At a Glance
- Tasks: Lead IT risk management, chair committees, and ensure compliance with key regulations.
- Company: Global insurance business with a focus on technology and innovation.
- Benefits: Competitive salary up to £80,000, hybrid work model, and career growth opportunities.
- Other info: High autonomy role with significant ownership in a dynamic environment.
- Why this job: Make a real impact in IT risk management while collaborating with engineering teams.
- Qualifications: Experience in first line of defence and knowledge of cloud security and regulations.
The predicted salary is between 80000 - 80000 £ per year.
We're partnering with a global insurance business to find an IT Risk Manager for their technology function. This is a senior individual contributor role sitting between first and second line of defence - embedded within engineering, owning the risk process end-to-end. The technology teams are first line. You sit just above them, providing the risk oversight that bridges engineering and the central risk function. All IT and data risk flows through this person. You'll chair the internal IT Risk Committee, produce and improve quarterly risk reporting packs, manage vulnerability remediation SLAs, and drive policy and controls work in support of DORA, ISO 27001, and GDPR compliance. You'll work closely with the Head of Engineering and Group CISO. High autonomy, high ownership.
Responsibilities
- Chair the internal IT Risk Committee
- Produce and improve quarterly risk reporting packs
- Manage vulnerability remediation SLAs
- Drive policy and controls work in support of DORA, ISO 27001, and GDPR compliance
- Collaborate with Head of Engineering and Group CISO
- Provide risk oversight across IT and data risk through the risk process end-to-end
What we're looking for
- Genuine First Line of Defence experience (FLOD) - this is the defining requirement
- Cloud security awareness (AWS and/or Azure); comfortable with firewalls, IAM, SIEM, and vulnerability scanning
- Familiarity with ISO 27000, COBIT, NIST 800 and relevant regulations (FCA/PRA, DORA, GDPR)
- Strong reporting skills - you'll be presenting to committees and board level
- The pragmatism to build a risk function at the right pace for the business
- CISSP, CISM or CISA desirable but not essential
Above all, we're looking for someone who truly understands first line of defence (FLOD) - technically grounded enough to work alongside engineering teams, and risk-savvy enough to own the process with confidence. If that's you, we'd love to hear from you.
IT Risk Manager in London employer: Wilson Brown
Join a leading global insurance business that values innovation and risk management, offering a dynamic work environment in London with a hybrid model that promotes work-life balance. As an IT Risk Manager, you'll enjoy high autonomy and ownership while collaborating closely with engineering and risk teams, ensuring your professional growth through exposure to cutting-edge technologies and compliance frameworks. With a strong commitment to employee development and a culture that encourages proactive risk oversight, this company is an excellent employer for those seeking meaningful and rewarding careers in the financial services sector.
StudySmarter Expert Advice🤫
We think this is how you could land IT Risk Manager in London
✨Tip Number 1
Network like a pro! Reach out to folks in the industry on LinkedIn or at events. A friendly chat can open doors that a CV just can't.
✨Tip Number 2
Prepare for interviews by practising common questions and scenarios related to IT risk management. We recommend role-playing with a friend to boost your confidence!
✨Tip Number 3
Showcase your expertise during interviews. Bring examples of how you've handled risk processes or improved reporting packs in the past. We want to see your skills in action!
✨Tip Number 4
Don't forget to apply through our website! It’s the best way to ensure your application gets the attention it deserves. Plus, we love seeing candidates who take that extra step!
We think you need these skills to ace IT Risk Manager in London
Some tips for your application 🫡
Tailor Your CV:Make sure your CV speaks directly to the IT Risk Manager role. Highlight your First Line of Defence experience and any relevant cloud security knowledge. We want to see how your skills align with what we're looking for!
Showcase Your Reporting Skills:Since you'll be presenting to committees and board level, it's crucial to demonstrate your strong reporting skills in your application. Share examples of how you've effectively communicated risk insights in the past.
Be Authentic:We love genuine candidates! Don’t just list qualifications; share your passion for risk management and how you’ve navigated challenges in previous roles. Let your personality shine through!
Apply Through Our Website:For the best chance of getting noticed, apply directly through our website. It helps us keep track of applications and ensures you’re considered for this exciting opportunity!
How to prepare for a job interview at Wilson Brown
✨Know Your FLOD Inside Out
Make sure you can clearly articulate your understanding of the First Line of Defence (FLOD) and how it applies to IT risk management. Be ready to discuss specific examples from your past experience where you've successfully implemented FLOD principles.
✨Brush Up on Compliance Standards
Familiarise yourself with DORA, ISO 27001, and GDPR regulations. Prepare to discuss how you've navigated these frameworks in previous roles, and think about how you can contribute to compliance efforts in this new position.
✨Showcase Your Reporting Skills
Since you'll be presenting to committees and board level, practice summarising complex information into clear, concise reports. Bring examples of your past reporting work to demonstrate your ability to communicate risk effectively.
✨Engage with Technical Knowledge
Be prepared to discuss cloud security, firewalls, IAM, and vulnerability scanning. Show that you're not just a risk manager but also technically savvy enough to engage with engineering teams. This will help you build credibility and rapport during the interview.
