manager

Hours: Permanent, full time role (35 hours per week) with hybrid and flexible working. You'll spend 3 days per week collaborating with colleagues at our Head Office in Skipton.

In a world of rapid technological change and evolving external threats, the Information Risk Lead plays a key role in keeping the Society secure, resilient and future ready. You will lead second line oversight of risk management activity across cyber, technology (including AI), data, change and operational resilience, ensuring robust protection while enabling innovation and progress. Through trusted assurance and insightful challenge, you will help safeguard the Society’s ability to operate safely, confidently and in line with regulatory expectations.

Skipton values work/life balance and we are proud to support hybrid and flexible working. For this opportunity, you'll spend 3 days per week collaborating with colleagues at our Head Office in Skipton.

Who Are We? Not just another building society. Not just another job. We're the fourth biggest building society in the UK and what makes us a bit different is that we're a mutual organisation. We don't have shareholders; we're owned by our members. Our colleagues say Skipton's a great place to work, and you could be one of them, bringing with you new ideas on how we can keep customers at the heart of what we do. Whatever your background, and whatever your goals, we'll help you take the next step towards a better future.

What Will You Be Doing? As a subject matter expert across information security, technology (including AI), data, change and operational resilience, you will provide independent second line oversight, challenge and assurance to ensure risks are effectively identified, assessed and managed. Key responsibilities include:

• Provide strong independent second line oversight and challenge of first line activities, including risk assessments, control testing and mitigation actions, ensuring effective framework implementation and escalation of key risks.
• Provide oversight, guidance and support to ensure risks are managed in line with the Group Risk Management Framework, Group Risk Policy Framework and Board Risk Appetite.
• Lead oversight and provide assurance across cyber and technology risk, AI and emerging technologies, data risk, operational resilience and strategic change, aligned to evolving industry practice and regulatory expectations.
• Deliver high quality, timely risk reporting and insight to senior committees, including thematic reviews and emerging risk identification.
• Support senior leadership in delivering annual Enterprise Risk objectives, while leading priority information risk initiatives.
• Oversee risk events, incidents and issues, including independent review of root cause analysis, timely escalation, and challenge of remediation effectiveness.
• Provide technical leadership and coaching to colleagues, supporting capability development and consistent application of the Group Risk Management Framework.

What Do We Need From You? To be successful in this role, you’ll have:

• A recognised certification (e.g. CISA, CISM, CISSP, CRISC) or an equivalent qualification in risk, IT or information security.
• Strong technical experience in IT, information security, technology risk and resilience, including frameworks such as NIST and ISO 27001.
• Proven second line experience in risk oversight, assessment, control evaluation and embedding enterprise risk frameworks and risk appetite.
• Demonstrated leadership and delivery capability coordinating multiple workstreams and delivering initiatives.
• Strong analytical and strategic thinking skills, with the ability to interpret complex issues, identify emerging risks and translate these into actionable insights.

What’s In It For You? We have a newly refurbished head office which offers a vibrant and collaborative working space. We have a range of other benefits available to you including:

• Annual discretionary bonus scheme
• 25 days standard annual leave + bank holidays + rising 1 day per year of service to a maximum of 30 days
• Holiday trading scheme allowing the ability to buy and sell additional annual leave days
• Matching employer pension contribution (up to 10% per annum)
• Colleague mortgage (conditions apply)
• Salary sacrifice scheme for hybrid & electric car
• A commitment to training and development
• Private medical insurance for all our colleagues
• 3 paid volunteering days per annum
• Diverse and inclusive colleague networks available for you to join including our Carers and Pride Alliance groups
• We care about your health and wellbeing – we provide a range of benefits that support this including cycle to work initiative and discounted gym membership