Security Risk Lead

Cambridge (Hybrid 2+ days in office)
£53,300 £71,300
35 hours per week Permanent

An exciting opportunity for an experienced Security Risk Lead to drive and enhance an organisation s security risk management strategy. You will be responsible for identifying, assessing, and mitigating security risks, ensuring compliance with industry standards, and embedding a strong risk-aware culture across the business.

This role includes line management responsibility for a Security Risk Manager, as well as working closely with senior stakeholders to provide expert advice, reporting, and actionable risk insights.

• Develop and implement security risk strategies, frameworks, and controls
• Monitor, analyse, and report on security risks, including emerging threats
• Ensure compliance with relevant regulations, standards, and best practices
• Support incident management and oversee corrective actions
• Lead risk awareness initiatives and training programmes
• Contribute to policies, governance frameworks, and key organisational projects
• Provide clear risk reporting and insights to senior stakeholders

• Minimum 5 years experience in risk, governance, or compliance within an information security environment
• Strong knowledge of risk frameworks such as ISO 31000, ISO 27001/27005, and NIST
• Degree or equivalent experience in a relevant field
• Professional certification (e.g. CRISC) desirable
• Excellent analytical, communication, and stakeholder management skills

• Experience building or managing risk frameworks and registers
• Providing risk guidance and reporting to senior leadership

• 28 days annual leave plus bank holidays
• Private medical insurance, pension, and bonus scheme
• Life assurance
• Flexible working options and sustainable travel benefits

• Hybrid working model (approximately % office-based)
• Multi-stage interview process (screening, virtual, and in-person stages)